Malware Analysis Report

2025-03-15 04:18

Sample ID 240824-n4enra1alm
Target https://www.httpdebugger.com/
Tags
defense_evasion discovery evasion motw persistence phishing privilege_escalation trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.httpdebugger.com/ was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion motw persistence phishing privilege_escalation trojan

Drops file in Drivers directory

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Checks for any installed AV software in registry

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Enumerates connected drives

Checks installed software on the system

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Browser Information Discovery

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of UnmapMainImage

Suspicious behavior: LoadsDriver

NTFS ADS

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Modifies Internet Explorer settings

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 11:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 11:56

Reported

2024-08-24 12:07

Platform

win11-20240802-en

Max time kernel

644s

Max time network

646s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.httpdebugger.com/

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\HttpDebuggerSdk.sys C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
File opened for modification C:\Windows\system32\drivers\HttpDebuggerSdk.sys C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\WaveInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Luau Language Server\node.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Luau Language Server\node.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323123" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor456jeda323" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudor" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\Session C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername = "tudo3456jeda323" C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\LastUsername C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab\Session C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\icon_rotate3.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\msedgeupdateres_fr-CA.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\LeaveGame\playernumber_strokeStyle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\btn_expand.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ManageCollaborators\arrowRight_dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Tabs\MyCreations.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\dialog_purpose_quest.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\AmaticSC-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\PluginManagement\unchecked.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\icon_rotate7.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\msedgeupdateres_nn.dll C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\SourceSansPro-Light.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoduxDevtools\ToolbarIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PurchasePrompt\RightButtonDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\GameSettings\UncheckedBox.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\Icon_Preview_Clothing.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Editor\Large\Wheel.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\vk_swiftshader.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\fonts\Ubuntu-Italic.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\eventMarker_inner.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\arrowSpritesheet.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PurchasePrompt\RightButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\SpeakerLight\Muted.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\9SliceEditor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\ic-games.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\PlatformContent\pc\textures\water\normal_11.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\LegacyRbxGui\Cinder block.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\msedgeupdateres_de.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\dropdown_arrow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\WarningIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Input\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\LoadingBKG.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Lobby\Icons\back_icon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\Help\BButtonLight.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Emotes\Small\SegmentedCircle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\New\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\configs\PerformanceConfigs\rofiler.js C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\LayeredClothingEditor\WorkspaceIcons\Mesh Visibility Icon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\creations.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-tip.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e582fc5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\~DF50CB7854AAA67709.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF6B94728EC8AA6843.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Windows\Installer\e582fc7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\e582fc5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{3AAA8F78-6858-4344-8675-C73E1573CA0F} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI31F9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{3AAA8F78-6858-4344-8675-C73E1573CA0F}\HTTPDebuggerUI.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\f88cc10e-1c47-4cc3-aae3-1b42e1457b4f.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\~DF7E3C75845046A26E.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFA96D9EC9DB5BE27A.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{3AAA8F78-6858-4344-8675-C73E1573CA0F}\HTTPDebuggerUI.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI30EE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WaveInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006586dee215ef0e8b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006586dee20000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006586dee2000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6586dee2000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006586dee200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{375D3B39-152A-41E1-BF1B-B648933F26D0}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\roblox-player\URL Protocol C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A8096483-2E53-45CF-A0E5-4E17CED6B7EF}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\MicrosoftEdgeUpdateBroker.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-86c3597a87f4495e" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20247C83-3429-47B1-817F-C99F29D2BF3A}\Version\ = "1.0" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\HTTPDebuggerPro.msi:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 125210.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 822031.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 95575.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 920 wrote to memory of 1376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 3112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 3112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 920 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.httpdebugger.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb37df3cb8,0x7ffb37df3cc8,0x7ffb37df3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\HTTPDebuggerPro.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F3A07211C195668EEFC4A1EF2793587E C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F977473B9D20F2486FE4A3077B626781

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll"

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe

"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe"

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe

"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe" /install

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe

"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6900 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7240 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\0c0df43a6c7b4564bc3ddcb9f0adc0af /t 3304 /p 2128

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe

"C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\1cba9f52713b4ec5b19ab70156cca5f1 /t 5268 /p 5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6284 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUD21B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyQzgzQzAzOS05MzU5LTRGRTAtODk0RS0xQUFGNTQ1Q0E2MzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxMDQ4MzU1NDYiIGluc3RhbGxfdGltZV9tcz0iNTI2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E43576D8-401D-4D58-B196-8719B4BFE2D5}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRDdDNkIxQS0zMDBFLTRDQTAtOTcyRS03OUI4MkIzQkY0QjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjEwODM1NTY3NiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:8

C:\Users\Admin\Downloads\WaveInstaller.exe

"C:\Users\Admin\Downloads\WaveInstaller.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1AA6A625-C745-4B9C-ADD6-0561A19FA9D0}\EDGEMITMP_19E78.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff68a7606d8,0x7ff68a7606e4,0x7ff68a7606f0

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe

"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=4848

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQzNTc2RDgtNDAxRC00RDU4LUIxOTYtODcxOUI0QkZFMkQ1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMjE3NThENC1CODFGLTQ3NTEtQUUyQS0xMEE4NzQyN0FENjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjQyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTE4Mjc1NDY4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjExODM0NTU0MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NjU5MDIwNjYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IwZjczMWNlLWY3MDYtNGM4MS05MDZlLWEwNWFhMDM0NzU3ZD9QMT0xNzI1MTA1NTYxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpUQjc2cGdxJTJiQzBldEkxZVdONmp3U1VFTzhzaUpmTEdwSFNNMkVUcUNpSlBmUEJ1azZOWG84NjM0bUpyYU5OTFh3c0VaaXM2M0hKUFElMmJCdnlBajhHZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgZG93bmxvYWRfdGltZV9tcz0iMTY4MTMzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg2NjA2MjIxOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4ODEwOTE5MTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMjcyNDgyNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2MjYiIGRvd25sb2FkX3RpbWVfbXM9IjE3NDc2NCIgZG93bmxvYWRlZD0iMTczNzUwMzQ0IiB0b3RhbD0iMTczNzUwMzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDYxMyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3AFF681D-F680-4613-9A2D-A9A2A7C8C954}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{0499AEA5-127E-4904-BDDD-7329C7C225A5}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQ5OUFFQTUtMTI3RS00OTA0LUJEREQtNzMyOUM3QzIyNUE1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQUJCRDgzMy1FMTg4LTQ1NDktODkyMC0wMTI1MDAzQTY1MUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMjI3NjU0MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIyMjkxNTM5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg2MDU2OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI1MTA1ODcyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWRkWTd0bXlIem5TbnlHZlVjRUtMano0a3VPUzBvRVdtQ3cyUG41ZjElMmZVekhsdFFaelB1azdmaWR3WkMlMmZuNmNlOFNTTER3cHVYJTJmNFkwODJaVmJOVHNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg4MDU1NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMzIzZmE3ZjctNDQ0NS00MTM3LTgyZWMtNzE1Mjg5NDkxODJhP1AxPTE3MjUxMDU4NzImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZGRZN3RteUh6blNueUdmVWNFS0xqejRrdU9TMG9FV21DdzJQbjVmMSUyZlV6SGx0UVp6UHVrN2ZpZHdaQyUyZm42Y2U4U1NMRHdwdVglMmY0WTA4MlpWYk5Uc1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjQ1MTEyIiB0b3RhbD0iMTY0NTExMiIgZG93bmxvYWRfdGltZV9tcz0iMzI2NTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1MDg5MDQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTU2Mjc5Nzg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2ODk3NDIxMjY4NjMwMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOC4wLjI3MzkuNDIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntBNjU4QkM5NS05ODBFLTRCOUYtQTQxQi1FNTIyMjg0NDhCMjR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU19EA.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{0499AEA5-127E-4904-BDDD-7329C7C225A5}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQ5OUFFQTUtMTI3RS00OTA0LUJEREQtNzMyOUM3QzIyNUE1fSIgdXNlcmlkPSJ7NDNBNzEwNDEtNTIzRi00MDNDLUIwNTctN0JCMTc0MjhBQTQ4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Q0Q2RTg2NDgtNkExOC00N0RBLThGQjItNEQ4Q0M2Q0Y4QjcxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjQ1MDA3NTgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1NzU2ODk3MTkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3599373973141380892,13156675372079290571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12084 /prefetch:1

