Analysis Overview
Threat Level: Likely malicious
The file https://www.httpdebugger.com/ was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Checks for any installed AV software in registry
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Enumerates connected drives
Checks installed software on the system
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of UnmapMainImage
Suspicious behavior: LoadsDriver
NTFS ADS
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Modifies Internet Explorer settings
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 11:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 11:56
Reported
2024-08-24 12:07
Platform
win11-20240802-en
Max time kernel
644s
Max time network
646s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\HttpDebuggerSdk.sys | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\HttpDebuggerSdk.sys | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323123" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\Session | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudo3456jeda323" | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\Session | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\icon_rotate3.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\msedgeupdateres_fr-CA.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\LeaveGame\playernumber_strokeStyle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\btn_expand.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ManageCollaborators\arrowRight_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Tabs\MyCreations.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\dialog_purpose_quest.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\common\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\AmaticSC-Bold.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\PluginManagement\unchecked.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\icon_rotate7.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\msedgeupdateres_nn.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\kok.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\SourceSansPro-Light.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoduxDevtools\ToolbarIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PurchasePrompt\RightButtonDown.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\GameSettings\UncheckedBox.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\Icon_Preview_Clothing.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Editor\Large\Wheel.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\vk_swiftshader.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\Ubuntu-Italic.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\eventMarker_inner.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\ko.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\arrowSpritesheet.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PurchasePrompt\RightButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\SpeakerLight\Muted.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\9SliceEditor\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\ic-games.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\kk.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\PlatformContent\pc\textures\water\normal_11.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge.exe.sig | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\LegacyRbxGui\Cinder block.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\canary.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\msedgeupdateres_de.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\dropdown_arrow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\WarningIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Input\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\LoadingBKG.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Lobby\Icons\back_icon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Help\BButtonLight.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Small\SegmentedCircle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\New\Error.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge_200_percent.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\configs\PerformanceConfigs\rofiler.js | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\WorkspaceIcons\Mesh Visibility Icon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\creations.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-tip.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e582fc5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF50CB7854AAA67709.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF6B94728EC8AA6843.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Windows\Installer\e582fc7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\msedge_installer.log | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\Installer\e582fc5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{3AAA8F78-6858-4344-8675-C73E1573CA0F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI31F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{3AAA8F78-6858-4344-8675-C73E1573CA0F}\HTTPDebuggerUI.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\f88cc10e-1c47-4cc3-aae3-1b42e1457b4f.tmp | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\MsEdgeCrashpad\metadata | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7E3C75845046A26E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFA96D9EC9DB5BE27A.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{3AAA8F78-6858-4344-8675-C73E1573CA0F}\HTTPDebuggerUI.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI30EE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006586dee215ef0e8b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006586dee20000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006586dee2000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6586dee2000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006586dee200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{375D3B39-152A-41E1-BF1B-B648933F26D0}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\roblox-player\URL Protocol | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8096483-2E53-45CF-A0E5-4E17CED6B7EF}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-86c3597a87f4495e" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20247C83-3429-47B1-817F-C99F29D2BF3A}\Version\ = "1.0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\HTTPDebuggerPro.msi:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 125210.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 822031.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 95575.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.httpdebugger.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb37df3cb8,0x7ffb37df3cc8,0x7ffb37df3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\HTTPDebuggerPro.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F3A07211C195668EEFC4A1EF2793587E C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F977473B9D20F2486FE4A3077B626781
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll"
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe"
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe" /install
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7240 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\0c0df43a6c7b4564bc3ddcb9f0adc0af /t 3304 /p 2128
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1cba9f52713b4ec5b19ab70156cca5f1 /t 5268 /p 5272
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyQzgzQzAzOS05MzU5LTRGRTAtODk0RS0xQUFGNTQ1Q0E2MzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxMDQ4MzU1NDYiIGluc3RhbGxfdGltZV9tcz0iNTI2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E43576D8-401D-4D58-B196-8719B4BFE2D5}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRDdDNkIxQS0zMDBFLTRDQTAtOTcyRS03OUI4MkIzQkY0QjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjEwODM1NTY3NiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8
C:\Users\Admin\Downloads\WaveInstaller.exe
"C:\Users\Admin\Downloads\WaveInstaller.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff68a7606d8,0x7ff68a7606e4,0x7ff68a7606f0
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4848