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe

"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=18608

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.httpdebugger.com udp
US 104.21.26.146:443 www.httpdebugger.com tcp
GB 18.154.84.60:443 cdn.amplitude.com tcp
GB 18.154.84.60:443 cdn.amplitude.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 35.167.103.7:443 api.amplitude.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
GB 74.125.71.156:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.201.163:443 www.google.co.uk udp
GB 92.123.142.73:443 www.bing.com tcp
GB 128.116.119.4:80 accountsettings.roblox.com tcp
GB 128.116.119.4:80 accountsettings.roblox.com tcp
GB 128.116.119.4:443 accountsettings.roblox.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 128.116.119.4:443 accountsettings.roblox.com tcp
GB 128.116.119.4:443 accountsettings.roblox.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 92.123.140.128:443 apis.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
US 104.21.26.146:443 www.httpdebugger.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
NL 20.76.201.171:443 xbox.com tcp
GB 173.222.8.59:80 www.xbox.com tcp
GB 173.222.8.59:443 www.xbox.com tcp
GB 173.222.8.59:443 www.xbox.com tcp
GB 173.222.8.59:443 www.xbox.com tcp
GB 173.222.8.59:443 www.xbox.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
GB 2.18.108.226:443 assets.adobedtm.com tcp
US 8.8.8.8:53 226.108.18.2.in-addr.arpa udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
GB 2.18.109.103:443 store-images.microsoft.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 18.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 9.211.222.173.in-addr.arpa udp
NL 13.69.109.130:443 browser.events.data.microsoft.com tcp
NL 13.69.109.130:443 browser.events.data.microsoft.com tcp
US 152.199.21.175:443 lgincdnvzeuno.azureedge.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 128.116.119.4:443 games.roblox.com tcp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 usermoderation.roblox.com udp
GB 128.116.119.8:443 lms.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 54.89.44.210:443 aws-us-east-1c-lms.rbx.com tcp
GB 23.73.139.26:443 tr.rbxcdn.com tcp
GB 13.40.252.205:443 aws-eu-west-2b-lms.rbx.com tcp
GB 13.40.255.29:443 aws-eu-west-2a-lms.rbx.com tcp
US 54.193.126.69:443 aws-us-west-1a-lms.rbx.com tcp
GB 18.239.236.70:443 c0.rbxcdn.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
GB 128.116.119.8:443 lms.roblox.com tcp
GB 18.244.114.69:443 t3.rbxcdn.com tcp
NL 20.50.88.242:443 dc.services.visualstudio.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
JP 52.194.121.40:443 aws-ap-northeast-1c-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
JP 52.194.121.40:443 aws-ap-northeast-1c-lms.rbx.com tcp
GB 128.116.119.4:443 usermoderation.roblox.com tcp
GB 184.28.176.40:443 tcp
GB 184.28.176.40:443 tcp
GB 184.28.176.40:443 tcp
GB 184.28.176.82:443 tcp
US 51.8.64.151:443 h.clarity.ms tcp
GB 92.123.140.24:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51464 tcp
GB 128.116.119.4:443 usermoderation.roblox.com tcp
N/A 127.0.0.1:51468 tcp
GB 128.116.119.4:443 usermoderation.roblox.com tcp
GB 23.208.251.114:443 clientsettingscdn.roblox.com tcp
GB 92.123.140.24:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:51489 tcp
N/A 127.0.0.1:51504 tcp
GB 92.123.140.24:443 setup.rbxcdn.com tcp
GB 92.123.140.24:443 setup.rbxcdn.com tcp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 199.232.214.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
GB 92.123.142.153:443 www.bing.com tcp
GB 92.123.142.130:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.130:443 www.bing.com tcp
US 13.107.21.200:443 bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
GB 92.123.142.122:443 www.bing.com tcp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
MD 213.232.235.119:443 waveexecutor.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.127:443 s4.histats.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 127.240.56.149.in-addr.arpa udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 csi.gstatic.com udp
BR 142.250.78.195:443 csi.gstatic.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 216.58.214.174:443 redirector.gvt1.com tcp
BR 142.250.78.195:443 csi.gstatic.com tcp
BR 142.250.78.195:443 csi.gstatic.com tcp
BR 142.250.78.195:443 csi.gstatic.com tcp
BR 142.250.78.195:443 csi.gstatic.com tcp
GB 74.125.175.230:443 r1---sn-aigzrnze.gvt1.com udp
US 8.8.8.8:53 cdn.getwave.gg udp
US 104.26.2.170:443 cdn.getwave.gg tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.175.125.74.in-addr.arpa udp
BR 142.250.78.195:443 csi.gstatic.com udp
US 52.240.159.111:443 www.nuget.org tcp
US 152.199.23.209:443 globalcdn.nuget.org tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 173.222.211.41:443 aefd.nelreports.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 173.222.211.41:443 aefd.nelreports.net udp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 104.26.2.170:443 cdn.getwave.gg tcp
GB 18.165.242.41:443 clientsettingscdn.roblox.com tcp
US 104.26.2.170:443 cdn.getwave.gg tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 18.165.242.41:443 clientsettingscdn.roblox.com tcp
GB 92.123.142.144:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 144.142.123.92.in-addr.arpa udp
GB 92.123.142.155:443 www.bing.com tcp
GB 92.123.142.155:443 www.bing.com tcp
GB 92.123.142.155:443 www.bing.com tcp
US 8.8.8.8:53 155.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.91:443 th.bing.com tcp
GB 92.123.142.91:443 th.bing.com tcp
GB 92.123.142.130:443 th.bing.com tcp
GB 92.123.142.130:443 th.bing.com tcp
US 104.21.56.43:443 tempmail.email tcp
US 104.21.56.43:443 tempmail.email tcp
NL 136.144.246.160:443 investingnews.blog tcp
GB 128.116.119.4:443 usermoderation.roblox.com tcp
GB 128.116.119.4:443 usermoderation.roblox.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
N/A 127.0.0.1:60206 tcp
N/A 127.0.0.1:60209 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 172.67.73.56:443 api.getwave.gg tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 104.21.77.16:443 la.quicksightnow.com tcp
US 104.21.77.16:443 la.quicksightnow.com tcp
US 8.8.8.8:53 16.77.21.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 92.123.142.114:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.170:443 r.bing.com tcp
GB 92.123.142.170:443 r.bing.com tcp
GB 92.123.142.105:443 r.bing.com tcp
GB 92.123.142.105:443 r.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 temp-mail.org udp
US 104.26.7.95:443 temp-mail.org tcp
US 104.26.7.95:443 temp-mail.org tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 95.7.26.104.in-addr.arpa udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
GB 173.222.211.58:80 apps.identrust.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 58.211.222.173.in-addr.arpa udp
US 172.66.40.60:443 cdn.paddle.com tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 104.26.6.95:443 web2.temp-mail.org tcp
US 8.8.8.8:53 77.211.65.159.in-addr.arpa udp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.67.41.60:443 btloader.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 35.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 185.89.210.90:443 ams3-ib.adnxs.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 172.67.75.241:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 35.241.34.106:443 c.4dex.io udp
FR 142.250.201.162:443 ep1.adtrafficquality.google tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.179.65:443 5704d718114a8232995b2f575aa515b0.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 61.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 34.189.245.18.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 253.22.99.167.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
FR 185.235.86.213:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.30:443 ag.gbc.criteo.com tcp
US 151.101.129.108:443 acdn.adnxs-simple.com tcp
US 34.95.69.49:443 i.clean.gg tcp
US 34.95.69.49:443 i.clean.gg udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 206.81.8.255:443 sync.cootlogix.com tcp
GB 92.123.140.90:443 hb.trustedstack.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 23.73.139.64:443 acdn.adnxs.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 13.224.222.60:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 3.210.110.24:443 cs-server-s2s.yellowblue.io tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
GB 23.73.139.80:443 player.aniview.com tcp
NL 81.17.55.109:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 54.87.195.130:443 api-2-0.spot.im tcp
IE 34.246.165.197:443 match.prod.bidr.io tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 172.111.38.86:443 tracker.open-adsyield.com tcp
IE 63.32.219.61:443 ap.lijit.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 64.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 255.8.81.206.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 60.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 24.110.210.3.in-addr.arpa udp
US 8.8.8.8:53 109.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 80.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 197.165.246.34.in-addr.arpa udp
US 8.8.8.8:53 130.195.87.54.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 63.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 54.216.57.173:443 jadserve.postrelease.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 35.241.34.106:443 c.4dex.io udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.75.226:443 googleads.g.doubleclick.net udp
GB 159.65.211.77:443 srv.buysellads.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
FR 142.250.201.162:443 ep1.adtrafficquality.google udp
FR 185.235.86.30:443 ag.gbc.criteo.com tcp
FR 185.235.86.213:443 gem.gbc.criteo.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 206.81.8.255:443 sync.cootlogix.com tcp
US 8.8.8.8:53 contextual.media.net udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 81.17.55.109:443 ssbsync.smartadserver.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
US 70.42.32.63:443 b1sync.zemanta.com tcp
IE 34.246.165.197:443 match.prod.bidr.io tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
US 172.111.38.86:443 tracker.open-adsyield.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
DE 162.55.236.224:443 sync.richaudience.com tcp
GB 184.28.176.16:443 tcp
GB 184.28.176.16:443 tcp
US 150.171.74.254:443 bx-ring.msedge.net tcp
US 13.107.219.254:443 t-ring-fallbacks1.msedge.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
GB 184.28.176.115:443 tcp
GB 184.28.176.115:443 tcp
GB 184.28.176.115:443 tcp
GB 23.211.237.134:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 cdn.getwave.gg udp
US 172.67.73.56:443 cdn.getwave.gg tcp
US 8.8.8.8:53 134.237.211.23.in-addr.arpa udp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 prebid.media.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 159.223.162.198:443 exchange.cootlogix.com tcp
US 159.223.162.198:443 exchange.cootlogix.com tcp
US 159.223.162.198:443 exchange.cootlogix.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 35.241.34.106:443 c.4dex.io udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
FR 185.235.86.30:443 ag.gbc.criteo.com tcp
FR 185.235.86.213:443 gem.gbc.criteo.com tcp
US 172.67.73.56:443 cdn.getwave.gg tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 058032c530b52781582253cb245aa731
SHA1 7ca26280e1bfefe40e53e64345a0d795b5303fab
SHA256 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA512 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

\??\pipe\LOCAL\crashpad_920_DAINWJTVEOVOPTDS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8276eab0f8f0c0bb325b5b8c329f64f
SHA1 8ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA512 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8de71db684188787f1131f6f1ef24784
SHA1 6e91fbc6f994d52bccfc343a9d393ffca4d36083
SHA256 9c916dcb81c5b900a066a60d5bd991526ac091ffda2a904ac12806715518e43f
SHA512 1b14c07ad638a51c45bdd49a20c1fd648cc2271a7318567f327499b72453142edcaf66ca4201f6312a1ab2b45e08fa02c6367d4696d3b2ad8908676cc802dc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b28c593f62405809c601f7b00ab65fd9
SHA1 87856bfb0e291b0c3b4d92b65dbb40442a43b745
SHA256 3666ef500f16702fc4bf04ec4329ff38654544226e477f7229a13a41c50da45e
SHA512 cd6270251265a8e0bd16e19f51d100ca9de331cb25392da4459126353c6e00f0314e591a6654f4851ff4b7ed3f779c34d6840de6d4a080634b4f277b20c6bc34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 131e8b8faca936995a9f266c8704c1f7
SHA1 d9773df41e8f0b888e345ee07afc217c7d495b1e
SHA256 2380b212536b32277cd4f6ee8e5365b894da1d241e2b65b6cd0e5f338816fed5
SHA512 b6fda84c00dc202d52d18ab3371a951e0b526c96e225a0fffe56b6e12055e2a19698bbb45d4a3da56bde18329656b62f442df032bb4af7df8d6019552b054f90

C:\Users\Admin\Downloads\Unconfirmed 95575.crdownload

MD5 da7e08ef168ee4662ff1878202303a36
SHA1 df3bc617162a0f5f5e854403f5dc1e00e093e498
SHA256 ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69
SHA512 bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 86da7ac78dd93c63a3954b3ecab79a17
SHA1 694dec90185a517ab56a3e075611f34167d94b1b
SHA256 b0c1424f05c55892af0195974166366dcfa49bf0cd91ffc192c9e80d2889df91
SHA512 a9ef4ba704eb0735f663769263decebb96ee95a578297d214e228905de6a5d30439f961c8d09c3b9b0857e30c02fcf9ce69d4d17a274597c35f906cf100ad590

C:\Users\Admin\Downloads\HTTPDebuggerPro.msi:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f7fc.TMP