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMjE3NThENC1CODFGLTQ3NTEtQUUyQS0xMEE4NzQyN0FENjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjQyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTE4Mjc1NDY4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjExODM0NTU0MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NjU5MDIwNjYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IwZjczMWNlLWY3MDYtNGM4MS05MDZlLWEwNWFhMDM0NzU3ZD9QMT0xNzI1MTA1NTYxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpUQjc2cGdxJTJiQzBldEkxZVdONmp3U1VFTzhzaUpmTEdwSFNNMkVUcUNpSlBmUEJ1azZOWG84NjM0bUpyYU5OTFh3c0VaaXM2M0hKUFElMmJCdnlBajhHZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgZG93bmxvYWRfdGltZV9tcz0iMTY4MTMzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg2NjA2MjIxOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4ODEwOTE5MTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMjcyNDgyNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2MjYiIGRvd25sb2FkX3RpbWVfbXM9IjE3NDc2NCIgZG93bmxvYWRlZD0iMTczNzUwMzQ0IiB0b3RhbD0iMTczNzUwMzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDYxMyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{0499AEA5-127E-4904-BDDD-7329C7C225A5}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQ5OUFFQTUtMTI3RS00OTA0LUJEREQtNzMyOUM3QzIyNUE1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQUJCRDgzMy1FMTg4LTQ1NDktODkyMC0wMTI1MDAzQTY1MUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMjI3NjU0MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIyMjkxNTM5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg2MDU2OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI1MTA1ODcyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWRkWTd0bXlIem5TbnlHZlVjRUtMano0a3VPUzBvRVdtQ3cyUG41ZjElMmZVekhsdFFaelB1azdmaWR3WkMlMmZuNmNlOFNTTER3cHVYJTJmNFkwODJaVmJOVHNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg4MDU1NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMzIzZmE3ZjctNDQ0NS00MTM3LTgyZWMtNzE1Mjg5NDkxODJhP1AxPTE3MjUxMDU4NzImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZGRZN3RteUh6blNueUdmVWNFS0xqejRrdU9TMG9FV21DdzJQbjVmMSUyZlV6SGx0UVp6UHVrN2ZpZHdaQyUyZm42Y2U4U1NMRHdwdVglMmY0WTA4MlpWYk5Uc1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjQ1MTEyIiB0b3RhbD0iMTY0NTExMiIgZG93bmxvYWRfdGltZV9tcz0iMzI2NTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg5MDQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTU2Mjc5Nzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2ODk3NDIxMjY4NjMwMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOC4wLjI3MzkuNDIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntBNjU4QkM5NS05ODBFLTRCOUYtQTQxQi1FNTIyMjg0NDhCMjR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{0499AEA5-127E-4904-BDDD-7329C7C225A5}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQ5OUFFQTUtMTI3RS00OTA0LUJEREQtNzMyOUM3QzIyNUE1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Q0Q2RTg2NDgtNkExOC00N0RBLThGQjItNEQ4Q0M2Q0Y4QjcxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjQ1MDA3NTgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1NzU2ODk3MTkiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12084 /prefetch:1
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=18608
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.httpdebugger.com | udp |
| US | 104.21.26.146:443 | www.httpdebugger.com | tcp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 35.167.103.7:443 | api.amplitude.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| GB | 92.123.142.73:443 | www.bing.com | tcp |
| GB | 128.116.119.4:80 | accountsettings.roblox.com | tcp |
| GB | 128.116.119.4:80 | accountsettings.roblox.com | tcp |
| GB | 128.116.119.4:443 | accountsettings.roblox.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | accountsettings.roblox.com | tcp |
| GB | 128.116.119.4:443 | accountsettings.roblox.com | tcp |
| GB | 173.222.211.40:443 | css.rbxcdn.com | tcp |
| GB | 92.123.140.128:443 | apis.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| US | 104.21.26.146:443 | www.httpdebugger.com | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| NL | 20.76.201.171:443 | xbox.com | tcp |
| GB | 173.222.8.59:80 | www.xbox.com | tcp |
| GB | 173.222.8.59:443 | www.xbox.com | tcp |
| GB | 173.222.8.59:443 | www.xbox.com | tcp |
| GB | 173.222.8.59:443 | www.xbox.com | tcp |
| GB | 173.222.8.59:443 | www.xbox.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | 226.108.18.2.in-addr.arpa | udp |
| IE | 40.126.31.69:443 | login.microsoftonline.com | tcp |
| IE | 40.126.31.69:443 | login.microsoftonline.com | tcp |
| GB | 2.18.109.103:443 | store-images.microsoft.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 18.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.211.222.173.in-addr.arpa | udp |
| NL | 13.69.109.130:443 | browser.events.data.microsoft.com | tcp |
| NL | 13.69.109.130:443 | browser.events.data.microsoft.com | tcp |
| US | 152.199.21.175:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| GB | 128.116.119.4:443 | games.roblox.com | tcp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| GB | 128.116.119.8:443 | lms.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 54.89.44.210:443 | aws-us-east-1c-lms.rbx.com | tcp |
| GB | 23.73.139.26:443 | tr.rbxcdn.com | tcp |
| GB | 13.40.252.205:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 13.40.255.29:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 54.193.126.69:443 | aws-us-west-1a-lms.rbx.com | tcp |
| GB | 18.239.236.70:443 | c0.rbxcdn.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 128.116.119.8:443 | lms.roblox.com | tcp |
| GB | 18.244.114.69:443 | t3.rbxcdn.com | tcp |
| NL | 20.50.88.242:443 | dc.services.visualstudio.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| JP | 52.194.121.40:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| JP | 52.194.121.40:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| GB | 128.116.119.4:443 | usermoderation.roblox.com | tcp |
| GB | 184.28.176.40:443 | tcp | |
| GB | 184.28.176.40:443 | tcp | |
| GB | 184.28.176.40:443 | tcp | |
| GB | 184.28.176.82:443 | tcp | |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| GB | 92.123.140.24:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:51464 | tcp | |
| GB | 128.116.119.4:443 | usermoderation.roblox.com | tcp |
| N/A | 127.0.0.1:51468 | tcp | |
| GB | 128.116.119.4:443 | usermoderation.roblox.com | tcp |
| GB | 23.208.251.114:443 | clientsettingscdn.roblox.com | tcp |
| GB | 92.123.140.24:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:51489 | tcp | |
| N/A | 127.0.0.1:51504 | tcp | |
| GB | 92.123.140.24:443 | setup.rbxcdn.com | tcp |
| GB | 92.123.140.24:443 | setup.rbxcdn.com | tcp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.214.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 92.123.142.153:443 | www.bing.com | tcp |
| GB | 92.123.142.130:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.130:443 | www.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| GB | 92.123.142.122:443 | www.bing.com | tcp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| MD | 213.232.235.119:443 | waveexecutor.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.240.56.149.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| BR | 142.250.78.195:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| BR | 142.250.78.195:443 | csi.gstatic.com | tcp |
| BR | 142.250.78.195:443 | csi.gstatic.com | tcp |
| BR | 142.250.78.195:443 | csi.gstatic.com | tcp |
| BR | 142.250.78.195:443 | csi.gstatic.com | tcp |
| GB | 74.125.175.230:443 | r1---sn-aigzrnze.gvt1.com | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 104.26.2.170:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.125.74.in-addr.arpa | udp |
| BR | 142.250.78.195:443 | csi.gstatic.com | udp |
| US | 52.240.159.111:443 | www.nuget.org | tcp |
| US | 152.199.23.209:443 | globalcdn.nuget.org | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 104.26.2.170:443 | cdn.getwave.gg | tcp |
| GB | 18.165.242.41:443 | clientsettingscdn.roblox.com | tcp |
| US | 104.26.2.170:443 | cdn.getwave.gg | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 18.165.242.41:443 | clientsettingscdn.roblox.com | tcp |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 144.142.123.92.in-addr.arpa | udp |
| GB | 92.123.142.155:443 | www.bing.com | tcp |
| GB | 92.123.142.155:443 | www.bing.com | tcp |
| GB | 92.123.142.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.142.91:443 | th.bing.com | tcp |
| GB | 92.123.142.91:443 | th.bing.com | tcp |
| GB | 92.123.142.130:443 | th.bing.com | tcp |
| GB | 92.123.142.130:443 | th.bing.com | tcp |
| US | 104.21.56.43:443 | tempmail.email | tcp |
| US | 104.21.56.43:443 | tempmail.email | tcp |
| NL | 136.144.246.160:443 | investingnews.blog | tcp |
| GB | 128.116.119.4:443 | usermoderation.roblox.com | tcp |
| GB | 128.116.119.4:443 | usermoderation.roblox.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| N/A | 127.0.0.1:60206 | tcp | |
| N/A | 127.0.0.1:60209 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.73.56:443 | api.getwave.gg | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 104.21.77.16:443 | la.quicksightnow.com | tcp |
| US | 104.21.77.16:443 | la.quicksightnow.com | tcp |
| US | 8.8.8.8:53 | 16.77.21.104.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 92.123.142.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.170:443 | r.bing.com | tcp |
| GB | 92.123.142.170:443 | r.bing.com | tcp |
| GB | 92.123.142.105:443 | r.bing.com | tcp |
| GB | 92.123.142.105:443 | r.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 104.26.7.95:443 | temp-mail.org | tcp |
| US | 104.26.7.95:443 | temp-mail.org | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 95.7.26.104.in-addr.arpa | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| GB | 173.222.211.58:80 | apps.identrust.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 58.211.222.173.in-addr.arpa | udp |
| US | 172.66.40.60:443 | cdn.paddle.com | tcp |
| GB | 159.65.211.77:443 | cdn4.buysellads.net | tcp |
| US | 104.26.6.95:443 | web2.temp-mail.org | tcp |
| US | 8.8.8.8:53 | 77.211.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| GB | 108.156.39.35:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | exchange.cootlogix.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 185.89.210.90:443 | ams3-ib.adnxs.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| GB | 108.138.217.61:443 | hb.yellowblue.io | tcp |
| NL | 188.166.203.175:443 | rt.marphezis.com | tcp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| FR | 142.250.201.162:443 | ep1.adtrafficquality.google | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.65:443 | 5704d718114a8232995b2f575aa515b0.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 61.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.189.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.22.99.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.34.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| FR | 185.235.86.213:443 | gem.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.30:443 | ag.gbc.criteo.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs-simple.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 206.81.8.255:443 | sync.cootlogix.com | tcp |