MD5 cb3c28e0bf037f92ae9045707f526682
SHA1 f808bbd92a9eb8698cf1d8e6fe79ca984c289796
SHA256 2e594adaca8d3a354a89b109b2039eb235e312691ebc706314371f9e72ffbe7a
SHA512 95bfa9d8fda237d329cab3431dc13d41bd503b7548cae6c2d3a3c77b810e16c03dac6dd54246fb3f7c7678980d0b77b0509b3b1ee640c0c6be5aeef566a08a7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8bb3a5b77bd30cd6923307a25c7d7c42
SHA1 e6c47fe67db3b44ddd335ebba2663c2f00010106
SHA256 15af6c50f6329b5567f9081451c248de5b906c196a0da4106ee21e6c0207e6ad
SHA512 4dfe3816778fdda41187ec5aa759737fb74c0cfe1f75a1cb3bd149c638a5ff0f6adff0d43552a173c3396689f9a4319bdcd326f6d68ec0a8f906c145c5d86482

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A

MD5 8e4553c2121deb64b21cb2bba1a898a1
SHA1 ec0b8e41e91bf7b276cc67013e464878e1a273b0
SHA256 3753dfc686ee067bc507a15542a760be162a8aaad166d2467828d57b2c7c69a0
SHA512 21d50497fcaaffc235f616f974c39b6846900174d68e13815ffa5e435905307b4bf60b5a74fca84ced5a7a5917cbd288e5f0e9ad3a786ab34117b94a43f5f86b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A

MD5 959f189cc380be8d3dae61d79d3547cc
SHA1 f23be7a803c24326fa05659006fc42d5e6a9cef6
SHA256 0b5017e7d44e5b657d5766908bbf277ff8b51835d7bcf1f37d450603477db58f
SHA512 bf70b2d26b9d2e56b87f9eafa15866ee88daa494b38183acc4dded796d0b9945575b685c2da39d76cf75d06faa999d910ae41ac6df818cb97c7e4f03a998b944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 a0a76bf4c45e98ccc3d50957643e64b0
SHA1 e7b48cc0448546d0b936dc619fc7107d3937a7f0
SHA256 f2fb12bec62ecb6ba95e143e78b95a35fbb64df4e7fc3e3cbfd0daf57df9e401
SHA512 272df1925cdb09ab3e4eb7f6bf4034f4a2a975afa63ebdfcf6cf38bf25ee559e6d6fcafec4cd94ea4a530402c3eb97fedee151140ca6a8e56b1c35f8b33f917c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 478baabe067be78afd35bb255a2437f7
SHA1 3f6b5185a15c0f05c7258ecb8995e7ccf9cc50d2
SHA256 c82b063ffbb35594a63087a74f4c2ac0b6905ad7e646ccfd9d8363cdb0aa49cb
SHA512 10ba806345b3e0ca3b666c9a7d9aca458e9fd6ee72b9ae8c608ac5e44fabf8daeb8e3d26735cc5ef20604acce3593d6cdddebf20cbd8018ae7f5b08f23706118

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 ffc4bb3a84ad39f5c532992b2de5c97e
SHA1 3240722fb460907b6ea5bb8d1896f849d2f0bb7f
SHA256 2fecefb7f34d681b9e33f788949bd36edeb5875a9ef78cdcf0f79e64544ea3a6
SHA512 fe5455e323077883531f47c72a2ed472b55bad166eb66786cf54f0ebc1cc09a985eea703b65c941100838ee10c206caedea4b3ab78bdb2477db0dc4416a36c7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 964794bd725d58a05ae1ae478f356475
SHA1 51ac1f42e09a13a6f521a3295e6dc808fb3dbe70
SHA256 3ef167045cdb2b60959af0ed07b027fa553d0e8a37d85a0de6ad437032858fa9
SHA512 c4491144e0d2c5973baf24f46ad2989f07043528078d6000fb7c347725cdda4b932b8cd9af23b9eacf42d2844da2ea976426c7d63d9f901604600524a18d17bf

C:\Users\Admin\AppData\Local\Temp\MSIFA0F.tmp

MD5 6a9c36332255fca66c688c75aa68e1de
SHA1 2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1
SHA256 7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170
SHA512 a638c48026f2a0b565b34d7d0dfacfec4f582e698f88234521a6fcff1ed90c134f39aa3311cca2a67e401de01f81cac01d9f792f189127e0f87a345076827627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8b70dc135b6ff3dcc8fcdae22a9047cf
SHA1 786a4f90d181fe4e3fcae289620d6de23e3193a7
SHA256 a4420fdfddcfd120e4e2e44b15f476102622f643d9448a2077327b76012cddfa
SHA512 88f5e850e39a6755e36068c734201412109369a56352d2dab1b32e83a44f87a957171340bcc7ef1b12990629dc0ada095cfc5ee08de56962efc8160d00f9848b

\??\Volume{e2de8665-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0e90bb90-041a-4fb4-9679-a58a30f3fab1}_OnDiskSnapshotProp

MD5 0df3d139c607f3999f9064cd70af2a8f
SHA1 095df95318058e5ab50f094c99baf89e90136550
SHA256 4df20609b1701db53a386a1fd54be44afc08fc00463a34b51e63f06ed22110e6
SHA512 08aed3273b91b4b57c90245cac4c5673bc278567592ec606353414ced664092b1f107445d039fb033f3e32a26c312e40bf044a70c7cc0ddb1b335fa96c6173f5

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 aeafc3b5c073be9a6f9e1bccea6c34bf
SHA1 cce5793297ac8589016ff1e21215e22e0dddae20
SHA256 5b9ea8b6480283c398f0e9ca8f052bd05cc4c895162649e1da9be1586a190cc8
SHA512 4a3a1401351d819a27dae57de84b9ab2fbf209c642a3a61bc8d04409728582ba44da9ed7497dfe0efdc917eabf11c283d0f61125d1e15c5c2d4fae3c822c238b

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe

MD5 d6ab0e25b4f76ca11acb71eb290938d5
SHA1 0269f40ec4936edf9eed2b1065a631dd895776e4
SHA256 555b66eabf40ca228d6a285862e622b662a528ffb68aa01a3bb27b4132188de0
SHA512 5417a45ef64accfc7fc5b282c089b2046677f74249436ab4112ff5626cd6ffe5e9524012f093faf13eb108199a0c281ed5f5f7feef6a7db38ed1408d10e6039d

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll

MD5 4facbaab17f633d153a7b53fb483b22f
SHA1 9e0e7bfbe927b1a77133380a2f76531b9416962a
SHA256 c557b766a00fd4ba6950c08c6133c20e4dd800139a19d271d46d6feb31ebf870
SHA512 86cccef12998201c28c257204cdcfdd339ac5e65c5d6627ffa6e5d88f57bdd94812dd7f657bbd3b01b88679abe92343496be775f2d7ac1f3d59573a0b696d832

C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe

MD5 5b3c641fd1b48108810cc12b1971ffc2
SHA1 0d38bdd2d0654391b4737db591f2f1e19a9d8a3f
SHA256 f6c8009319b95d3d94c8858d831563b2568f98dda478b6a784ba5a828374e7fb
SHA512 4c2888ad3632bcb9efe06fc15c65c7a0ff9f5382e272ff7402f00a701a8aa3a4d9e467630085dc47fb9735ded898e995af1e6259472f0f4954d77b55f2f8944a

C:\Program Files (x86)\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sys

MD5 947c624c4bd48f8c66fcd00fc0f947d4
SHA1 5266036308e0d0eb837cc3126dba5a0b6ec270fc
SHA256 2e89606775ed719b9d950ae9d37e819a2567426fbe5c3e0aad8d86fec693b67b
SHA512 2fd940253eb2c4f9da9ceb9516b811f28bd8187fb3d819a86f0ec37f98c30d0a9b510652b0f615fe15cdcec1bfeff435da7b42407bb29faf2b1d58ce13508fc6

C:\Config.Msi\e582fc6.rbs

MD5 31839e3a02deb3d55c8035f69e016daa
SHA1 2291dac800194e16072316fc17f514005349363f
SHA256 c825470f474955382431e9fcd1c8cef957a01166a53c19c541aebbd3db76929f
SHA512 21c07f04e34c5a8936ae075eb910191d6cee934a83598365110e8fa8a94dfc729bf6b1cf68b46cfb331062396f17745056baf519e7a55ce811aa8072aae25bdf

C:\Program Files (x86)\HTTPDebuggerPro\cximagecrt.dll

MD5 a2fe19b6b766a12017c8be442ad0cef2
SHA1 9e5bed747e57e7c7141fabe3d9cb12c863d4b2f5
SHA256 35b71d192854edc95248f77deb824f034e903447319459aaf454269650fd51d3
SHA512 9969acf85432029810cd1eb2f7a65a3bc19d603749ecdcd2301645ad342bfc29d977c067a081a395afea4f9a5d199c982c4374d2fe6a2cedd9ff659af2101c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 138fa8a74b370a3b4442b1bd683aab4f
SHA1 be0f85dcf628f34260a9572c396acade558b6eae
SHA256 182b1ebf2e33e240997e995d7807b26a09b22077bd5e201db8b14810fe768a55
SHA512 41486f0c6b0913226e990575e834ed976bbdf8875f46d9ebc5ad3a7964b74ed95cd36f227b226d480612c8cd4c1b4ce9e8039b7549fc4ea6e151a600fa72f298

C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll

MD5 591dde57b17d9fcbdbc892cf1a7d3610
SHA1 1c2c32d101010165c471c6d5b01ef67c3224f6ff
SHA256 7d7d55ab604078e69070e2d162d77ee286e2faf748a52401a64f79824cb3b59d
SHA512 fc4bb5858a2b568c344a9b419176ed6e239e468c4eec9e76eba5a35c8bc97b5947bf1f7055544c5fd5b4d67d11e1ade5496057168b0fcf53afffc4595fb67bc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cee45e3856d809108406bf38c79c776f
SHA1 345eeac059f8a040f524845ae132688d9b0d83a8
SHA256 77d9368c874c7b700bbc610335f3619400760bd50330e3004c127374c19b706d
SHA512 a245ea57f7a68d90b5e0b04c0ff27c8cf3e3d277f5c336f237f99a01ec7eab87a8b360e46c2cbedcb5d02a5ae18afac7095b797e09a5ed63aaa7b5f85acbc7a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6b0110845edaa792624a345b8a1d81f
SHA1 039bcc2a9e7bd22bd46b96fc2b0ad724bba07f60
SHA256 a4314d2ebd3e2224a8b6af4199a6befca00651349d2e9e3e509c13d6e95dca4e
SHA512 af8f4996f20d02d0ec489a22ea1d9a346295d302e43e6de784738faa3c6abf70f9f43db17158d6ee6469c27145398b1716f9280278fffb452bcf42a1034ccce2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 12f0703bb5d62b1eb2f54861c2338d47
SHA1 60efc04e8da600ed477352b975d73c7c410fb52c
SHA256 f69d44abb1973ef1203fbbb6051a97669120a768fdd30be4a2aa7004a99f10c6
SHA512 447c2383b61cfb34a4fa82cb5046d1311347953f689eb47de07aa33816a66dbf5aa818d61062f571ada517bcd59f3e41304e704e3233449bd2d344014c5116b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3c49d6fc0d5b020fb4f2b6b29f1965d
SHA1 b1f677668a67ac51b125f62416fe19f89c79d969
SHA256 3de240fb6af83ac9d356391d541ad35aaaba31e5f16cf35b167c9c2170a94b27
SHA512 549f117352c0deb6c97d744ae5f398d83ec8ea0bd4b0acf2de7c33a7b95daf27c5e58f72548bff1b8bcd3493ea529150351bab64550f86ae51fccdfb50c21863