| GB | 92.123.140.90:443 | hb.trustedstack.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 23.73.139.64:443 | acdn.adnxs.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 13.224.222.60:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 3.210.110.24:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 54.87.195.130:443 | api-2-0.spot.im | tcp |
| IE | 34.246.165.197:443 | match.prod.bidr.io | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| US | 54.204.207.243:443 | sync.srv.stackadapt.com | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| IE | 63.32.219.61:443 | ap.lijit.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | 64.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.8.81.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.110.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.165.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.195.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| IE | 54.216.57.173:443 | jadserve.postrelease.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.113:443 | prg.smartadserver.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| US | 167.99.22.253:443 | exchange.cootlogix.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| FR | 142.250.201.162:443 | ep1.adtrafficquality.google | udp |
| FR | 185.235.86.30:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.213:443 | gem.gbc.criteo.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 206.81.8.255:443 | sync.cootlogix.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 81.17.55.109:443 | ssbsync.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.63:443 | b1sync.zemanta.com | tcp |
| IE | 34.246.165.197:443 | match.prod.bidr.io | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 54.204.207.243:443 | sync.srv.stackadapt.com | tcp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| DE | 162.55.236.224:443 | sync.richaudience.com | tcp |
| GB | 184.28.176.16:443 | tcp | |
| GB | 184.28.176.16:443 | tcp | |
| US | 150.171.74.254:443 | bx-ring.msedge.net | tcp |
| US | 13.107.219.254:443 | t-ring-fallbacks1.msedge.net | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 13.107.213.254:443 | t-ring-s2.msedge.net | tcp |
| GB | 184.28.176.115:443 | tcp | |
| GB | 184.28.176.115:443 | tcp | |
| GB | 184.28.176.115:443 | tcp | |
| GB | 23.211.237.134:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 172.67.73.56:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 134.237.211.23.in-addr.arpa | udp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | exchange.cootlogix.com | udp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.80:443 | prg.smartadserver.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 159.223.162.198:443 | exchange.cootlogix.com | tcp |
| US | 159.223.162.198:443 | exchange.cootlogix.com | tcp |
| US | 159.223.162.198:443 | exchange.cootlogix.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| FR | 185.235.86.30:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.213:443 | gem.gbc.criteo.com | tcp |
| US | 172.67.73.56:443 | cdn.getwave.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 058032c530b52781582253cb245aa731 |
| SHA1 | 7ca26280e1bfefe40e53e64345a0d795b5303fab |
| SHA256 | 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e |
| SHA512 | 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f |
\??\pipe\LOCAL\crashpad_920_DAINWJTVEOVOPTDS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8276eab0f8f0c0bb325b5b8c329f64f |
| SHA1 | 8ce681e4056936ca8ccd6f487e7cd7cccbae538b |
| SHA256 | 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da |
| SHA512 | 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8de71db684188787f1131f6f1ef24784 |
| SHA1 | 6e91fbc6f994d52bccfc343a9d393ffca4d36083 |
| SHA256 | 9c916dcb81c5b900a066a60d5bd991526ac091ffda2a904ac12806715518e43f |
| SHA512 | 1b14c07ad638a51c45bdd49a20c1fd648cc2271a7318567f327499b72453142edcaf66ca4201f6312a1ab2b45e08fa02c6367d4696d3b2ad8908676cc802dc8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b28c593f62405809c601f7b00ab65fd9 |
| SHA1 | 87856bfb0e291b0c3b4d92b65dbb40442a43b745 |
| SHA256 | 3666ef500f16702fc4bf04ec4329ff38654544226e477f7229a13a41c50da45e |
| SHA512 | cd6270251265a8e0bd16e19f51d100ca9de331cb25392da4459126353c6e00f0314e591a6654f4851ff4b7ed3f779c34d6840de6d4a080634b4f277b20c6bc34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 131e8b8faca936995a9f266c8704c1f7 |
| SHA1 | d9773df41e8f0b888e345ee07afc217c7d495b1e |
| SHA256 | 2380b212536b32277cd4f6ee8e5365b894da1d241e2b65b6cd0e5f338816fed5 |
| SHA512 | b6fda84c00dc202d52d18ab3371a951e0b526c96e225a0fffe56b6e12055e2a19698bbb45d4a3da56bde18329656b62f442df032bb4af7df8d6019552b054f90 |
C:\Users\Admin\Downloads\Unconfirmed 95575.crdownload
| MD5 | da7e08ef168ee4662ff1878202303a36 |
| SHA1 | df3bc617162a0f5f5e854403f5dc1e00e093e498 |
| SHA256 | ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69 |
| SHA512 | bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86da7ac78dd93c63a3954b3ecab79a17 |
| SHA1 | 694dec90185a517ab56a3e075611f34167d94b1b |
| SHA256 | b0c1424f05c55892af0195974166366dcfa49bf0cd91ffc192c9e80d2889df91 |
| SHA512 | a9ef4ba704eb0735f663769263decebb96ee95a578297d214e228905de6a5d30439f961c8d09c3b9b0857e30c02fcf9ce69d4d17a274597c35f906cf100ad590 |
C:\Users\Admin\Downloads\HTTPDebuggerPro.msi:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f7fc.TMP
| MD5 | cb3c28e0bf037f92ae9045707f526682 |
| SHA1 | f808bbd92a9eb8698cf1d8e6fe79ca984c289796 |
| SHA256 | 2e594adaca8d3a354a89b109b2039eb235e312691ebc706314371f9e72ffbe7a |
| SHA512 | 95bfa9d8fda237d329cab3431dc13d41bd503b7548cae6c2d3a3c77b810e16c03dac6dd54246fb3f7c7678980d0b77b0509b3b1ee640c0c6be5aeef566a08a7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8bb3a5b77bd30cd6923307a25c7d7c42 |
| SHA1 | e6c47fe67db3b44ddd335ebba2663c2f00010106 |
| SHA256 | 15af6c50f6329b5567f9081451c248de5b906c196a0da4106ee21e6c0207e6ad |
| SHA512 | 4dfe3816778fdda41187ec5aa759737fb74c0cfe1f75a1cb3bd149c638a5ff0f6adff0d43552a173c3396689f9a4319bdcd326f6d68ec0a8f906c145c5d86482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
| MD5 | 8e4553c2121deb64b21cb2bba1a898a1 |
| SHA1 | ec0b8e41e91bf7b276cc67013e464878e1a273b0 |
| SHA256 | 3753dfc686ee067bc507a15542a760be162a8aaad166d2467828d57b2c7c69a0 |
| SHA512 | 21d50497fcaaffc235f616f974c39b6846900174d68e13815ffa5e435905307b4bf60b5a74fca84ced5a7a5917cbd288e5f0e9ad3a786ab34117b94a43f5f86b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
| MD5 | 959f189cc380be8d3dae61d79d3547cc |
| SHA1 | f23be7a803c24326fa05659006fc42d5e6a9cef6 |
| SHA256 | 0b5017e7d44e5b657d5766908bbf277ff8b51835d7bcf1f37d450603477db58f |
| SHA512 | bf70b2d26b9d2e56b87f9eafa15866ee88daa494b38183acc4dded796d0b9945575b685c2da39d76cf75d06faa999d910ae41ac6df818cb97c7e4f03a998b944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | a0a76bf4c45e98ccc3d50957643e64b0 |
| SHA1 | e7b48cc0448546d0b936dc619fc7107d3937a7f0 |
| SHA256 | f2fb12bec62ecb6ba95e143e78b95a35fbb64df4e7fc3e3cbfd0daf57df9e401 |
| SHA512 | 272df1925cdb09ab3e4eb7f6bf4034f4a2a975afa63ebdfcf6cf38bf25ee559e6d6fcafec4cd94ea4a530402c3eb97fedee151140ca6a8e56b1c35f8b33f917c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | 478baabe067be78afd35bb255a2437f7 |
| SHA1 | 3f6b5185a15c0f05c7258ecb8995e7ccf9cc50d2 |
| SHA256 | c82b063ffbb35594a63087a74f4c2ac0b6905ad7e646ccfd9d8363cdb0aa49cb |
| SHA512 | 10ba806345b3e0ca3b666c9a7d9aca458e9fd6ee72b9ae8c608ac5e44fabf8daeb8e3d26735cc5ef20604acce3593d6cdddebf20cbd8018ae7f5b08f23706118 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | ffc4bb3a84ad39f5c532992b2de5c97e |
| SHA1 | 3240722fb460907b6ea5bb8d1896f849d2f0bb7f |
| SHA256 | 2fecefb7f34d681b9e33f788949bd36edeb5875a9ef78cdcf0f79e64544ea3a6 |
| SHA512 | fe5455e323077883531f47c72a2ed472b55bad166eb66786cf54f0ebc1cc09a985eea703b65c941100838ee10c206caedea4b3ab78bdb2477db0dc4416a36c7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | 964794bd725d58a05ae1ae478f356475 |
| SHA1 | 51ac1f42e09a13a6f521a3295e6dc808fb3dbe70 |
| SHA256 | 3ef167045cdb2b60959af0ed07b027fa553d0e8a37d85a0de6ad437032858fa9 |
| SHA512 | c4491144e0d2c5973baf24f46ad2989f07043528078d6000fb7c347725cdda4b932b8cd9af23b9eacf42d2844da2ea976426c7d63d9f901604600524a18d17bf |
C:\Users\Admin\AppData\Local\Temp\MSIFA0F.tmp
| MD5 | 6a9c36332255fca66c688c75aa68e1de |
| SHA1 | 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1 |
| SHA256 | 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170 |
| SHA512 | a638c48026f2a0b565b34d7d0dfacfec4f582e698f88234521a6fcff1ed90c134f39aa3311cca2a67e401de01f81cac01d9f792f189127e0f87a345076827627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8b70dc135b6ff3dcc8fcdae22a9047cf |
| SHA1 | 786a4f90d181fe4e3fcae289620d6de23e3193a7 |
| SHA256 | a4420fdfddcfd120e4e2e44b15f476102622f643d9448a2077327b76012cddfa |
| SHA512 | 88f5e850e39a6755e36068c734201412109369a56352d2dab1b32e83a44f87a957171340bcc7ef1b12990629dc0ada095cfc5ee08de56962efc8160d00f9848b |
\??\Volume{e2de8665-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0e90bb90-041a-4fb4-9679-a58a30f3fab1}_OnDiskSnapshotProp
| MD5 | 0df3d139c607f3999f9064cd70af2a8f |
| SHA1 | 095df95318058e5ab50f094c99baf89e90136550 |
| SHA256 | 4df20609b1701db53a386a1fd54be44afc08fc00463a34b51e63f06ed22110e6 |
| SHA512 | 08aed3273b91b4b57c90245cac4c5673bc278567592ec606353414ced664092b1f107445d039fb033f3e32a26c312e40bf044a70c7cc0ddb1b335fa96c6173f5 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | aeafc3b5c073be9a6f9e1bccea6c34bf |
| SHA1 | cce5793297ac8589016ff1e21215e22e0dddae20 |
| SHA256 | 5b9ea8b6480283c398f0e9ca8f052bd05cc4c895162649e1da9be1586a190cc8 |
| SHA512 | 4a3a1401351d819a27dae57de84b9ab2fbf209c642a3a61bc8d04409728582ba44da9ed7497dfe0efdc917eabf11c283d0f61125d1e15c5c2d4fae3c822c238b |
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
| MD5 | d6ab0e25b4f76ca11acb71eb290938d5 |
| SHA1 | 0269f40ec4936edf9eed2b1065a631dd895776e4 |
| SHA256 | 555b66eabf40ca228d6a285862e622b662a528ffb68aa01a3bb27b4132188de0 |
| SHA512 | 5417a45ef64accfc7fc5b282c089b2046677f74249436ab4112ff5626cd6ffe5e9524012f093faf13eb108199a0c281ed5f5f7feef6a7db38ed1408d10e6039d |
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll
| MD5 | 4facbaab17f633d153a7b53fb483b22f |
| SHA1 | 9e0e7bfbe927b1a77133380a2f76531b9416962a |
| SHA256 | c557b766a00fd4ba6950c08c6133c20e4dd800139a19d271d46d6feb31ebf870 |
| SHA512 | 86cccef12998201c28c257204cdcfdd339ac5e65c5d6627ffa6e5d88f57bdd94812dd7f657bbd3b01b88679abe92343496be775f2d7ac1f3d59573a0b696d832 |
C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
| MD5 | 5b3c641fd1b48108810cc12b1971ffc2 |
| SHA1 | 0d38bdd2d0654391b4737db591f2f1e19a9d8a3f |
| SHA256 | f6c8009319b95d3d94c8858d831563b2568f98dda478b6a784ba5a828374e7fb |
| SHA512 | 4c2888ad3632bcb9efe06fc15c65c7a0ff9f5382e272ff7402f00a701a8aa3a4d9e467630085dc47fb9735ded898e995af1e6259472f0f4954d77b55f2f8944a |
C:\Program Files (x86)\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sys
| MD5 | 947c624c4bd48f8c66fcd00fc0f947d4 |
| SHA1 | 5266036308e0d0eb837cc3126dba5a0b6ec270fc |
| SHA256 | 2e89606775ed719b9d950ae9d37e819a2567426fbe5c3e0aad8d86fec693b67b |
| SHA512 | 2fd940253eb2c4f9da9ceb9516b811f28bd8187fb3d819a86f0ec37f98c30d0a9b510652b0f615fe15cdcec1bfeff435da7b42407bb29faf2b1d58ce13508fc6 |
C:\Config.Msi\e582fc6.rbs
| MD5 | 31839e3a02deb3d55c8035f69e016daa |
| SHA1 | 2291dac800194e16072316fc17f514005349363f |
| SHA256 | c825470f474955382431e9fcd1c8cef957a01166a53c19c541aebbd3db76929f |
| SHA512 | 21c07f04e34c5a8936ae075eb910191d6cee934a83598365110e8fa8a94dfc729bf6b1cf68b46cfb331062396f17745056baf519e7a55ce811aa8072aae25bdf |
C:\Program Files (x86)\HTTPDebuggerPro\cximagecrt.dll
| MD5 | a2fe19b6b766a12017c8be442ad0cef2 |
| SHA1 | 9e5bed747e57e7c7141fabe3d9cb12c863d4b2f5 |
| SHA256 | 35b71d192854edc95248f77deb824f034e903447319459aaf454269650fd51d3 |
| SHA512 | 9969acf85432029810cd1eb2f7a65a3bc19d603749ecdcd2301645ad342bfc29d977c067a081a395afea4f9a5d199c982c4374d2fe6a2cedd9ff659af2101c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 138fa8a74b370a3b4442b1bd683aab4f |
| SHA1 | be0f85dcf628f34260a9572c396acade558b6eae |
| SHA256 | 182b1ebf2e33e240997e995d7807b26a09b22077bd5e201db8b14810fe768a55 |
| SHA512 | 41486f0c6b0913226e990575e834ed976bbdf8875f46d9ebc5ad3a7964b74ed95cd36f227b226d480612c8cd4c1b4ce9e8039b7549fc4ea6e151a600fa72f298 |
C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll
| MD5 | 591dde57b17d9fcbdbc892cf1a7d3610 |
| SHA1 | 1c2c32d101010165c471c6d5b01ef67c3224f6ff |
| SHA256 | 7d7d55ab604078e69070e2d162d77ee286e2faf748a52401a64f79824cb3b59d |
| SHA512 | fc4bb5858a2b568c344a9b419176ed6e239e468c4eec9e76eba5a35c8bc97b5947bf1f7055544c5fd5b4d67d11e1ade5496057168b0fcf53afffc4595fb67bc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cee45e3856d809108406bf38c79c776f |
| SHA1 | 345eeac059f8a040f524845ae132688d9b0d83a8 |
| SHA256 | 77d9368c874c7b700bbc610335f3619400760bd50330e3004c127374c19b706d |
| SHA512 | a245ea57f7a68d90b5e0b04c0ff27c8cf3e3d277f5c336f237f99a01ec7eab87a8b360e46c2cbedcb5d02a5ae18afac7095b797e09a5ed63aaa7b5f85acbc7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6b0110845edaa792624a345b8a1d81f |
| SHA1 | 039bcc2a9e7bd22bd46b96fc2b0ad724bba07f60 |
| SHA256 | a4314d2ebd3e2224a8b6af4199a6befca00651349d2e9e3e509c13d6e95dca4e |
| SHA512 | af8f4996f20d02d0ec489a22ea1d9a346295d302e43e6de784738faa3c6abf70f9f43db17158d6ee6469c27145398b1716f9280278fffb452bcf42a1034ccce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12f0703bb5d62b1eb2f54861c2338d47 |
| SHA1 | 60efc04e8da600ed477352b975d73c7c410fb52c |
| SHA256 | f69d44abb1973ef1203fbbb6051a97669120a768fdd30be4a2aa7004a99f10c6 |
| SHA512 | 447c2383b61cfb34a4fa82cb5046d1311347953f689eb47de07aa33816a66dbf5aa818d61062f571ada517bcd59f3e41304e704e3233449bd2d344014c5116b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3c49d6fc0d5b020fb4f2b6b29f1965d |
| SHA1 | b1f677668a67ac51b125f62416fe19f89c79d969 |
| SHA256 | 3de240fb6af83ac9d356391d541ad35aaaba31e5f16cf35b167c9c2170a94b27 |
| SHA512 | 549f117352c0deb6c97d744ae5f398d83ec8ea0bd4b0acf2de7c33a7b95daf27c5e58f72548bff1b8bcd3493ea529150351bab64550f86ae51fccdfb50c21863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | aa7a5965871c1dbd0ef6f8fc7f95e2fb |
| SHA1 | b50d17ea884dda2e0aa74d683f7182a09916635f |
| SHA256 | 41e1578582c1f6ed7faa4dab5cff65d5cbc4f5222e92d5aa0e07785e9ab32ea9 |
| SHA512 | a8a7e855675930647dfcd92c8d9dbe0876be792343492e2d512364ff8d29846e41ea0eea0a87310dc00d03e0c8bed44725c12c6a2eb8245d2e004f731ded60a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | cfc7ce653052351d716cfe12840b03db |
| SHA1 | b1614044081057c2169391393e6e8f1c6b819a16 |
| SHA256 | a645eb9e6f2d495d4fc41bb48fbdf68b003ae72b9726b349c229d24716fb6708 |
| SHA512 | 573ed9f9b196ced5a843f4852b11baa296c276460de35816a7a285c1b61faa8c1c735124622e0240d7e546ed72da3671b8632d9825ab72eea302fdf242b34225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 785d0019402aeb096aff9f7e42448f61 |
| SHA1 | 5c6c5c95a62a5c7fa35029c41940176c2a314251 |
| SHA256 | 1f9734f5d7402f8e9ef1e8303dd30258f887ac70dcd3530771ef951391b0de79 |
| SHA512 | 71e1d1df7f13d21ac43c21ccfb07c5add453d7220dd4813ba7c88c6762b43ef89379a5dac82e90905d9a043d030cf9ab518bd4dd0aa2f6d0b6198fdebdcf0e16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fa80531c94447392d8018f51c08f457 |
| SHA1 | 1a4fda7ecfcf1f711dc218cff31f06a3acf461d1 |
| SHA256 | cfae810ec0d86a40cb5f82bd9cdd9a34d2ee52855c65b66f9ca387702d848a21 |
| SHA512 | 3be0c850acec08c4e6c709f5747c5a4bb76a63f9fc3e667a30ea0e2d53f985fdc414bd23bef3abc6e805c66699b5622b8b7edc5eb420e8aa432ce67dda89ce6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f8e84b08b4c43cb981ceacfe41732352 |
| SHA1 | c65b20ab9de0f2bc7dd005cde41c8b1d04c0636a |
| SHA256 | 0ffecdf7c74ccfe689745ed1712387b022f6519d3479d7b12a7ffda6f98cf3bd |
| SHA512 | 87e0cbe5d30a0c815ac51a4bfba64a6efb1bee55c45dfac3c9ec7dc5885805b21d79394c327430684fe10ce353a6d14880581eaef43da1f89fee247d014eb25f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c44b40b21db0f1c5bf65b5596ff503d1 |
| SHA1 | 2841712b2996657f3f1eb81377f05c45684c2fec |
| SHA256 | 6b135adfb663d97667a334d028f79c1b01874a35e03fdae9939463a6e27e0576 |
| SHA512 | 24e5a4ffdc71e450daf55f43f020bb83aaf8a5be334557b7e648b74cea85005dc98fb5f410f3d2d57fc4ff5924884e9d227f11c625701c01111f1d6441a90e5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | fdf09c3c067041ffdefcc9e1bdea9718 |
| SHA1 | e31cf28187466b23af697eedc92c542589b6c148 |
| SHA256 | 144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da |
| SHA512 | 9e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e8889c18912f5edb946cea8c1caf4603 |
| SHA1 | 7adc8a6757ba743397ca75394b49eca2b0a3296f |
| SHA256 | 7a582f465b1c5740b226b6855a0ef18660f6c70edc69617ebff7c694ac95f872 |
| SHA512 | 6dfa416a75fe0e508c9b7a206d3d498b65bc617c141be50fcb79a08c30fb01427b3c3bca6c1b8d7f8125ed37dfc74e0c53322ca2f273176879611e23ed4336c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19b4d9cff9e8ddceef31ddc39c2820a0 |
| SHA1 | 5016b345484ea409a1f062329fa8d3b6be07b9dc |
| SHA256 | 3318ab4d044651dbebe2144ab168c9ac3ba513cb7b18b0e4dd375f76c167ad5b |
| SHA512 | 582ea75d1a56db6f1c815ba38cad5b5877ae9cc689205fab40b620d5b4713ce4c6073730eda6cafbd77b1909c87a62b84f1dca34f8c77377d1024abb7f048f46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 996b36edf335b45adfc3e1f8e8684ffc |
| SHA1 | 9e7d722611863375872c3b73a966dee99ece6f5a |
| SHA256 | e786cd8b3bc47299b440925c914d198e5841f3255e9fbf1443a7a198254ff389 |
| SHA512 | fcead8665ee8fbf26a277258efe4e328d1828beaf62bbd2ef2aeb763630b783e2d990536db1863482c7f6f341d5369ea95fcedd7310f0aca4d62794e9e4e8df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7ae929847379872754939b9430e89457 |
| SHA1 | 1ba9aacf6763658960a5bea3ff53e8d9de3f5256 |
| SHA256 | 9509b530da7dbc442ea2ab7db9deefdd2f74e84befba9f2f723f4965c22e4d95 |
| SHA512 | 3c323f0f0706e75d76d0a6f319a26b0e484b3ab099ebd07513da6177f94e0de22964a6f17b5b7b0542781107e2efe2f49e6164621c810eb2b41b6679b427be0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 73cbbd3f62a8dcd8385cfb333a39fb60 |
| SHA1 | a9c83fe4378c95e30463c14818e970e263265368 |
| SHA256 | 8feb841572f572f5ade40c170e152cd8ad01b6589e52d1b7a425cd8c7e3b1a30 |
| SHA512 | cb6c832e8111c6b9d0c8f0526c5e3a373e59c19634e8a241c633ff9b5c3877d2aa3657dbfde9046d8026985becbd673bade7d2c336a6b802ca8195ec513427a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ff73a33102b54b8747acdacb3df83db |
| SHA1 | 5d11adbfdc830746dd26daa931cdebdcc17b4e01 |
| SHA256 | 46b6ffb46efa0077a8576d6bc100d815a83b3a28fd6fd45f18c98fa98aebdc2a |
| SHA512 | 2f9b43d14df930f240d7be0ee6f73f29d1e467b81683302dd4e63f078fcf384ab95363edfa70c38fe7007b15b541188d53c7da66ea49284f99c0201808631add |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dbc7b9349a27625e9413d7351d8c2704 |
| SHA1 | c6bb4f7fb5f69e93990e704dcc94e56269dc418c |
| SHA256 | acb0acd23a443754a5988c429d1f844fba425a4257277a350e216b3492bef34a |