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 aa7a5965871c1dbd0ef6f8fc7f95e2fb
SHA1 b50d17ea884dda2e0aa74d683f7182a09916635f
SHA256 41e1578582c1f6ed7faa4dab5cff65d5cbc4f5222e92d5aa0e07785e9ab32ea9
SHA512 a8a7e855675930647dfcd92c8d9dbe0876be792343492e2d512364ff8d29846e41ea0eea0a87310dc00d03e0c8bed44725c12c6a2eb8245d2e004f731ded60a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 cfc7ce653052351d716cfe12840b03db
SHA1 b1614044081057c2169391393e6e8f1c6b819a16
SHA256 a645eb9e6f2d495d4fc41bb48fbdf68b003ae72b9726b349c229d24716fb6708
SHA512 573ed9f9b196ced5a843f4852b11baa296c276460de35816a7a285c1b61faa8c1c735124622e0240d7e546ed72da3671b8632d9825ab72eea302fdf242b34225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 7fb5fa1534dcf77f2125b2403b30a0ee
SHA1 365d96812a69ac0a4611ea4b70a3f306576cc3ea
SHA256 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f
SHA512 a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 785d0019402aeb096aff9f7e42448f61
SHA1 5c6c5c95a62a5c7fa35029c41940176c2a314251
SHA256 1f9734f5d7402f8e9ef1e8303dd30258f887ac70dcd3530771ef951391b0de79
SHA512 71e1d1df7f13d21ac43c21ccfb07c5add453d7220dd4813ba7c88c6762b43ef89379a5dac82e90905d9a043d030cf9ab518bd4dd0aa2f6d0b6198fdebdcf0e16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fa80531c94447392d8018f51c08f457
SHA1 1a4fda7ecfcf1f711dc218cff31f06a3acf461d1
SHA256 cfae810ec0d86a40cb5f82bd9cdd9a34d2ee52855c65b66f9ca387702d848a21
SHA512 3be0c850acec08c4e6c709f5747c5a4bb76a63f9fc3e667a30ea0e2d53f985fdc414bd23bef3abc6e805c66699b5622b8b7edc5eb420e8aa432ce67dda89ce6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8e84b08b4c43cb981ceacfe41732352
SHA1 c65b20ab9de0f2bc7dd005cde41c8b1d04c0636a
SHA256 0ffecdf7c74ccfe689745ed1712387b022f6519d3479d7b12a7ffda6f98cf3bd
SHA512 87e0cbe5d30a0c815ac51a4bfba64a6efb1bee55c45dfac3c9ec7dc5885805b21d79394c327430684fe10ce353a6d14880581eaef43da1f89fee247d014eb25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c44b40b21db0f1c5bf65b5596ff503d1
SHA1 2841712b2996657f3f1eb81377f05c45684c2fec
SHA256 6b135adfb663d97667a334d028f79c1b01874a35e03fdae9939463a6e27e0576
SHA512 24e5a4ffdc71e450daf55f43f020bb83aaf8a5be334557b7e648b74cea85005dc98fb5f410f3d2d57fc4ff5924884e9d227f11c625701c01111f1d6441a90e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 fdf09c3c067041ffdefcc9e1bdea9718
SHA1 e31cf28187466b23af697eedc92c542589b6c148
SHA256 144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da
SHA512 9e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8889c18912f5edb946cea8c1caf4603
SHA1 7adc8a6757ba743397ca75394b49eca2b0a3296f
SHA256 7a582f465b1c5740b226b6855a0ef18660f6c70edc69617ebff7c694ac95f872
SHA512 6dfa416a75fe0e508c9b7a206d3d498b65bc617c141be50fcb79a08c30fb01427b3c3bca6c1b8d7f8125ed37dfc74e0c53322ca2f273176879611e23ed4336c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19b4d9cff9e8ddceef31ddc39c2820a0
SHA1 5016b345484ea409a1f062329fa8d3b6be07b9dc
SHA256 3318ab4d044651dbebe2144ab168c9ac3ba513cb7b18b0e4dd375f76c167ad5b
SHA512 582ea75d1a56db6f1c815ba38cad5b5877ae9cc689205fab40b620d5b4713ce4c6073730eda6cafbd77b1909c87a62b84f1dca34f8c77377d1024abb7f048f46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 996b36edf335b45adfc3e1f8e8684ffc
SHA1 9e7d722611863375872c3b73a966dee99ece6f5a
SHA256 e786cd8b3bc47299b440925c914d198e5841f3255e9fbf1443a7a198254ff389
SHA512 fcead8665ee8fbf26a277258efe4e328d1828beaf62bbd2ef2aeb763630b783e2d990536db1863482c7f6f341d5369ea95fcedd7310f0aca4d62794e9e4e8df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ae929847379872754939b9430e89457
SHA1 1ba9aacf6763658960a5bea3ff53e8d9de3f5256
SHA256 9509b530da7dbc442ea2ab7db9deefdd2f74e84befba9f2f723f4965c22e4d95
SHA512 3c323f0f0706e75d76d0a6f319a26b0e484b3ab099ebd07513da6177f94e0de22964a6f17b5b7b0542781107e2efe2f49e6164621c810eb2b41b6679b427be0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 73cbbd3f62a8dcd8385cfb333a39fb60
SHA1 a9c83fe4378c95e30463c14818e970e263265368
SHA256 8feb841572f572f5ade40c170e152cd8ad01b6589e52d1b7a425cd8c7e3b1a30
SHA512 cb6c832e8111c6b9d0c8f0526c5e3a373e59c19634e8a241c633ff9b5c3877d2aa3657dbfde9046d8026985becbd673bade7d2c336a6b802ca8195ec513427a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2ff73a33102b54b8747acdacb3df83db
SHA1 5d11adbfdc830746dd26daa931cdebdcc17b4e01
SHA256 46b6ffb46efa0077a8576d6bc100d815a83b3a28fd6fd45f18c98fa98aebdc2a
SHA512 2f9b43d14df930f240d7be0ee6f73f29d1e467b81683302dd4e63f078fcf384ab95363edfa70c38fe7007b15b541188d53c7da66ea49284f99c0201808631add

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dbc7b9349a27625e9413d7351d8c2704
SHA1 c6bb4f7fb5f69e93990e704dcc94e56269dc418c
SHA256 acb0acd23a443754a5988c429d1f844fba425a4257277a350e216b3492bef34a
SHA512 699968685a5ed077e7058d80c58018bf38bdcbfe180b88f98af8917ad02d218c20d618ecf3eb1044593a17d6a5d873e98d55c85a232f5263e9b645acefbd6c15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c35066ef250b286fd2d08ab5a5f196c6
SHA1 ec4ee0240f5c1b088ffd41558ab37f2c4fe01b9d
SHA256 afed70d43ad32da9a7d72037a6abf09022a9dd271dbab2ed33843d0893b92426
SHA512 a89b787fa62b1ad6e810e1c0b0a48a4f662669eab01c05379cae63609c977cefcde82e82f54fb2d0ac6094c47ba689ea573aca424fc6d5ed84416d0ed55dd435

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 0a4e6d7286b389e2fd93317e27d46585
SHA1 dcf0d769a94555ce60f1b367b2851477286366be
SHA256 5853f8b5333a0c7a4fa318e2da1400eb1bbd0a52dc22b5521002066f242a2ac9
SHA512 b859cac971f414b24ca53832cab53cc4a424b776923d7f7c2c167f2d60c5aefdd4d5aba255af2e1e3673396101b575bc77dedea3ea06060c962863d635b218c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2c003422306267b57611c0e31abcca2
SHA1 c4480e98efd73944c6df366f87cd2e73919b0291
SHA256 53b6294d597b13fe5814d1a5978d347620cbaae06d630849e7fdb903b78ce648
SHA512 ebc3aee9db4aab0858b13543c828d2e827db9b462b8d090d02d9c849fffa5733ca00d789e112082af5bd3d10d5bb2d36a30916ed894a13d384f07c135f5c092f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9eacc7f1d59ef68a01e519b4cda8362d
SHA1 2a4e9c180f89a04606b7bba892ca1b592156384a
SHA256 a11f93f840efc9c23edf28aae756caa591f8a3eed9e6a252b63c780704edd33c
SHA512 c85f33403ff9ee59bde83e8f92e2a12e4543b5906061110b4ebc4111cb2c2b30c1c6f87f64ed1955ffd4ae8e6b2211b5d2102f0bb49a82bd7dc2bb2a6a215d21

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2eaaec627d05c9a36db0a75f68c21272

MD5 2eaaec627d05c9a36db0a75f68c21272
SHA1 9c123e54b8fed65b0c768c1e248a3ae78964f625
SHA256 18eaeff48f24edc79f4b81a3d5d74644ba8e57653c3ce0a30bc15df917964452
SHA512 cddd4bf4c19dfaf39e97b65ffb20094210e53aee9d48a6785e104d8d71de39ee8d9faac247100f5c867edc65294df546082de692ae7fb00a89c711e63cd36d5a

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\5b6171c8dbb01d6bff4fbe433ef7134e