| SHA512 | 699968685a5ed077e7058d80c58018bf38bdcbfe180b88f98af8917ad02d218c20d618ecf3eb1044593a17d6a5d873e98d55c85a232f5263e9b645acefbd6c15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c35066ef250b286fd2d08ab5a5f196c6 |
| SHA1 | ec4ee0240f5c1b088ffd41558ab37f2c4fe01b9d |
| SHA256 | afed70d43ad32da9a7d72037a6abf09022a9dd271dbab2ed33843d0893b92426 |
| SHA512 | a89b787fa62b1ad6e810e1c0b0a48a4f662669eab01c05379cae63609c977cefcde82e82f54fb2d0ac6094c47ba689ea573aca424fc6d5ed84416d0ed55dd435 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 0a4e6d7286b389e2fd93317e27d46585 |
| SHA1 | dcf0d769a94555ce60f1b367b2851477286366be |
| SHA256 | 5853f8b5333a0c7a4fa318e2da1400eb1bbd0a52dc22b5521002066f242a2ac9 |
| SHA512 | b859cac971f414b24ca53832cab53cc4a424b776923d7f7c2c167f2d60c5aefdd4d5aba255af2e1e3673396101b575bc77dedea3ea06060c962863d635b218c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c2c003422306267b57611c0e31abcca2 |
| SHA1 | c4480e98efd73944c6df366f87cd2e73919b0291 |
| SHA256 | 53b6294d597b13fe5814d1a5978d347620cbaae06d630849e7fdb903b78ce648 |
| SHA512 | ebc3aee9db4aab0858b13543c828d2e827db9b462b8d090d02d9c849fffa5733ca00d789e112082af5bd3d10d5bb2d36a30916ed894a13d384f07c135f5c092f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9eacc7f1d59ef68a01e519b4cda8362d |
| SHA1 | 2a4e9c180f89a04606b7bba892ca1b592156384a |
| SHA256 | a11f93f840efc9c23edf28aae756caa591f8a3eed9e6a252b63c780704edd33c |
| SHA512 | c85f33403ff9ee59bde83e8f92e2a12e4543b5906061110b4ebc4111cb2c2b30c1c6f87f64ed1955ffd4ae8e6b2211b5d2102f0bb49a82bd7dc2bb2a6a215d21 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2eaaec627d05c9a36db0a75f68c21272
| MD5 | 2eaaec627d05c9a36db0a75f68c21272 |
| SHA1 | 9c123e54b8fed65b0c768c1e248a3ae78964f625 |
| SHA256 | 18eaeff48f24edc79f4b81a3d5d74644ba8e57653c3ce0a30bc15df917964452 |
| SHA512 | cddd4bf4c19dfaf39e97b65ffb20094210e53aee9d48a6785e104d8d71de39ee8d9faac247100f5c867edc65294df546082de692ae7fb00a89c711e63cd36d5a |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\5b6171c8dbb01d6bff4fbe433ef7134e
| MD5 | 5b6171c8dbb01d6bff4fbe433ef7134e |
| SHA1 | 402261ab9ede4118da88e15a977e48b06138f9f8 |
| SHA256 | b693b5678a7ea4620b1a3959ecf9c4864fad30ce9e2b195433fef28c296aff72 |
| SHA512 | ab108c6890bc4ce5956bb019f339c07d0bca7a998ffe09015a177bc3575ff847f36fd2e1123c713d99131d60a4b27323db911a2bc9fba8b7339f98a2c340ee30 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 6cb04c22b87982055fa90aa6b45ffaf0 |
| SHA1 | fcbd9e5baf25fd09bdfcd025e27466b8221cc592 |
| SHA256 | d8eeb91e2a64aabe8a9648ae826f0a14222a31e70da3723a9bebc286723eaec6 |
| SHA512 | 482f5de4abd60f71d4b2d0beac61a3bf130076c0b890ec0989903928a164df4970ff2b846ff18d612cc3b09fa681d34de04dc83cba68fa004f0cc982ea3dbc02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f5b85b96b679899631674a3de45cf2d |
| SHA1 | 108c3a5659d20854a792f6008cc4f38743427f19 |
| SHA256 | da6d22ae560f6002fad7619eafd24ab891ad2bc34eff9f799bde2f731f325a79 |
| SHA512 | 7aa499d98d8269f029adc7a6806f1ca5086199411fdd4c859e5b38832e47562bbb3563956d285e286f83d21fc72ad28084903dde7d08c6f690cf21e368fe4925 |
memory/796-1815-0x0000000000CC0000-0x0000000000CF5000-memory.dmp
memory/796-1816-0x0000000073340000-0x0000000073550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d61889231901fa6a38945a891a4570d |
| SHA1 | 0c897b42dcce41a7eabc292ef1cd81870c768bcd |
| SHA256 | 657d2d94752dc3f36154329a4741e648988b294c168316d188c6cb75358ab39c |
| SHA512 | 7314c269766f85b1e540cfe53ca5b08d914c3827cbfb685352338bb340ae61f02082f4a9a4694245e2ce96941120f6e8beb9aa14548d10922cb351ca21dc0b12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a76b1d6b44ff2021ede4679c0748cc7c |
| SHA1 | ddc674dea5b018b5bb04305ef2f3d333b52409ab |
| SHA256 | 98ce3419d49517ce423559648c36144b2369e352f4b3fea281d35dcbc7714a38 |
| SHA512 | 3a5386bec0f019f00fd726466c27e2d01c2671b8960b7b9544ed7ccb6cb1e7a24f58dcdb99b6755633731822fd5c17db70eb9199265d5334493a7ccd1429fd58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 67d64771bf1fd1adb50ddf87c3f0d79b |
| SHA1 | cf50eda960ba5339960518fc3c679853f1f00dc1 |
| SHA256 | f905c2d786a0531d1c859bc1499274bf3bb25789d4ac124161dd32e8b5ad6228 |
| SHA512 | fc3e6afe895bac68416be944787fd4db690788dc1f1b2393cbd947fe9b4aceb9de516fd0031a8b76ddda2fc283cd1154d7f6a4b55a7fa3b931aa9aa423ca36db |
memory/796-1851-0x0000000073340000-0x0000000073550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0d51cfc8d92d27e4e966642dcf6a5e6 |
| SHA1 | 0946df6742738eacc42678bf0cf7247d1fff14f8 |
| SHA256 | 484aa83f6f326b32b3745b83810e3d259c36721e1af68f38ae1a98aca7caa5ca |
| SHA512 | c5c979f822b5456c9a3e4dc6a140b8ed9238e97e7dbaebb3962e90d43b063655eeea31441499b8fa8036cc532c056a51f6961afad609a1d5a98cc5f73baa4128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fae3d138bc6455bd27f7a00f257bd447 |
| SHA1 | d098493d9ca4ceb17dfee772f83649d46af567a1 |
| SHA256 | f17e8f9f1329a2af7a9cd0c10270de473764d28d6b924dfa52184ca64132f35e |
| SHA512 | 07b3a43c280ea332e7494810259ea112f7c6f0b374615600eae4c5e8cdf7a6111c6287519c4b975409d57f33528089c3682cf201f750668e878853e4282990d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f106405c79630da1b84d46b51668a3e5 |
| SHA1 | 9d6c57ddc2bc88f0a0dc24259dad3d19682cd053 |
| SHA256 | 36e86efdd0dfb1bbed4c6f1ce8a81e1108a3c469b99f8500abe0e2976f12af5c |
| SHA512 | e8c3b4e42ba17bb215282358ef5c28c0d8ac466078ff1526eb4b67f2a41e0de399a83de37a7650f3fec38d147d2dd958650d6eeaa624512ca562b129479c4916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c310658606b24b11cab6abdd709c9f65 |
| SHA1 | 8c63bc6cc11c96bcfe7fc70ddd02650c0d53606e |
| SHA256 | 9066edf47f20f49591dd8b8a88ffd21fad25f48198720459a2d86223a63b3abf |
| SHA512 | ea4aa5085ba12eba257aa1ebcb3ac224c5fbed102ecb99e47c0797472ffc584b696c4beb29ed0722b722244ca7f46af053bb56546928c174dee23e6a9235ed7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9376e4ddb9da8489a10ae15337b900d4 |
| SHA1 | 5ce79fc04151c186b9a8dd28f318a45cc7fbc7ee |
| SHA256 | 0a83b969e7c3e8cf2a5a70c3b5841a5a98dbdc4bff89ef452e542bce7ab43af7 |
| SHA512 | 08cd193fe81292ecc18c07140d2727d65ccee159f6c73eb8e7fd8dc08ad63bc449cdb0533405187a83760dd08011aa3f82bdd4bf31e8d6597fa363233ee0c9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4f8b66c3d52cdb7387fc04d5aaba54c |
| SHA1 | a594d40dc0673798904b6a57ff01fa982000ab5b |
| SHA256 | db1e568a0f611c7d98535e73a1d24062ef8bb4b20e3791db1c709ffd772886da |
| SHA512 | 6e386783c0d371a2ec4cf23f16f70672eb1e25f40eee7ecf78b77a48ec5bba9e7b14e556e6dcb5d3108b532268346ddb066aeffc5cad04f1db6eb54dc64431f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d25ccb6ebf212af8d81fb35fedae8fc8 |
| SHA1 | cebdee269956ac4f93e8e2d1123cf77c1ce63870 |
| SHA256 | 6c6da3da785295176caf4229e62174b406624e6b6d3bfa20024193d759b3c4bc |
| SHA512 | 5476cf7c4cf7930fa1b3a91f446177232399b6866d848861aed5be5cecbc8bf0b662285cda781d081776f17822f445d396c56f021f2d2e1ef585907ceda4995e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e
| MD5 | 9708e5224c10eb91f435950128a72070 |
| SHA1 | cc66f87dad487f1db80dc78942a7016d26725ae9 |
| SHA256 | 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d |
| SHA512 | 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c93edbb46e5d93a99d1c31dbc73b0cf1 |
| SHA1 | 2da61dd4279afa48c7cdc2e19055224c3df2d3ce |
| SHA256 | 6fc8d97d1184d9c53b40ad0149da18b68b049a3a060d6804b1048cf01b7ac168 |
| SHA512 | a0fcd707f2616135b38634928f99e10f2db8cec1c83f97004dd1c01b7e339b8e6bc7f1e975bd9cfadb5a07d6861b835ef55fafbf61df7f1872656dda6b4ff352 |
C:\Users\Admin\Downloads\d69257ed-c7ad-4a30-8e33-1d95859645e6.tmp
| MD5 | 215d509bc217f7878270c161763b471e |
| SHA1 | bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9 |
| SHA256 | 984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886 |
| SHA512 | 68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 069c5fef4fe5b2ff19a9b817306d83cf |
| SHA1 | b408534348bb0a7c2b880dfaa7a3b0ea288df49a |
| SHA256 | 68247be157ad6f927cd943c32dd69856dd4e1007753bce5001f38f0b0122b6b2 |
| SHA512 | 0f1434491672a6c40294d067cd8b535069ab82fdd9da7b906d96f76c3e777bc7e10de4fe19e3b4b4d23388127c09b7ae06752dc723827f219597fcaac8d52684 |
memory/2568-2315-0x0000000000A80000-0x0000000000CCA000-memory.dmp
memory/2568-2316-0x000000000A090000-0x000000000A0C8000-memory.dmp
memory/2568-2317-0x000000000A060000-0x000000000A06E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1bd317cae89e82f8c3a2c1725008f345 |
| SHA1 | f34fe6ecb24c2f670cb13017b8c43650e0af2e7b |
| SHA256 | 84d93217acc242632ad274440cc1e9c041ae0df90ac727832fb3cc504b96ccec |
| SHA512 | b423cc52a94679645c9384494681f1a4a6ed49c5cfa7bd6933735f7d910a042677ced9b295ef14e438128757da725467c528b9befcec00620a54a4b19bd8bfd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c67aca1e613a9f920c887fc7e551ee34 |
| SHA1 | 1fbbd4a8681d7408fed9e515b388e418d712756a |
| SHA256 | 6ff35ce7e48e9c9b6190697b4a3bcd90a61cf7515a972e51ef4d71f218a9b82a |
| SHA512 | 4c5eefcc592b28d19adcdcb53e6a284cce65114a945f3934bb055364152a24d7a3bc4e403a5ce04968fd9122e008da3ba61ca6cc7cca5375218da2a1200fb09f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aef1709189b1210b1d476d3792fc7c31 |
| SHA1 | 200446679aa4cb4990e3f617f3c9b1385727ce7c |
| SHA256 | eb779075b4c5b148615c4d5bd2abaec5e79b7cb6b141a76b8bf6d73aeb205bf4 |
| SHA512 | 85889a907b863141e8d03d00b7d9a6e01c370ad08edeb39e66b16449b7025004bc5837100c4d0fd6920c459ec61f1306931f38e9e03247a480f17210a464bb69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f0b87f551eb52b474588560b69a1e53 |
| SHA1 | 692796f17063442582a347a646245e6835583d79 |
| SHA256 | 2697716c3064ad6ce0727cb546ef1c2e85a2933f149589903a6369ed8effe101 |
| SHA512 | 87b23de9c2251e63580db85d7d2c9da1b0e1a344ecbd417ca76c43b7f3a16c4fd409158b9c1b71be993bc683b391d57b164d3aab8946f8c4791f318c28d0537d |