MD5 5b6171c8dbb01d6bff4fbe433ef7134e
SHA1 402261ab9ede4118da88e15a977e48b06138f9f8
SHA256 b693b5678a7ea4620b1a3959ecf9c4864fad30ce9e2b195433fef28c296aff72
SHA512 ab108c6890bc4ce5956bb019f339c07d0bca7a998ffe09015a177bc3575ff847f36fd2e1123c713d99131d60a4b27323db911a2bc9fba8b7339f98a2c340ee30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 6cb04c22b87982055fa90aa6b45ffaf0
SHA1 fcbd9e5baf25fd09bdfcd025e27466b8221cc592
SHA256 d8eeb91e2a64aabe8a9648ae826f0a14222a31e70da3723a9bebc286723eaec6
SHA512 482f5de4abd60f71d4b2d0beac61a3bf130076c0b890ec0989903928a164df4970ff2b846ff18d612cc3b09fa681d34de04dc83cba68fa004f0cc982ea3dbc02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f5b85b96b679899631674a3de45cf2d
SHA1 108c3a5659d20854a792f6008cc4f38743427f19
SHA256 da6d22ae560f6002fad7619eafd24ab891ad2bc34eff9f799bde2f731f325a79
SHA512 7aa499d98d8269f029adc7a6806f1ca5086199411fdd4c859e5b38832e47562bbb3563956d285e286f83d21fc72ad28084903dde7d08c6f690cf21e368fe4925

memory/796-1815-0x0000000000CC0000-0x0000000000CF5000-memory.dmp

memory/796-1816-0x0000000073340000-0x0000000073550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d61889231901fa6a38945a891a4570d
SHA1 0c897b42dcce41a7eabc292ef1cd81870c768bcd
SHA256 657d2d94752dc3f36154329a4741e648988b294c168316d188c6cb75358ab39c
SHA512 7314c269766f85b1e540cfe53ca5b08d914c3827cbfb685352338bb340ae61f02082f4a9a4694245e2ce96941120f6e8beb9aa14548d10922cb351ca21dc0b12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a76b1d6b44ff2021ede4679c0748cc7c
SHA1 ddc674dea5b018b5bb04305ef2f3d333b52409ab
SHA256 98ce3419d49517ce423559648c36144b2369e352f4b3fea281d35dcbc7714a38
SHA512 3a5386bec0f019f00fd726466c27e2d01c2671b8960b7b9544ed7ccb6cb1e7a24f58dcdb99b6755633731822fd5c17db70eb9199265d5334493a7ccd1429fd58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67d64771bf1fd1adb50ddf87c3f0d79b
SHA1 cf50eda960ba5339960518fc3c679853f1f00dc1
SHA256 f905c2d786a0531d1c859bc1499274bf3bb25789d4ac124161dd32e8b5ad6228
SHA512 fc3e6afe895bac68416be944787fd4db690788dc1f1b2393cbd947fe9b4aceb9de516fd0031a8b76ddda2fc283cd1154d7f6a4b55a7fa3b931aa9aa423ca36db

memory/796-1851-0x0000000073340000-0x0000000073550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0d51cfc8d92d27e4e966642dcf6a5e6
SHA1 0946df6742738eacc42678bf0cf7247d1fff14f8
SHA256 484aa83f6f326b32b3745b83810e3d259c36721e1af68f38ae1a98aca7caa5ca
SHA512 c5c979f822b5456c9a3e4dc6a140b8ed9238e97e7dbaebb3962e90d43b063655eeea31441499b8fa8036cc532c056a51f6961afad609a1d5a98cc5f73baa4128

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fae3d138bc6455bd27f7a00f257bd447
SHA1 d098493d9ca4ceb17dfee772f83649d46af567a1
SHA256 f17e8f9f1329a2af7a9cd0c10270de473764d28d6b924dfa52184ca64132f35e
SHA512 07b3a43c280ea332e7494810259ea112f7c6f0b374615600eae4c5e8cdf7a6111c6287519c4b975409d57f33528089c3682cf201f750668e878853e4282990d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f106405c79630da1b84d46b51668a3e5
SHA1 9d6c57ddc2bc88f0a0dc24259dad3d19682cd053
SHA256 36e86efdd0dfb1bbed4c6f1ce8a81e1108a3c469b99f8500abe0e2976f12af5c
SHA512 e8c3b4e42ba17bb215282358ef5c28c0d8ac466078ff1526eb4b67f2a41e0de399a83de37a7650f3fec38d147d2dd958650d6eeaa624512ca562b129479c4916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c310658606b24b11cab6abdd709c9f65
SHA1 8c63bc6cc11c96bcfe7fc70ddd02650c0d53606e
SHA256 9066edf47f20f49591dd8b8a88ffd21fad25f48198720459a2d86223a63b3abf
SHA512 ea4aa5085ba12eba257aa1ebcb3ac224c5fbed102ecb99e47c0797472ffc584b696c4beb29ed0722b722244ca7f46af053bb56546928c174dee23e6a9235ed7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9376e4ddb9da8489a10ae15337b900d4
SHA1 5ce79fc04151c186b9a8dd28f318a45cc7fbc7ee
SHA256 0a83b969e7c3e8cf2a5a70c3b5841a5a98dbdc4bff89ef452e542bce7ab43af7
SHA512 08cd193fe81292ecc18c07140d2727d65ccee159f6c73eb8e7fd8dc08ad63bc449cdb0533405187a83760dd08011aa3f82bdd4bf31e8d6597fa363233ee0c9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4f8b66c3d52cdb7387fc04d5aaba54c
SHA1 a594d40dc0673798904b6a57ff01fa982000ab5b
SHA256 db1e568a0f611c7d98535e73a1d24062ef8bb4b20e3791db1c709ffd772886da
SHA512 6e386783c0d371a2ec4cf23f16f70672eb1e25f40eee7ecf78b77a48ec5bba9e7b14e556e6dcb5d3108b532268346ddb066aeffc5cad04f1db6eb54dc64431f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d25ccb6ebf212af8d81fb35fedae8fc8
SHA1 cebdee269956ac4f93e8e2d1123cf77c1ce63870
SHA256 6c6da3da785295176caf4229e62174b406624e6b6d3bfa20024193d759b3c4bc
SHA512 5476cf7c4cf7930fa1b3a91f446177232399b6866d848861aed5be5cecbc8bf0b662285cda781d081776f17822f445d396c56f021f2d2e1ef585907ceda4995e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e

MD5 9708e5224c10eb91f435950128a72070
SHA1 cc66f87dad487f1db80dc78942a7016d26725ae9
SHA256 834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d
SHA512 8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c93edbb46e5d93a99d1c31dbc73b0cf1
SHA1 2da61dd4279afa48c7cdc2e19055224c3df2d3ce
SHA256 6fc8d97d1184d9c53b40ad0149da18b68b049a3a060d6804b1048cf01b7ac168
SHA512 a0fcd707f2616135b38634928f99e10f2db8cec1c83f97004dd1c01b7e339b8e6bc7f1e975bd9cfadb5a07d6861b835ef55fafbf61df7f1872656dda6b4ff352

C:\Users\Admin\Downloads\d69257ed-c7ad-4a30-8e33-1d95859645e6.tmp

MD5 215d509bc217f7878270c161763b471e
SHA1 bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9
SHA256 984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886
SHA512 68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 069c5fef4fe5b2ff19a9b817306d83cf
SHA1 b408534348bb0a7c2b880dfaa7a3b0ea288df49a
SHA256 68247be157ad6f927cd943c32dd69856dd4e1007753bce5001f38f0b0122b6b2
SHA512 0f1434491672a6c40294d067cd8b535069ab82fdd9da7b906d96f76c3e777bc7e10de4fe19e3b4b4d23388127c09b7ae06752dc723827f219597fcaac8d52684

memory/2568-2315-0x0000000000A80000-0x0000000000CCA000-memory.dmp

memory/2568-2316-0x000000000A090000-0x000000000A0C8000-memory.dmp

memory/2568-2317-0x000000000A060000-0x000000000A06E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1bd317cae89e82f8c3a2c1725008f345
SHA1 f34fe6ecb24c2f670cb13017b8c43650e0af2e7b
SHA256 84d93217acc242632ad274440cc1e9c041ae0df90ac727832fb3cc504b96ccec
SHA512 b423cc52a94679645c9384494681f1a4a6ed49c5cfa7bd6933735f7d910a042677ced9b295ef14e438128757da725467c528b9befcec00620a54a4b19bd8bfd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c67aca1e613a9f920c887fc7e551ee34
SHA1 1fbbd4a8681d7408fed9e515b388e418d712756a
SHA256 6ff35ce7e48e9c9b6190697b4a3bcd90a61cf7515a972e51ef4d71f218a9b82a
SHA512 4c5eefcc592b28d19adcdcb53e6a284cce65114a945f3934bb055364152a24d7a3bc4e403a5ce04968fd9122e008da3ba61ca6cc7cca5375218da2a1200fb09f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aef1709189b1210b1d476d3792fc7c31
SHA1 200446679aa4cb4990e3f617f3c9b1385727ce7c
SHA256 eb779075b4c5b148615c4d5bd2abaec5e79b7cb6b141a76b8bf6d73aeb205bf4
SHA512 85889a907b863141e8d03d00b7d9a6e01c370ad08edeb39e66b16449b7025004bc5837100c4d0fd6920c459ec61f1306931f38e9e03247a480f17210a464bb69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f0b87f551eb52b474588560b69a1e53
SHA1 692796f17063442582a347a646245e6835583d79
SHA256 2697716c3064ad6ce0727cb546ef1c2e85a2933f149589903a6369ed8effe101
SHA512 87b23de9c2251e63580db85d7d2c9da1b0e1a344ecbd417ca76c43b7f3a16c4fd409158b9c1b71be993bc683b391d57b164d3aab8946f8c4791f318c28d0537d

memory/796-2368-0x0000000073340000-0x0000000073550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac32d5d3268bc474913d9ac148c15120
SHA1 aa71c7abf51bf966b536729387d960d379e32e8c
SHA256 e68316a24fd70b9e9ee548e224cdf3f7f1a34c051d41911c1ad6cce359a21c45
SHA512 a684a4df9b68f12f8479e35eef8226036d6120bb9081c12660fca90d624f6906c04f9bce6b82e8abda1496d8b58f2345961d8e4420b26a609b0bd7c53dbff27a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b9ea094117d429885d07ce42de2d35d
SHA1 b8e54ea9f9ff3f2f54088233bdf3439b9e9527e0
SHA256 d0ccef8fcac0ecb2d18d1652c7ab96637aaca1b84e8384e5cf8b6d16ad42d64a
SHA512 27fca202e5c30a1f8face055066f4dc63b83f2fd76ee4ba46714c10618b063a76612a8aa9579eff31f355f09b908a896b8d5909f47b6d46c57043baf22f2bddd

memory/796-2390-0x0000000073340000-0x0000000073550000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e5b0527c3e79dbe93566d68cc9b8bc9f
SHA1 5015fc0964336ab16e808eb78278569de622b2fd
SHA256 4b698067246961421b6d3be41ab61017246a7547268074083a5354f196da3015
SHA512 7763e6c7fb2c1ee17321c78b70c167454214550e4a808d941a2b0b1cefdf64c06ad61669d73f800e77a1606273339c2d8745e6787205f3404f736a0a9541a6be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af0af9a9fbdd4d6dcff3180108266579
SHA1 6581c1f6978f5843cc71a28d085ab053add8f4e3
SHA256 4993532afe6f112f6ddceaa0656f0da1f5d4807a11b8c3ab25669a50c6a10ea3
SHA512 cdea36e6dc50dafbe9d8b6d7ee66adbf236bd838e9e805e7b5f642a8fef31a8d39a5c37ba6d87c7b9b6fd11c44a16aa2527a4565324ced48f7bb5f6c5fc70f5b