memory/796-2368-0x0000000073340000-0x0000000073550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac32d5d3268bc474913d9ac148c15120 |
| SHA1 | aa71c7abf51bf966b536729387d960d379e32e8c |
| SHA256 | e68316a24fd70b9e9ee548e224cdf3f7f1a34c051d41911c1ad6cce359a21c45 |
| SHA512 | a684a4df9b68f12f8479e35eef8226036d6120bb9081c12660fca90d624f6906c04f9bce6b82e8abda1496d8b58f2345961d8e4420b26a609b0bd7c53dbff27a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b9ea094117d429885d07ce42de2d35d |
| SHA1 | b8e54ea9f9ff3f2f54088233bdf3439b9e9527e0 |
| SHA256 | d0ccef8fcac0ecb2d18d1652c7ab96637aaca1b84e8384e5cf8b6d16ad42d64a |
| SHA512 | 27fca202e5c30a1f8face055066f4dc63b83f2fd76ee4ba46714c10618b063a76612a8aa9579eff31f355f09b908a896b8d5909f47b6d46c57043baf22f2bddd |
memory/796-2390-0x0000000073340000-0x0000000073550000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5b0527c3e79dbe93566d68cc9b8bc9f |
| SHA1 | 5015fc0964336ab16e808eb78278569de622b2fd |
| SHA256 | 4b698067246961421b6d3be41ab61017246a7547268074083a5354f196da3015 |
| SHA512 | 7763e6c7fb2c1ee17321c78b70c167454214550e4a808d941a2b0b1cefdf64c06ad61669d73f800e77a1606273339c2d8745e6787205f3404f736a0a9541a6be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af0af9a9fbdd4d6dcff3180108266579 |
| SHA1 | 6581c1f6978f5843cc71a28d085ab053add8f4e3 |
| SHA256 | 4993532afe6f112f6ddceaa0656f0da1f5d4807a11b8c3ab25669a50c6a10ea3 |
| SHA512 | cdea36e6dc50dafbe9d8b6d7ee66adbf236bd838e9e805e7b5f642a8fef31a8d39a5c37ba6d87c7b9b6fd11c44a16aa2527a4565324ced48f7bb5f6c5fc70f5b |
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | 0f8e1dc15de13e00da6f931bf64ad35d |
| SHA1 | 93455b1700a0b810b5dfe74621188e692ad92986 |
| SHA256 | ebcb464dd35241c3564ea881488dbb09e41952cd0e61bdbbf5d9e7f142672d7d |
| SHA512 | 72dfc5a41395ea0e9c327d852c8d2a19632a9ce700ba8db773d7764007dbca734835c946e46e7d9c329a2fe9362ee704deca4a9901eb8399acac2cad3e3f7761 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8904c740a40d46bc00019e5deeaf18e |
| SHA1 | f2deebd4041080d9215aeac7020ffbe09c5b7853 |
| SHA256 | 665e618adce5d426f2a1bd702df5c286d3d9ec2df58449afcdd8ea2822a8e1f9 |
| SHA512 | cb77e88f6c046f266788483aab11c07b77045c092bf1b825e8e03d8adeaf76d2d2bdf8d097f49c3d574556e4b09df7f1e4fa294360f7c201a0c8d5e0a5292871 |
C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe
| MD5 | 11a19165aa72e46ad47200ca46760c87 |
| SHA1 | 2fe4616eadaf543846571564ca325e772ea5375c |
| SHA256 | eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1 |
| SHA512 | 5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ba5665131566f5aaa7b742999e313749 |
| SHA1 | 6fbc333236d69fa8cf81bbd9704d152a0e75f24f |
| SHA256 | 2556cd6550ed844296c1585565d11fa6dc084cdaadaa1ef30fd099aa91178d18 |
| SHA512 | c6c9e9da38f1c073aee65b88b54b6b867a4c6866049b5efe15ebb0d6eb87e62118b88c4621798fedc30461352d7ed8a89c8697d19d3ea73b0075ebd3a5682839 |
memory/2568-2484-0x00000000062C0000-0x0000000006356000-memory.dmp
memory/2568-2486-0x00000000063B0000-0x00000000063B8000-memory.dmp
memory/2568-2485-0x0000000006360000-0x0000000006386000-memory.dmp
memory/2568-2488-0x00000000063C0000-0x0000000006432000-memory.dmp
memory/2568-2490-0x000000000A930000-0x000000000A93A000-memory.dmp
memory/2568-2489-0x0000000006440000-0x000000000644A000-memory.dmp
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
| MD5 | 495df8a4dee554179394b33daece4d1e |
| SHA1 | 0a67a0e43b4b4e3e25a736d08de4cec22033b696 |
| SHA256 | 201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42 |
| SHA512 | ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33 |
memory/4796-2713-0x0000000000EE0000-0x0000000000FD2000-memory.dmp
memory/4796-2715-0x0000000008F90000-0x0000000009094000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 797efa56b32251d4aae062285d0d0c77 |
| SHA1 | b2279bad733db269625719c3bad05a41b75159de |
| SHA256 | dc9ab2cf5efda8565b8669094fc6d14c073dd2c1c685059244ac9bc4a12f3114 |
| SHA512 | 19b5203974ebd2eb980ff30e95781bf3e647d7f5e8c295e7365f03541c49e9e62adc94cb867904c256295c9e45982b44bc681ae5ff4e8264a964e99e52a9118f |
memory/4796-2725-0x0000000009CB0000-0x0000000009CC6000-memory.dmp
memory/4796-2726-0x0000000009CF0000-0x0000000009CFA000-memory.dmp
memory/4796-2727-0x0000000009D30000-0x0000000009D38000-memory.dmp
memory/4796-2728-0x0000000009D90000-0x0000000009DAE000-memory.dmp
memory/4848-2730-0x0000000000F80000-0x0000000001782000-memory.dmp
memory/4848-2731-0x00000000062E0000-0x0000000006392000-memory.dmp
memory/4848-2732-0x0000000006390000-0x0000000006430000-memory.dmp
memory/4848-2733-0x00000000060E0000-0x00000000060E8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b02b36d54de3d1de69c214b30bedbd80 |
| SHA1 | 93c5e954541ea500acd7bb9b28dbb8ac0232c40a |
| SHA256 | 7c9160cc94c48f3935ccf1f02b5d7f06f72b3183e187c4a5761e3e53a37a255a |
| SHA512 | a01079cac54f48969533ff286c2e3c90dd90b8f0a361b32c659b03e67390186bdf360583db44d78a2654dc7729fb57f7ca60e8d3a9af6024d3b5523414af6d4b |
memory/4848-2744-0x0000000009F40000-0x0000000009FF2000-memory.dmp
memory/4848-2751-0x000000000BE40000-0x000000000BE62000-memory.dmp
memory/4848-2752-0x000000000BE70000-0x000000000C1C7000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
| MD5 | 772c9fecbd0397f6cfb3d866cf3a5d7d |
| SHA1 | 6de3355d866d0627a756d0d4e29318e67650dacf |
| SHA256 | 2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f |
| SHA512 | 82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d41a82e0a4555e21b419670790f426ea |
| SHA1 | a2494c9f39138d730318f10d65dffc450d6a9d39 |
| SHA256 | 03153439496b5be2c1653b4fd14bbe67377f9b1353f87807456658eb26bee326 |
| SHA512 | 18a6f910490ba913f2993121d7b1ba48cb5b8f843ee193c1cacb8396be345e2c3c9d582c3e9fa5f02c75901f340c820fa940c731394c16ecbdb5dddd565c2cb1 |
memory/796-2787-0x0000000000CC0000-0x0000000000CF5000-memory.dmp
memory/3656-2798-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp
memory/3656-2801-0x00007FFB46C40000-0x00007FFB46C49000-memory.dmp
memory/3656-2800-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp
memory/3656-2810-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp
memory/3656-2809-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp
memory/3656-2808-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp
memory/3656-2807-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp
memory/3656-2806-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp
memory/3656-2805-0x00007FFB44C50000-0x00007FFB44C60000-memory.dmp
memory/3656-2804-0x00007FFB44C50000-0x00007FFB44C60000-memory.dmp
memory/3656-2803-0x00007FFB44BC0000-0x00007FFB44BD0000-memory.dmp
memory/3656-2802-0x00007FFB44BC0000-0x00007FFB44BD0000-memory.dmp
memory/3656-2799-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp
memory/3656-2796-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp
memory/3656-2795-0x00007FFB46B60000-0x00007FFB46B70000-memory.dmp
memory/3656-2794-0x00007FFB46B60000-0x00007FFB46B70000-memory.dmp
memory/3656-2793-0x00007FFB46A40000-0x00007FFB46A50000-memory.dmp
memory/3656-2792-0x00007FFB46A40000-0x00007FFB46A50000-memory.dmp
memory/3656-2797-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-hans.json
| MD5 | fb6605abd624d1923aef5f2122b5ae58 |
| SHA1 | 6e98c0a31fa39c781df33628b55568e095be7d71 |
| SHA256 | 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00 |
| SHA512 | 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-tw.json
| MD5 | 702c9879f2289959ceaa91d3045f28aa |
| SHA1 | 775072f139acc8eafb219af355f60b2f57094276 |
| SHA256 | a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5 |
| SHA512 | 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
| MD5 | 464c4983fa06ad6cf235ec6793de5f83 |
| SHA1 | 8afeb666c8aee7290ab587a2bfb29fc3551669e8 |
| SHA256 | 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed |
| SHA512 | f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png
| MD5 | 6e8a105456aaf54799b1ae4c90000ff1 |
| SHA1 | 5a9a277b6ef822caaede13b34c222fb69451c141 |
| SHA256 | fac4a9e1c49c9f3fc07dbce40f4648987cf90f4c2ed0a96827630341621e9845 |
| SHA512 | 8e74329066b3c0c4b8303976cc4207b94ebc7ee38b74dedd490c2006feb53a99a0671e407ec649ec9da6a4d3ddff46bb7150963dfa8254364ab619db9ec3fd54 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_next.png
| MD5 | 34a4a4801e02097cef3e46e6b9c67c41 |
| SHA1 | 2f271ae04352f39bb72c677a16da03f19a51f672 |
| SHA256 | 7ca0bdacdebc16eace9d67078a5ecbc8d9f6098fad80e0d8c09fb5f708ad389b |
| SHA512 | 87a29f06c2539a6df2f043fbee747812f0672a9a6a97df906d8a38b9ede7a7e7ad2a61850888e39ad6b45f422680f4c89cc40c3724b1b4a0312dde8c35ed2a75 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
| MD5 | 521fb651c83453bf42d7432896040e5e |
| SHA1 | 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9 |
| SHA256 | 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70 |
| SHA512 | 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\checkbox_square.png
| MD5 | 2cb16991a26dc803f43963bdc7571e3f |
| SHA1 | 12ad66a51b60eeaed199bc521800f7c763a3bc7b |
| SHA256 | c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646 |
| SHA512 | 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\[email protected]
| MD5 | 97788161324392fe1af78ff82b9c953b |
| SHA1 | e9992beba9b73f7a03e7426dbf12fdd219633c4e |
| SHA256 | cf2c4273a398e58620f7f751ab9ccae36da95fbd39055184b4f3cc96393ebadc |
| SHA512 | 447fca7cd7249597403de54621bb53663f3e378fa043d439ef1abd4363775d28402c6670d4a06d23381073b7585b30661dbf9aea35eef66ea92c8a2501730266 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 55b64987636b9740ab1de7debd1f0b2f |
| SHA1 | 96f67222ce7d7748ec968e95a2f6495860f9d9c9 |
| SHA256 | f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc |
| SHA512 | 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 83e9b7823c0a5c4c67a603a734233dec |