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 0f8e1dc15de13e00da6f931bf64ad35d
SHA1 93455b1700a0b810b5dfe74621188e692ad92986
SHA256 ebcb464dd35241c3564ea881488dbb09e41952cd0e61bdbbf5d9e7f142672d7d
SHA512 72dfc5a41395ea0e9c327d852c8d2a19632a9ce700ba8db773d7764007dbca734835c946e46e7d9c329a2fe9362ee704deca4a9901eb8399acac2cad3e3f7761

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8904c740a40d46bc00019e5deeaf18e
SHA1 f2deebd4041080d9215aeac7020ffbe09c5b7853
SHA256 665e618adce5d426f2a1bd702df5c286d3d9ec2df58449afcdd8ea2822a8e1f9
SHA512 cb77e88f6c046f266788483aab11c07b77045c092bf1b825e8e03d8adeaf76d2d2bdf8d097f49c3d574556e4b09df7f1e4fa294360f7c201a0c8d5e0a5292871

C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe

MD5 11a19165aa72e46ad47200ca46760c87
SHA1 2fe4616eadaf543846571564ca325e772ea5375c
SHA256 eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1
SHA512 5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ba5665131566f5aaa7b742999e313749
SHA1 6fbc333236d69fa8cf81bbd9704d152a0e75f24f
SHA256 2556cd6550ed844296c1585565d11fa6dc084cdaadaa1ef30fd099aa91178d18
SHA512 c6c9e9da38f1c073aee65b88b54b6b867a4c6866049b5efe15ebb0d6eb87e62118b88c4621798fedc30461352d7ed8a89c8697d19d3ea73b0075ebd3a5682839

memory/2568-2484-0x00000000062C0000-0x0000000006356000-memory.dmp

memory/2568-2486-0x00000000063B0000-0x00000000063B8000-memory.dmp

memory/2568-2485-0x0000000006360000-0x0000000006386000-memory.dmp

memory/2568-2488-0x00000000063C0000-0x0000000006432000-memory.dmp

memory/2568-2490-0x000000000A930000-0x000000000A93A000-memory.dmp

memory/2568-2489-0x0000000006440000-0x000000000644A000-memory.dmp

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

MD5 495df8a4dee554179394b33daece4d1e
SHA1 0a67a0e43b4b4e3e25a736d08de4cec22033b696
SHA256 201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42
SHA512 ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

memory/4796-2713-0x0000000000EE0000-0x0000000000FD2000-memory.dmp

memory/4796-2715-0x0000000008F90000-0x0000000009094000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 797efa56b32251d4aae062285d0d0c77
SHA1 b2279bad733db269625719c3bad05a41b75159de
SHA256 dc9ab2cf5efda8565b8669094fc6d14c073dd2c1c685059244ac9bc4a12f3114
SHA512 19b5203974ebd2eb980ff30e95781bf3e647d7f5e8c295e7365f03541c49e9e62adc94cb867904c256295c9e45982b44bc681ae5ff4e8264a964e99e52a9118f

memory/4796-2725-0x0000000009CB0000-0x0000000009CC6000-memory.dmp

memory/4796-2726-0x0000000009CF0000-0x0000000009CFA000-memory.dmp

memory/4796-2727-0x0000000009D30000-0x0000000009D38000-memory.dmp

memory/4796-2728-0x0000000009D90000-0x0000000009DAE000-memory.dmp

memory/4848-2730-0x0000000000F80000-0x0000000001782000-memory.dmp

memory/4848-2731-0x00000000062E0000-0x0000000006392000-memory.dmp

memory/4848-2732-0x0000000006390000-0x0000000006430000-memory.dmp

memory/4848-2733-0x00000000060E0000-0x00000000060E8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b02b36d54de3d1de69c214b30bedbd80
SHA1 93c5e954541ea500acd7bb9b28dbb8ac0232c40a
SHA256 7c9160cc94c48f3935ccf1f02b5d7f06f72b3183e187c4a5761e3e53a37a255a
SHA512 a01079cac54f48969533ff286c2e3c90dd90b8f0a361b32c659b03e67390186bdf360583db44d78a2654dc7729fb57f7ca60e8d3a9af6024d3b5523414af6d4b

memory/4848-2744-0x0000000009F40000-0x0000000009FF2000-memory.dmp

memory/4848-2751-0x000000000BE40000-0x000000000BE62000-memory.dmp

memory/4848-2752-0x000000000BE70000-0x000000000C1C7000-memory.dmp

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

MD5 772c9fecbd0397f6cfb3d866cf3a5d7d
SHA1 6de3355d866d0627a756d0d4e29318e67650dacf
SHA256 2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f
SHA512 82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d41a82e0a4555e21b419670790f426ea
SHA1 a2494c9f39138d730318f10d65dffc450d6a9d39
SHA256 03153439496b5be2c1653b4fd14bbe67377f9b1353f87807456658eb26bee326
SHA512 18a6f910490ba913f2993121d7b1ba48cb5b8f843ee193c1cacb8396be345e2c3c9d582c3e9fa5f02c75901f340c820fa940c731394c16ecbdb5dddd565c2cb1

memory/796-2787-0x0000000000CC0000-0x0000000000CF5000-memory.dmp

memory/3656-2798-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp

memory/3656-2801-0x00007FFB46C40000-0x00007FFB46C49000-memory.dmp

memory/3656-2800-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp

memory/3656-2810-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp

memory/3656-2809-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp

memory/3656-2808-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp

memory/3656-2807-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp

memory/3656-2806-0x00007FFB44C70000-0x00007FFB44C90000-memory.dmp

memory/3656-2805-0x00007FFB44C50000-0x00007FFB44C60000-memory.dmp

memory/3656-2804-0x00007FFB44C50000-0x00007FFB44C60000-memory.dmp

memory/3656-2803-0x00007FFB44BC0000-0x00007FFB44BD0000-memory.dmp

memory/3656-2802-0x00007FFB44BC0000-0x00007FFB44BD0000-memory.dmp

memory/3656-2799-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp

memory/3656-2796-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp

memory/3656-2795-0x00007FFB46B60000-0x00007FFB46B70000-memory.dmp

memory/3656-2794-0x00007FFB46B60000-0x00007FFB46B70000-memory.dmp

memory/3656-2793-0x00007FFB46A40000-0x00007FFB46A50000-memory.dmp

memory/3656-2792-0x00007FFB46A40000-0x00007FFB46A50000-memory.dmp

memory/3656-2797-0x00007FFB46BB0000-0x00007FFB46BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-hans.json

MD5 fb6605abd624d1923aef5f2122b5ae58
SHA1 6e98c0a31fa39c781df33628b55568e095be7d71
SHA256 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00
SHA512 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\configs\DateTimeLocaleConfigs\zh-tw.json

MD5 702c9879f2289959ceaa91d3045f28aa
SHA1 775072f139acc8eafb219af355f60b2f57094276
SHA256 a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5
SHA512 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

MD5 464c4983fa06ad6cf235ec6793de5f83
SHA1 8afeb666c8aee7290ab587a2bfb29fc3551669e8
SHA256 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed
SHA512 f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png

MD5 6e8a105456aaf54799b1ae4c90000ff1
SHA1 5a9a277b6ef822caaede13b34c222fb69451c141
SHA256 fac4a9e1c49c9f3fc07dbce40f4648987cf90f4c2ed0a96827630341621e9845
SHA512 8e74329066b3c0c4b8303976cc4207b94ebc7ee38b74dedd490c2006feb53a99a0671e407ec649ec9da6a4d3ddff46bb7150963dfa8254364ab619db9ec3fd54

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\PageNavigation\button_control_next.png

MD5 34a4a4801e02097cef3e46e6b9c67c41
SHA1 2f271ae04352f39bb72c677a16da03f19a51f672
SHA256 7ca0bdacdebc16eace9d67078a5ecbc8d9f6098fad80e0d8c09fb5f708ad389b
SHA512 87a29f06c2539a6df2f043fbee747812f0672a9a6a97df906d8a38b9ede7a7e7ad2a61850888e39ad6b45f422680f4c89cc40c3724b1b4a0312dde8c35ed2a75

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

MD5 521fb651c83453bf42d7432896040e5e
SHA1 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9
SHA256 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70
SHA512 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\checkbox_square.png

MD5 2cb16991a26dc803f43963bdc7571e3f
SHA1 12ad66a51b60eeaed199bc521800f7c763a3bc7b
SHA256 c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646
SHA512 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\[email protected]

MD5 97788161324392fe1af78ff82b9c953b
SHA1 e9992beba9b73f7a03e7426dbf12fdd219633c4e
SHA256 cf2c4273a398e58620f7f751ab9ccae36da95fbd39055184b4f3cc96393ebadc
SHA512 447fca7cd7249597403de54621bb53663f3e378fa043d439ef1abd4363775d28402c6670d4a06d23381073b7585b30661dbf9aea35eef66ea92c8a2501730266

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 55b64987636b9740ab1de7debd1f0b2f
SHA1 96f67222ce7d7748ec968e95a2f6495860f9d9c9
SHA256 f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc
SHA512 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 83e9b7823c0a5c4c67a603a734233dec
SHA1 2eaf04ad636bf71afdf73b004d17d366ac6d333e
SHA256 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067
SHA512 e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick2.png

MD5 a402aacac8be906bcc07d50669d32061
SHA1 9d75c1afbe9fc482983978cae4c553aa32625640
SHA256 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102
SHA512 d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 499333dae156bb4c9e9309a4842be4c8
SHA1 d18c4c36bdb297208589dc93715560acaf761c3a
SHA256 d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591
SHA512 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected]

MD5 e8c88cf5c5ef7ae5ddee2d0e8376b32f
SHA1 77f2a5b11436d247d1acc3bac8edffc99c496839
SHA256 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd
SHA512 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\Thumbstick1.png

MD5 2cbe38df9a03133ddf11a940c09b49cd
SHA1 6fb5c191ed8ce9495c66b90aaf53662bfe199846
SHA256 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517
SHA512 dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\Clear.png

MD5 fa8eaf9266c707e151bb20281b3c0988
SHA1 3ca097ad4cd097745d33d386cc2d626ece8cb969
SHA256 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2
SHA512 e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d06507ad5a10d75e07828fad2bcb19a
SHA1 52607e7caf5e7018a38d06b6001941ecb4f05c93
SHA256 168cc9493f742531cedfb9bbb49d015fd97c8618f0897720c45ca5e7caa41362
SHA512 d06daee7508b2f7a2e1ec7eb65ca843445227785dac1e0403cf3b8d8be5e3e21b92eb783eb1231f05ee7a08c9e5d42f95818039e32b74bab563ffa5c9f85cc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000107