| SHA1 | 2eaf04ad636bf71afdf73b004d17d366ac6d333e |
| SHA256 | 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067 |
| SHA512 | e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick2.png
| MD5 | a402aacac8be906bcc07d50669d32061 |
| SHA1 | 9d75c1afbe9fc482983978cae4c553aa32625640 |
| SHA256 | 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102 |
| SHA512 | d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 499333dae156bb4c9e9309a4842be4c8 |
| SHA1 | d18c4c36bdb297208589dc93715560acaf761c3a |
| SHA256 | d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591 |
| SHA512 | 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | e8c88cf5c5ef7ae5ddee2d0e8376b32f |
| SHA1 | 77f2a5b11436d247d1acc3bac8edffc99c496839 |
| SHA256 | 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd |
| SHA512 | 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick1.png
| MD5 | 2cbe38df9a03133ddf11a940c09b49cd |
| SHA1 | 6fb5c191ed8ce9495c66b90aaf53662bfe199846 |
| SHA256 | 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517 |
| SHA512 | dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Clear.png
| MD5 | fa8eaf9266c707e151bb20281b3c0988 |
| SHA1 | 3ca097ad4cd097745d33d386cc2d626ece8cb969 |
| SHA256 | 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2 |
| SHA512 | e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d06507ad5a10d75e07828fad2bcb19a |
| SHA1 | 52607e7caf5e7018a38d06b6001941ecb4f05c93 |
| SHA256 | 168cc9493f742531cedfb9bbb49d015fd97c8618f0897720c45ca5e7caa41362 |
| SHA512 | d06daee7508b2f7a2e1ec7eb65ca843445227785dac1e0403cf3b8d8be5e3e21b92eb783eb1231f05ee7a08c9e5d42f95818039e32b74bab563ffa5c9f85cc8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000107
| MD5 | 60f8cd04587a51e31b51d1570d6f889a |
| SHA1 | 88574c41d0ab81721b275252464da5c7927a4835 |
| SHA256 | 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb |
| SHA512 | 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106
| MD5 | ed124bdf39bbd5902bd2529a0a4114ea |
| SHA1 | b7dd9d364099ccd4e09fd45f4180d38df6590524 |
| SHA256 | 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44 |
| SHA512 | c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000108
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000105
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109
| MD5 | 038c1f469deb6932520d09a340856ebc |
| SHA1 | 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e |
| SHA256 | 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451 |
| SHA512 | fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
| MD5 | 3fec0191b36b9d9448a73ff1a937a1f7 |
| SHA1 | bee7d28204245e3088689ac08da18b43eae531ba |
| SHA256 | 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89 |
| SHA512 | a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
| MD5 | 4f8f43c5d5c2895640ed4fdca39737d5 |
| SHA1 | fb46095bdfcab74d61e1171632c25f783ef495fa |
| SHA256 | fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1 |
| SHA512 | 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
| MD5 | 81ce54dfd6605840a1bd2f9b0b3f807d |
| SHA1 | 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c |
| SHA256 | 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386 |
| SHA512 | 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8fce9ae3b4903df7af25f65dae27bf2 |
| SHA1 | 36edb7f103e3eec626b0f0c9e6dad62fcd58ecfd |
| SHA256 | 046cd394bf834d9244e9a39cd40573140be519ca84be043d369ee04132b1f400 |
| SHA512 | 7af30adc30fc06a431bcf45d6ee6f463f8828ab51bc9c49353c5c8f1c9cc02dcc9bdc7cb9d3a5cbacbeaa16fa3b350993de1ebd24fbb7feee31e86827cacf399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9c40a16f521ffe09884aac352dca457 |
| SHA1 | c89ae1a6ce62a416f0e0840f95297bbabd3f93a7 |
| SHA256 | 96d70b1ade7d26a04a913c65c4edc61de888deeb2618e7e86990bbf3e1874aa5 |
| SHA512 | b2dea6d996279aec6707fd5451a42915f430e4871444d20d9cefc3eb199554f0fce8cd272a62d02d368c6aea37f9772900df2f1c7d9df6cbdea042758108ef96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0d4b82045d1c604d6dc5c46ee34bb280 |
| SHA1 | f52b64d3c0e8797e9a43bfda8303deca10e88ec2 |
| SHA256 | 5416de957044dfbab16fe1ef851e72931bb463c707084b67d1a58a538ed0fcf4 |
| SHA512 | 08f057302ed031f691ec2afa3c3c480b3ed58b85c9bcedb32dfccd50d67d54f8d8bdf9cab1320de787c0a6617d36dbeb5f23f038a9561abf62d8c5f0b1e57938 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b53adbd10ed974922d5e11753c8506b |
| SHA1 | f1ad793b4b08d58ecff65e4ad0d5ed05f2b45c27 |
| SHA256 | 11e334fa84eb8ad62f64a57012d62abe120d29606e0ca3be9bdbca3a3ac73523 |
| SHA512 | 0d4739b3f81f3b0575d2ea7fe2e991bad6e8a22ee3328472522c004fbd8b34dab31b46ff0f6e55caaaf616f0ae0afaacd79ea7d835473f119a9f8029486dc23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 805d7c4ca3a60448669325599e8ae087 |
| SHA1 | 687c34d39fdf511122b3eca114f5d6cfa26f2174 |
| SHA256 | 4d37b6791a03b2670798f1f2824e1e729e9c13c2f203e20fdb612e9ceeac2af5 |
| SHA512 | fbaeb70aa1dde349d100cec808780c55c8dbe63d6c669925737d71eff255c82336b72c3ed999d379fe1a58c562a3534cf7949184d7f2db96349e4a2935b6a7ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 352c2b2b50afa589399f732f5e5098fd |
| SHA1 | 8023d3be8e41f22e034ac157a44b1a98b6c533e0 |
| SHA256 | e0006aca3124cb28583f26af709b7985e624672991ccf60fb161e7e0259ccc98 |
| SHA512 | fb5f2566437336d06566749893274d890d7c1599e312da1be25028e30ff79f3702350bde6cf0a8b53cc10948405d9c11d43127a1108745a8ba5a609f29d76e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 967394e393f63d10e96f61ead86b3365 |
| SHA1 | 254a6c1358b94738a765304830d1890a7a8bac2e |
| SHA256 | 06e64c765eb4fd04104cc5ab0d733b8c836ebd475dec13e9777c75cabd16c336 |
| SHA512 | 3cbe32ab0f92bec5f18e265025e1e7c70487858bf55cb47f130cc150c58b9d32441d7f5429866854d85602246c42ac1af4dc6f3324e903297670b93413a96d2e |
memory/4848-10280-0x0000000001FA0000-0x0000000001FD8000-memory.dmp
memory/4848-10281-0x000000000DC30000-0x000000000E15C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc18d4f24d789f924e29b9b63c785dcd |
| SHA1 | 30ec5acf9e42d994d6e22acee870f84dc3fe6a52 |
| SHA256 | 41e28dff76972ca7eef24c3fa8bda55224341a83de3590ea0a93ae363ef94d2b |
| SHA512 | 3b697a20640ba12ee3bf4ae8cb546712680acd7472bbedcf1b06ad42a3f3a88ded4574593776a6e8091914ff1827145583b9d07ed2939a9aa40019e6ad8988f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d03dda21ed005b01d79eb7f7625081f1 |
| SHA1 | edc52cd6237b665ebb4a979c3c5805b92e712309 |
| SHA256 | 41a9838d1a96337833251885d9865bb403e799d276ec8ee6452d976886941fee |
| SHA512 | 2bd363a4a805f27a5adb01adb7c85388b68425319425b6ca36a6c7eabf255b475bc86475717788ad4f4c6a29aafa9f430bb3a17c5aad772cb6b8a3ed83d52d0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64edbf52cc657b08dbdc0093759c70b3 |
| SHA1 | 374eac0eb0c75a5547f5a4de9a6f760c4f7147d2 |
| SHA256 | 6d94831faec46cdfd3b489d6821c60d9e6b8752a2528917c24f501811fcacaeb |
| SHA512 | 661eb71239c90e5ee03b862eced0d30f3eca791634600ca743b108f866084f5860fa1f4d89a597cdf60923dab4f96dae38402734104b12fb145d67e480219462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ebf2e42be18dda7e888e886e2d73e9e |
| SHA1 | 52eb0fb984e2930ee60766ddfaa09b0cf187f927 |
| SHA256 | cea557c5e607c142fc1876b418ea912a3a73eb9dc0063e5e88d43b7d5502ef96 |
| SHA512 | 93a7cf116a3b268ccd48e2dc82e21a66456f777a061400fb431137b0e7c3301e44b976b0abd2cb246dae7fd067a6a50d7220dda7c21aa955e148ca23bbebb54c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013c
| MD5 | f904e02668070d2abcfb74a86b9b991c |
| SHA1 | 6b40a4bd0d4052cd538cc65f806b6b7ab55194a5 |
| SHA256 | d40d34c729d7e71bb19ab832ed565e0030c6c109233a01e15f72db0590696e97 |
| SHA512 | 04eeee9b55b61669b76aa0ac61d2f0cfd62b668106ac78413e689c4f8c97c6ac4afe2a039040abb89a0b7371ed54812fa0db6b43bf3b6465082c53e0136a1414 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28767a9716fef25d8e8e9be3e202def9 |
| SHA1 | 999cb58cc036a22718b02a5f533b61bb605086c7 |
| SHA256 | c88ff63803a626bd20cc2834bdab3ca3d92c8820452f77c7ca870c0d586d61d4 |
| SHA512 | 902db92163b03087b993fd7b542a6d126420a90a449d6e363d5519d5e67f66224f2b5ca036979990561ec6c892808468ee46c2718c910506a1c4092a58188e6a |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
| MD5 | 90decc230b529e4fd7e5fa709e575e76 |
| SHA1 | aa48b58cf2293dad5854431448385e583b53652c |
| SHA256 | 91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2 |
| SHA512 | 15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b6ea1da7499baa7948a268f224b5c76 |
| SHA1 | 3c83de688c0da058a27499c98db250ea7878a0ad |
| SHA256 | 1cbfbe75fa04847aad5cac260edfa8ace7c6071857168348d8845833f6e3b459 |
| SHA512 | bef92cc7d319581dc7e9979a60c8ee0b318428a2680a921043b22391dd16945d4abd7ae1fb1d30e5b719c9be3d01055422ea1fee6ea15c7563fae74d929e23da |
memory/4848-10516-0x00000000028A0000-0x00000000028A8000-memory.dmp
memory/4848-10517-0x00000000066C0000-0x00000000066CA000-memory.dmp
memory/4848-10518-0x0000000006A10000-0x0000000006A18000-memory.dmp
memory/4848-10519-0x000000000ACE0000-0x000000000AD06000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2d2a473facb03db962157e71d95c4f0 |
| SHA1 | e66391e5375b95ccaf1f3e79791ac23b51ba5ba8 |
| SHA256 | a2fe368cc2b8e56240e0f914f66d8240eab4a955ea75dd1a91ad748bff5526ea |
| SHA512 | 4d6ac6625fa3e0de22b8727812ba718055712bf71278c0aa7e655db53d8868755af3044ba16c9d05fe9178e63a0e087a0b8b24a9b424be4dd10c06e2a8a016db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed5de08eac44536d3178143b33863efc |
| SHA1 | 247f185f957b070cedbbf82cdb33133ab8feb282 |
| SHA256 | 10bcf9ef175fc9d9a061ccb87a9affc620b6e5df158a85838dc0b9c723d17437 |
| SHA512 | f57c3e0669aed0abc22a85c29908cfb9ef3fa9263e4aa561fd1d17e694233a3c5a6951191beefb8c68568c378a7bad8f1a35e88ee19d434df08342b322fa5905 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db2f993cd1f4661bd85d23a5b46df618 |