MD5 60f8cd04587a51e31b51d1570d6f889a
SHA1 88574c41d0ab81721b275252464da5c7927a4835
SHA256 27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb
SHA512 84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106

MD5 ed124bdf39bbd5902bd2529a0a4114ea
SHA1 b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA256 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512 c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000108

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000105

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109

MD5 038c1f469deb6932520d09a340856ebc
SHA1 8b361a8c0489b69e9ef4e132e36f20c161c5ec1e
SHA256 5fafae77cfdc093baea4dd31485ced7dc4ab8e734311b3c2aaac1dc2ed95f451
SHA512 fc3123f11323a9f18f5e1bb31c61fa229e0de8b6d07bb01b220605cfd9ba499ed63e76be0b7146e096412cc94486bdba0ee102982b38b258958c6327fc6bb6c8

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

MD5 3fec0191b36b9d9448a73ff1a937a1f7
SHA1 bee7d28204245e3088689ac08da18b43eae531ba
SHA256 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89
SHA512 a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

MD5 4f8f43c5d5c2895640ed4fdca39737d5
SHA1 fb46095bdfcab74d61e1171632c25f783ef495fa
SHA256 fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1
SHA512 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

MD5 81ce54dfd6605840a1bd2f9b0b3f807d
SHA1 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c
SHA256 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386
SHA512 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8fce9ae3b4903df7af25f65dae27bf2
SHA1 36edb7f103e3eec626b0f0c9e6dad62fcd58ecfd
SHA256 046cd394bf834d9244e9a39cd40573140be519ca84be043d369ee04132b1f400
SHA512 7af30adc30fc06a431bcf45d6ee6f463f8828ab51bc9c49353c5c8f1c9cc02dcc9bdc7cb9d3a5cbacbeaa16fa3b350993de1ebd24fbb7feee31e86827cacf399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9c40a16f521ffe09884aac352dca457
SHA1 c89ae1a6ce62a416f0e0840f95297bbabd3f93a7
SHA256 96d70b1ade7d26a04a913c65c4edc61de888deeb2618e7e86990bbf3e1874aa5
SHA512 b2dea6d996279aec6707fd5451a42915f430e4871444d20d9cefc3eb199554f0fce8cd272a62d02d368c6aea37f9772900df2f1c7d9df6cbdea042758108ef96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0d4b82045d1c604d6dc5c46ee34bb280
SHA1 f52b64d3c0e8797e9a43bfda8303deca10e88ec2
SHA256 5416de957044dfbab16fe1ef851e72931bb463c707084b67d1a58a538ed0fcf4
SHA512 08f057302ed031f691ec2afa3c3c480b3ed58b85c9bcedb32dfccd50d67d54f8d8bdf9cab1320de787c0a6617d36dbeb5f23f038a9561abf62d8c5f0b1e57938

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1b53adbd10ed974922d5e11753c8506b
SHA1 f1ad793b4b08d58ecff65e4ad0d5ed05f2b45c27
SHA256 11e334fa84eb8ad62f64a57012d62abe120d29606e0ca3be9bdbca3a3ac73523
SHA512 0d4739b3f81f3b0575d2ea7fe2e991bad6e8a22ee3328472522c004fbd8b34dab31b46ff0f6e55caaaf616f0ae0afaacd79ea7d835473f119a9f8029486dc23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 805d7c4ca3a60448669325599e8ae087
SHA1 687c34d39fdf511122b3eca114f5d6cfa26f2174
SHA256 4d37b6791a03b2670798f1f2824e1e729e9c13c2f203e20fdb612e9ceeac2af5
SHA512 fbaeb70aa1dde349d100cec808780c55c8dbe63d6c669925737d71eff255c82336b72c3ed999d379fe1a58c562a3534cf7949184d7f2db96349e4a2935b6a7ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 352c2b2b50afa589399f732f5e5098fd
SHA1 8023d3be8e41f22e034ac157a44b1a98b6c533e0
SHA256 e0006aca3124cb28583f26af709b7985e624672991ccf60fb161e7e0259ccc98
SHA512 fb5f2566437336d06566749893274d890d7c1599e312da1be25028e30ff79f3702350bde6cf0a8b53cc10948405d9c11d43127a1108745a8ba5a609f29d76e0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 967394e393f63d10e96f61ead86b3365
SHA1 254a6c1358b94738a765304830d1890a7a8bac2e
SHA256 06e64c765eb4fd04104cc5ab0d733b8c836ebd475dec13e9777c75cabd16c336
SHA512 3cbe32ab0f92bec5f18e265025e1e7c70487858bf55cb47f130cc150c58b9d32441d7f5429866854d85602246c42ac1af4dc6f3324e903297670b93413a96d2e

memory/4848-10280-0x0000000001FA0000-0x0000000001FD8000-memory.dmp

memory/4848-10281-0x000000000DC30000-0x000000000E15C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc18d4f24d789f924e29b9b63c785dcd
SHA1 30ec5acf9e42d994d6e22acee870f84dc3fe6a52
SHA256 41e28dff76972ca7eef24c3fa8bda55224341a83de3590ea0a93ae363ef94d2b
SHA512 3b697a20640ba12ee3bf4ae8cb546712680acd7472bbedcf1b06ad42a3f3a88ded4574593776a6e8091914ff1827145583b9d07ed2939a9aa40019e6ad8988f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d03dda21ed005b01d79eb7f7625081f1
SHA1 edc52cd6237b665ebb4a979c3c5805b92e712309
SHA256 41a9838d1a96337833251885d9865bb403e799d276ec8ee6452d976886941fee
SHA512 2bd363a4a805f27a5adb01adb7c85388b68425319425b6ca36a6c7eabf255b475bc86475717788ad4f4c6a29aafa9f430bb3a17c5aad772cb6b8a3ed83d52d0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64edbf52cc657b08dbdc0093759c70b3
SHA1 374eac0eb0c75a5547f5a4de9a6f760c4f7147d2
SHA256 6d94831faec46cdfd3b489d6821c60d9e6b8752a2528917c24f501811fcacaeb
SHA512 661eb71239c90e5ee03b862eced0d30f3eca791634600ca743b108f866084f5860fa1f4d89a597cdf60923dab4f96dae38402734104b12fb145d67e480219462

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ebf2e42be18dda7e888e886e2d73e9e
SHA1 52eb0fb984e2930ee60766ddfaa09b0cf187f927
SHA256 cea557c5e607c142fc1876b418ea912a3a73eb9dc0063e5e88d43b7d5502ef96
SHA512 93a7cf116a3b268ccd48e2dc82e21a66456f777a061400fb431137b0e7c3301e44b976b0abd2cb246dae7fd067a6a50d7220dda7c21aa955e148ca23bbebb54c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013c

MD5 f904e02668070d2abcfb74a86b9b991c
SHA1 6b40a4bd0d4052cd538cc65f806b6b7ab55194a5
SHA256 d40d34c729d7e71bb19ab832ed565e0030c6c109233a01e15f72db0590696e97
SHA512 04eeee9b55b61669b76aa0ac61d2f0cfd62b668106ac78413e689c4f8c97c6ac4afe2a039040abb89a0b7371ed54812fa0db6b43bf3b6465082c53e0136a1414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28767a9716fef25d8e8e9be3e202def9
SHA1 999cb58cc036a22718b02a5f533b61bb605086c7
SHA256 c88ff63803a626bd20cc2834bdab3ca3d92c8820452f77c7ca870c0d586d61d4
SHA512 902db92163b03087b993fd7b542a6d126420a90a449d6e363d5519d5e67f66224f2b5ca036979990561ec6c892808468ee46c2718c910506a1c4092a58188e6a

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe

MD5 90decc230b529e4fd7e5fa709e575e76
SHA1 aa48b58cf2293dad5854431448385e583b53652c
SHA256 91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2
SHA512 15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b6ea1da7499baa7948a268f224b5c76
SHA1 3c83de688c0da058a27499c98db250ea7878a0ad
SHA256 1cbfbe75fa04847aad5cac260edfa8ace7c6071857168348d8845833f6e3b459
SHA512 bef92cc7d319581dc7e9979a60c8ee0b318428a2680a921043b22391dd16945d4abd7ae1fb1d30e5b719c9be3d01055422ea1fee6ea15c7563fae74d929e23da

memory/4848-10516-0x00000000028A0000-0x00000000028A8000-memory.dmp

memory/4848-10517-0x00000000066C0000-0x00000000066CA000-memory.dmp

memory/4848-10518-0x0000000006A10000-0x0000000006A18000-memory.dmp

memory/4848-10519-0x000000000ACE0000-0x000000000AD06000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2d2a473facb03db962157e71d95c4f0
SHA1 e66391e5375b95ccaf1f3e79791ac23b51ba5ba8
SHA256 a2fe368cc2b8e56240e0f914f66d8240eab4a955ea75dd1a91ad748bff5526ea
SHA512 4d6ac6625fa3e0de22b8727812ba718055712bf71278c0aa7e655db53d8868755af3044ba16c9d05fe9178e63a0e087a0b8b24a9b424be4dd10c06e2a8a016db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed5de08eac44536d3178143b33863efc
SHA1 247f185f957b070cedbbf82cdb33133ab8feb282
SHA256 10bcf9ef175fc9d9a061ccb87a9affc620b6e5df158a85838dc0b9c723d17437
SHA512 f57c3e0669aed0abc22a85c29908cfb9ef3fa9263e4aa561fd1d17e694233a3c5a6951191beefb8c68568c378a7bad8f1a35e88ee19d434df08342b322fa5905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 db2f993cd1f4661bd85d23a5b46df618
SHA1 5395bebd09fec7aaef9bb18ad1641ccd50087a82
SHA256 48b8878dad55f5b1e03f8f06adca1e9affcf3d7eb787bfd3ef79acdc099a989d
SHA512 955f61ac5e85d9f404a96d0da78505be79546efccfde740e4f2ff02e14f1829aab94463233f2cd9b9dfdc53be6b25da7dfc877fab7de4042df5736de6728bb89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b8bdfaa0fd928202d6c5450859b15004
SHA1 934a70cb9cd4c8d08f79679d0bf903cc9eae456d
SHA256 dac57f20065437b32461b1f6015199b9f7e8814261d4d5b69174fc2e547e358a
SHA512 298c54a343c80d1dc324c284cd8c213a2c7342ccfb68c46527fcabc7c6d30eb78195d2c3befad8e38692bc3db606f60e3b2341d2bca90bd1650adff13e04bfb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

MD5 0d2283b0df70bc0217118f5c6d1fd836
SHA1 0aaa2e0daa0f0671fbf7817e222fcd777be523d0
SHA256 fb02c03e84b9a15ea357644f15643bc90eb9c6ef6532e1c82ecd052df34c2abb
SHA512 16071fce7468cc47fd7a57dc6913cbf41e142fd16b3f145dc30b13fb4a84a05fa3211d3b435ace7378c76682a1afc49e45d180eb88f6d32b0deaa2266196b2f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010b

MD5 d9b427d32109a7367b92e57dae471874
SHA1 ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39
SHA256 9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3
SHA512 dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010e

MD5 f930621607e050dff86f94bbf4806b73
SHA1 d06bdf16d5794550b78713955629c465b6970676
SHA256 fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e
SHA512 df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c943af0088d6117397cfadffb9ca7a41
SHA1 be099f05eee090013d7962d2db2582040e7e8775
SHA256 4ecc59329a436fdbf7335847cb7b9c54d488cd37ae7ecec3c0fa90d4f5a28146
SHA512 d5dca3e85bb2ead060063be84abb9a9e63f275f763b1404462a9e2784f7f03596847115c3176cdf0d2ccfd2270323a19556ab16e34f1070b7af6141580e44663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 342bbef6ddf8b8737b4f9b3a4750207f
SHA1 f80619a51ada8498ee5538724c4ee2a09eb8df9a
SHA256 dad5a2d4393cf4e78bb18a1299ce2d952ad7683aa346bd5dd6848a253b005610
SHA512 3b0f2be23c06bfa57e33fbb2918ce0c19341ed8e8cebd29b3243ea0f4611e927eac7c3e931a1894818aed150d5cf958f851302665a3c8d6cf5a189c74c2ee46e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014d

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015a

MD5 e4cc1ece2f2425b10ae2ccc212c1dafc
SHA1 92609e6d0093693110baa23758382889bcb30da6
SHA256 92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809
SHA512 2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55bc1fbef1ceecb66af4450feabcec60
SHA1 afb38c5afb789087a8f84fcad23cb2c0b8e27c8d
SHA256 6a16f7a22c53cfe5b33087155c161302c85a172d4b05c3567aa889e6fe0ecaeb
SHA512 4b7dad04eec31d4cc3e84fb2b7d2612207d196d2445de9948d7845887acbed12aa3c9774af0c0ab3ff2c4782340ad3626bf118b7619f32abeedc29bbc0d6d332

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc525589dfde440b094ac573637c4ef7
SHA1 e315b258e219e8113cae6c3c2c1f60d81e20c727
SHA256 1d4807746a2523782d69162310c109b79a64c093f40d7a075fd117256d9627fc
SHA512 edfa24f2b0ce899a1a014ec6459e7912852681135abd2afe38417cb7076e81af35a47db43bb3d1d505dbce94206975533ff46bd1e54333161a754943f422182d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3cd7acfb88e5b8d2065c84560fb88be1
SHA1 16c28aaefe760761fee4dea56523ca25109a021d
SHA256 39f134c7aadf4a52fc3ca571bf6b472cc510d88cca05e6f683b3ce08af9be4a8
SHA512 6db6e2602746ddb55aab035501773c1ad074bab2fb6be664a09e5acef0341a6aa54de4603a4ea2a28141378135802ccdf034d2deb6c01b19362b373a427cbeb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 723a7c65e6774972b938e63524eb4b95
SHA1 ba466a01c277e53fd71ee498a457e030ffd0ebab
SHA256 235435a2c1b5cccb9817cdba724d32d4ec1c5b0e8c09f6d5d4b241a47616c872
SHA512 22b89334f08d3e6293f6d64ec95f1351c732cce435190e73a0a87a0f9856fd8a70d11eea435bbef6694a3115b6f9a6a08aa9fe0c8fef44614f3ba5156eb25ada

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a9ffca36acb75b2c57049e274f6cc31
SHA1 cf65ed8baac1d011e67415012fcab430f17908b2
SHA256 d784a6a5938c6cb21b162fc3c0ad0a74c13deb1c868793c90eb46d86161f980e
SHA512 08ae8c3b75f9cc8acd83671b14290ebf6523860e9a7bf3cc1c5476665501b6aa1030b6df3bc415128c959e28f81df459f23872cce7a2894f0b04e37049acccbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8905df5756c3c8517205461931aecff3
SHA1 670fa937ca7402ff90f59a3903c3d72f4ea63a55
SHA256 7d4570738ca21e8f01cebd8cd6465579939651a0469b4215d9f633bd84bdc592
SHA512 2ddff90e0a52a13b7686ac89273eb10cf4bb9f80ed423ed21bebfa2cb0be7a4128c56d82c70f99dc7933fb716c0c8ad1f09e5b602786b90818d3cf46d78ca5dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000159

MD5 8266eb9d769b0040c61f9107b9233d0d
SHA1 7d84098b0f5a6b1fb73333838e071558086938da
SHA256 389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923
SHA512 82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015f

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 8b25b9545557002176951f95a8d9bc6a
SHA1 557e24a5cc9de4dc61b958af5a62f9061fce527e
SHA256 f6a45ac7e063c2034c4bc0051032f4dfc723c7b83abb002661e644973b8c3cf9
SHA512 12ce6890c8612de76685b44f7761f44a0f06d12b48d66438bce1c2f9df0d736e9d7694feaa5a3c7c3f9aea403acfd8423b485bec18f4f9698a1712a7c789815f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c78bcfe5d34b715f645a9fbb232bf268
SHA1 3d8a6e9209a5f96d943728e21a588a60a4108035
SHA256 61b4d0800026ca56df3370a0a990b6e248d13fee9ed5e145f0698930480c52fa
SHA512 b218108ca3a161898e6e5267053d0e15d384ca4e1a2eba978937042ee858b34e11aa322ab9585e205775c5aa85d9cdb387c0ee2ae165291b170fe4525a0a2ba2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8f8f6ffc4c8dedbcfe05fa0f447fe915
SHA1 166b61d95d9da0df6efbf90d4d3df2da3780b0e3
SHA256 36b9e0fbaa039136eefe82ea1b388da2f5fa371582d8e411bb936c0064420aff
SHA512 773454644cb6b85ac8c2d4dce541faf542add689ffbab4ae5152f47a244fd630ad946e6b29944964dbddf0643f8748c2d6b02341c8c6c8f864068a7e6fa57f20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b20f84dba64487a13686af8d140a9a80
SHA1 b10a44b7fd68ceedf6e7dabe13c584ed3385b269
SHA256 40fa1951a9e013a2c7bb0e119f5e7612d0a449d2cec543a97820058d171d9423
SHA512 7f3feae72bb17a5ea804b5fbfec0008362fc2f38d3ac8898f6660c6272f43b3cabf27def332dc54f566915b6dca47b0333a15ad04f38060846b69b7dc0df018e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 124f54d0060868645fc4f684def9027a
SHA1 85b246653b50efa8ac5686b48bb2b0b82cd8646e
SHA256 eba86ffe6557b6e9abc2515ebe9027aded0e2e32020793c6eb1b371c1e9c538d
SHA512 8349a257c5d12f9aa362da663ea39ebba997c86f64a4f5d98c8b093d5fa14d096f358a7444c544d4418415276d38aa2c54ef61011cebed30377887d8ee40f438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a63417e292288b27febbdcaecc9eeb35
SHA1 f38579ed69d32083c3d5cfc9648665dd03c3cd64
SHA256 8b94991248945c0401c683aed257ef6cedc6906b397d2fe36ff95c52e3b985b5
SHA512 7e1786d2ad1560d40f06f8953df906dc1956c372232f95299ef3b1fcb9fe1d5cb5513dbf04da56a470ef4759bb0e1daa0f24020ea5e92413abc291a957b6cb56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1222665546d9a55ac1410e9511277538
SHA1 88506282b5f6efd258565ee14aa8b596b54719f5
SHA256 2d8389b8f398e44fe65eafe63c42ef57cbb64b3f605f7774c5a4cda88b4deb5b
SHA512 77a7f886c264c00344d33999bf6d3dbaff4045db2c801aa3a045e2d34f4c49988fd96af9f246d965cdf9c5c59696964a48f955b885dbd6d75b35c0f560e8356e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3210bea19a93c9a4b1b9dd024e5a159d
SHA1 1bec6a49379bfd5d63bcf7b37c06e77f901dc4c1
SHA256 2c11833feb0e2c5629143cae86bd85ab4b6875e98641dead83780b67adba59f2
SHA512 86cf1bed90f9a0b80e2746905caa15e9d7e43c6199aecc02067ef4d88b2ccba201042942e0f207585c210d85d937a72a6f987dbccb9e00ba85d58d60507b78d3

memory/18608-11293-0x000000000B140000-0x000000000B497000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e030638967abac0e1ac9011d432b2d06
SHA1 f69f7ea1f1f0a3624abd6011fdd458ad60eb0426
SHA256 498a232c9d86068ef3b8011a5d95463fbf0057365b14a560fcf236a4d60e886c
SHA512 812abae64b178be886991def1547904bfc40ab198007ba90d2f423b6535f9eef435c52a719a18cdcb68f8b349961fa3b4866cf3743ce3cbe20b1edd387a66304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca94fd764beb8711f1522e8a851d9c00
SHA1 0ecf612ee2291140be55b5c42e82539068d9b410
SHA256 44be700dfba460a832ab1cb42e438d24464e3415453b3ff9b0a38887fa2aeb1d
SHA512 fb10551c75ff3afe1c93af022e645e5040fac8e73cd895b372960c96ef7ee577d1335a6ff69886d196c03a6c4b4330059078916de44e2929ce5ea86547074291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1cef4420e6c136c9f15a380841fbd682
SHA1 519cf59f3ecc10dd5a71b576ba1a22d260fcab50
SHA256 6c4d8f88463d59aef5a79c931c9ea0741a224fbe31e338bc8c942a2131e1c661
SHA512 316c78f2dcc0c780e0c5dbd60358f6681db9cfc17431bc8d55ad215fd4c122f05a0d5a7b6f8d57b12be5514f130d4b989ba8fbeea461080356aa6892bf69ff24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d5ecb5e0cf3af9e269870d231a5a3d71
SHA1 cdf517862c28f44f7972f7e0a2847af6d0b51437
SHA256 8b86181b74238e171e9f23ecc2b69694bd2f502d2e6cf27209234b3557f3bf5a
SHA512 c4aeb2b4501bebe0279ae11bf43d5f235f1ec17e7267a24104039006c4d3329a426232d7a71044fee0d2383d7bfee1d8a6f7c434d79bd05a3a5949521ff4573e