| SHA1 | 5395bebd09fec7aaef9bb18ad1641ccd50087a82 |
| SHA256 | 48b8878dad55f5b1e03f8f06adca1e9affcf3d7eb787bfd3ef79acdc099a989d |
| SHA512 | 955f61ac5e85d9f404a96d0da78505be79546efccfde740e4f2ff02e14f1829aab94463233f2cd9b9dfdc53be6b25da7dfc877fab7de4042df5736de6728bb89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8bdfaa0fd928202d6c5450859b15004 |
| SHA1 | 934a70cb9cd4c8d08f79679d0bf903cc9eae456d |
| SHA256 | dac57f20065437b32461b1f6015199b9f7e8814261d4d5b69174fc2e547e358a |
| SHA512 | 298c54a343c80d1dc324c284cd8c213a2c7342ccfb68c46527fcabc7c6d30eb78195d2c3befad8e38692bc3db606f60e3b2341d2bca90bd1650adff13e04bfb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102
| MD5 | 0d2283b0df70bc0217118f5c6d1fd836 |
| SHA1 | 0aaa2e0daa0f0671fbf7817e222fcd777be523d0 |
| SHA256 | fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb |
| SHA512 | 16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c
| MD5 | b07f576446fc2d6b9923828d656cadff |
| SHA1 | 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103 |
| SHA256 | d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496 |
| SHA512 | 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b
| MD5 | d9b427d32109a7367b92e57dae471874 |
| SHA1 | ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39 |
| SHA256 | 9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3 |
| SHA512 | dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010e
| MD5 | f930621607e050dff86f94bbf4806b73 |
| SHA1 | d06bdf16d5794550b78713955629c465b6970676 |
| SHA256 | fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e |
| SHA512 | df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c943af0088d6117397cfadffb9ca7a41 |
| SHA1 | be099f05eee090013d7962d2db2582040e7e8775 |
| SHA256 | 4ecc59329a436fdbf7335847cb7b9c54d488cd37ae7ecec3c0fa90d4f5a28146 |
| SHA512 | d5dca3e85bb2ead060063be84abb9a9e63f275f763b1404462a9e2784f7f03596847115c3176cdf0d2ccfd2270323a19556ab16e34f1070b7af6141580e44663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 342bbef6ddf8b8737b4f9b3a4750207f |
| SHA1 | f80619a51ada8498ee5538724c4ee2a09eb8df9a |
| SHA256 | dad5a2d4393cf4e78bb18a1299ce2d952ad7683aa346bd5dd6848a253b005610 |
| SHA512 | 3b0f2be23c06bfa57e33fbb2918ce0c19341ed8e8cebd29b3243ea0f4611e927eac7c3e931a1894818aed150d5cf958f851302665a3c8d6cf5a189c74c2ee46e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014d
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015a
| MD5 | e4cc1ece2f2425b10ae2ccc212c1dafc |
| SHA1 | 92609e6d0093693110baa23758382889bcb30da6 |
| SHA256 | 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809 |
| SHA512 | 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55bc1fbef1ceecb66af4450feabcec60 |
| SHA1 | afb38c5afb789087a8f84fcad23cb2c0b8e27c8d |
| SHA256 | 6a16f7a22c53cfe5b33087155c161302c85a172d4b05c3567aa889e6fe0ecaeb |
| SHA512 | 4b7dad04eec31d4cc3e84fb2b7d2612207d196d2445de9948d7845887acbed12aa3c9774af0c0ab3ff2c4782340ad3626bf118b7619f32abeedc29bbc0d6d332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc525589dfde440b094ac573637c4ef7 |
| SHA1 | e315b258e219e8113cae6c3c2c1f60d81e20c727 |
| SHA256 | 1d4807746a2523782d69162310c109b79a64c093f40d7a075fd117256d9627fc |
| SHA512 | edfa24f2b0ce899a1a014ec6459e7912852681135abd2afe38417cb7076e81af35a47db43bb3d1d505dbce94206975533ff46bd1e54333161a754943f422182d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3cd7acfb88e5b8d2065c84560fb88be1 |
| SHA1 | 16c28aaefe760761fee4dea56523ca25109a021d |
| SHA256 | 39f134c7aadf4a52fc3ca571bf6b472cc510d88cca05e6f683b3ce08af9be4a8 |
| SHA512 | 6db6e2602746ddb55aab035501773c1ad074bab2fb6be664a09e5acef0341a6aa54de4603a4ea2a28141378135802ccdf034d2deb6c01b19362b373a427cbeb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 723a7c65e6774972b938e63524eb4b95 |
| SHA1 | ba466a01c277e53fd71ee498a457e030ffd0ebab |
| SHA256 | 235435a2c1b5cccb9817cdba724d32d4ec1c5b0e8c09f6d5d4b241a47616c872 |
| SHA512 | 22b89334f08d3e6293f6d64ec95f1351c732cce435190e73a0a87a0f9856fd8a70d11eea435bbef6694a3115b6f9a6a08aa9fe0c8fef44614f3ba5156eb25ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a9ffca36acb75b2c57049e274f6cc31 |
| SHA1 | cf65ed8baac1d011e67415012fcab430f17908b2 |
| SHA256 | d784a6a5938c6cb21b162fc3c0ad0a74c13deb1c868793c90eb46d86161f980e |
| SHA512 | 08ae8c3b75f9cc8acd83671b14290ebf6523860e9a7bf3cc1c5476665501b6aa1030b6df3bc415128c959e28f81df459f23872cce7a2894f0b04e37049acccbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8905df5756c3c8517205461931aecff3 |
| SHA1 | 670fa937ca7402ff90f59a3903c3d72f4ea63a55 |
| SHA256 | 7d4570738ca21e8f01cebd8cd6465579939651a0469b4215d9f633bd84bdc592 |
| SHA512 | 2ddff90e0a52a13b7686ac89273eb10cf4bb9f80ed423ed21bebfa2cb0be7a4128c56d82c70f99dc7933fb716c0c8ad1f09e5b602786b90818d3cf46d78ca5dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000159
| MD5 | 8266eb9d769b0040c61f9107b9233d0d |
| SHA1 | 7d84098b0f5a6b1fb73333838e071558086938da |
| SHA256 | 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923 |
| SHA512 | 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015f
| MD5 | 6fb26b39d8dcf2f09ef8aebb8a5ffe23 |
| SHA1 | 578cac24c947a6d24bc05a6aa305756dd70e9ac3 |
| SHA256 | 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059 |
| SHA512 | c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0
| MD5 | 8b25b9545557002176951f95a8d9bc6a |
| SHA1 | 557e24a5cc9de4dc61b958af5a62f9061fce527e |
| SHA256 | f6a45ac7e063c2034c4bc0051032f4dfc723c7b83abb002661e644973b8c3cf9 |
| SHA512 | 12ce6890c8612de76685b44f7761f44a0f06d12b48d66438bce1c2f9df0d736e9d7694feaa5a3c7c3f9aea403acfd8423b485bec18f4f9698a1712a7c789815f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c78bcfe5d34b715f645a9fbb232bf268 |
| SHA1 | 3d8a6e9209a5f96d943728e21a588a60a4108035 |
| SHA256 | 61b4d0800026ca56df3370a0a990b6e248d13fee9ed5e145f0698930480c52fa |
| SHA512 | b218108ca3a161898e6e5267053d0e15d384ca4e1a2eba978937042ee858b34e11aa322ab9585e205775c5aa85d9cdb387c0ee2ae165291b170fe4525a0a2ba2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f8f6ffc4c8dedbcfe05fa0f447fe915 |
| SHA1 | 166b61d95d9da0df6efbf90d4d3df2da3780b0e3 |
| SHA256 | 36b9e0fbaa039136eefe82ea1b388da2f5fa371582d8e411bb936c0064420aff |
| SHA512 | 773454644cb6b85ac8c2d4dce541faf542add689ffbab4ae5152f47a244fd630ad946e6b29944964dbddf0643f8748c2d6b02341c8c6c8f864068a7e6fa57f20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b20f84dba64487a13686af8d140a9a80 |
| SHA1 | b10a44b7fd68ceedf6e7dabe13c584ed3385b269 |
| SHA256 | 40fa1951a9e013a2c7bb0e119f5e7612d0a449d2cec543a97820058d171d9423 |
| SHA512 | 7f3feae72bb17a5ea804b5fbfec0008362fc2f38d3ac8898f6660c6272f43b3cabf27def332dc54f566915b6dca47b0333a15ad04f38060846b69b7dc0df018e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 124f54d0060868645fc4f684def9027a |
| SHA1 | 85b246653b50efa8ac5686b48bb2b0b82cd8646e |
| SHA256 | eba86ffe6557b6e9abc2515ebe9027aded0e2e32020793c6eb1b371c1e9c538d |
| SHA512 | 8349a257c5d12f9aa362da663ea39ebba997c86f64a4f5d98c8b093d5fa14d096f358a7444c544d4418415276d38aa2c54ef61011cebed30377887d8ee40f438 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a63417e292288b27febbdcaecc9eeb35 |
| SHA1 | f38579ed69d32083c3d5cfc9648665dd03c3cd64 |
| SHA256 | 8b94991248945c0401c683aed257ef6cedc6906b397d2fe36ff95c52e3b985b5 |
| SHA512 | 7e1786d2ad1560d40f06f8953df906dc1956c372232f95299ef3b1fcb9fe1d5cb5513dbf04da56a470ef4759bb0e1daa0f24020ea5e92413abc291a957b6cb56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1222665546d9a55ac1410e9511277538 |
| SHA1 | 88506282b5f6efd258565ee14aa8b596b54719f5 |
| SHA256 | 2d8389b8f398e44fe65eafe63c42ef57cbb64b3f605f7774c5a4cda88b4deb5b |
| SHA512 | 77a7f886c264c00344d33999bf6d3dbaff4045db2c801aa3a045e2d34f4c49988fd96af9f246d965cdf9c5c59696964a48f955b885dbd6d75b35c0f560e8356e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3210bea19a93c9a4b1b9dd024e5a159d |
| SHA1 | 1bec6a49379bfd5d63bcf7b37c06e77f901dc4c1 |
| SHA256 | 2c11833feb0e2c5629143cae86bd85ab4b6875e98641dead83780b67adba59f2 |
| SHA512 | 86cf1bed90f9a0b80e2746905caa15e9d7e43c6199aecc02067ef4d88b2ccba201042942e0f207585c210d85d937a72a6f987dbccb9e00ba85d58d60507b78d3 |
memory/18608-11293-0x000000000B140000-0x000000000B497000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e030638967abac0e1ac9011d432b2d06 |
| SHA1 | f69f7ea1f1f0a3624abd6011fdd458ad60eb0426 |
| SHA256 | 498a232c9d86068ef3b8011a5d95463fbf0057365b14a560fcf236a4d60e886c |
| SHA512 | 812abae64b178be886991def1547904bfc40ab198007ba90d2f423b6535f9eef435c52a719a18cdcb68f8b349961fa3b4866cf3743ce3cbe20b1edd387a66304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ca94fd764beb8711f1522e8a851d9c00 |
| SHA1 | 0ecf612ee2291140be55b5c42e82539068d9b410 |
| SHA256 | 44be700dfba460a832ab1cb42e438d24464e3415453b3ff9b0a38887fa2aeb1d |
| SHA512 | fb10551c75ff3afe1c93af022e645e5040fac8e73cd895b372960c96ef7ee577d1335a6ff69886d196c03a6c4b4330059078916de44e2929ce5ea86547074291 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cef4420e6c136c9f15a380841fbd682 |
| SHA1 | 519cf59f3ecc10dd5a71b576ba1a22d260fcab50 |
| SHA256 | 6c4d8f88463d59aef5a79c931c9ea0741a224fbe31e338bc8c942a2131e1c661 |
| SHA512 | 316c78f2dcc0c780e0c5dbd60358f6681db9cfc17431bc8d55ad215fd4c122f05a0d5a7b6f8d57b12be5514f130d4b989ba8fbeea461080356aa6892bf69ff24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d5ecb5e0cf3af9e269870d231a5a3d71 |
| SHA1 | cdf517862c28f44f7972f7e0a2847af6d0b51437 |
| SHA256 | 8b86181b74238e171e9f23ecc2b69694bd2f502d2e6cf27209234b3557f3bf5a |
| SHA512 | c4aeb2b4501bebe0279ae11bf43d5f235f1ec17e7267a24104039006c4d3329a426232d7a71044fee0d2383d7bfee1d8a6f7c434d79bd05a3a5949521ff4573e |