Malware Analysis Report

2024-12-07 14:42

Sample ID 241007-w6nnfavfja
Target NocturneLoader.bin
SHA256 4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70
Tags
adware defense_evasion discovery evasion persistence privilege_escalation stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70

Threat Level: Likely malicious

The file NocturneLoader.bin was found to be: Likely malicious.

Malicious Activity Summary

adware defense_evasion discovery evasion persistence privilege_escalation stealer trojan

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

NTFS ADS

Suspicious use of WriteProcessMemory

System policy modification

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of UnmapMainImage

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-07 18:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 18:32

Reported

2024-10-08 01:23

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5012 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe C:\Windows\system32\cmd.exe
PID 5012 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe C:\Windows\system32\cmd.exe
PID 1196 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1196 wrote to memory of 1552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1196 wrote to memory of 4344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1196 wrote to memory of 4344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1196 wrote to memory of 116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1196 wrote to memory of 116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe

"C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-07 18:32

Reported

2024-10-07 18:49

Platform

win11-20241007-en

Max time kernel

1047s

Max time network

1048s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\graphic\Auth\gradient_bg.jpg C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\uk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\explosion.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\PlayStationController\PS4\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\avatar\heads\headM.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\families\Jura.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AnimationEditor\image_keyframe_constant_unselected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\particles\explosion01_core_main.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\ArrowCollapsed.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\dev.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\CloseButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\InGameMenu\ScrollTop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\MicDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\ic-games.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChatV2\ic-friend-empty-border.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\it.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\configs\PerformanceConfigs\rofiler.tools.js C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\SpeakerDark\Unmuted100.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\sky\cloudDetail3D.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\particles\forcefield_glow_alpha.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source4128_456882702\msedge_7z.data C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\MEIPreload\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\dev.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\TerrainTools\mtrl_ground_2022.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChatV2\actions_notificationOn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_6.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_20.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_8.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\families\IndieFlower.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\msvcp140_codecvt_ids.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\TouchControlsSheet.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\TwemojiMozilla.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ControlsEmulator\Quest3_Light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VirtualCursor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\InGameMenu\TouchControls\controls_phone_portrait.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\sv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\mt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AvatarEditorImages\circle_gray4.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\ic-more-settings.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\1f6473ce-d830-4d9e-afeb-45106919bd68.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgIds\MSEdgePDF C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer\ = "MicrosoftEdgeUpdate.CoreClass.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mht C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-d2bde6b0a05e4840\\RobloxPlayerBeta.exe" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 138374.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1472 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe C:\Windows\system32\cmd.exe
PID 1472 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe C:\Windows\system32\cmd.exe
PID 5032 wrote to memory of 1408 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 5032 wrote to memory of 1408 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 5032 wrote to memory of 4256 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 5032 wrote to memory of 4256 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 5032 wrote to memory of 4084 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 5032 wrote to memory of 4084 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2316 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe

"C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb92c3cb8,0x7ffcb92c3cc8,0x7ffcb92c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6468 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x0000000000000484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2628 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEN0NEQjBGOS1DQUYxLTRERjgtOTQ5MS1CNkNCQ0M5NDgyQjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNjgwMDMxNzMiIGluc3RhbGxfdGltZV9tcz0iNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{6D23CD80-1C41-45B3-A421-9D9CAE3F13CF}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMkU5MTQ4OS1BQTM2LTRFNjktOTE0OS0yMDA5ODUzN0NFRjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNzI2NTM0MDMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e90176f0,0x7ff7e90176fc,0x7ff7e9017708

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2Rjg1NDk1QS1EMjU3LTQ1NEQtQTNCNy01MTU5NDJDODdBRkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjkuMC4yNzkyLjc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mjg3NjIzMTQ0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI4NzcxMzQ4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0OTIxNzMxOTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMzZjMwNjU4LTY0NjMtNDE1NS04ODY5LWM4Zjk2YmIyMTQ3NT9QMT0xNzI4OTMwOTAzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PW5KbzRkUmlRYXFpcmE3WUZHUEJVNmdLVlUwMWo3SE8xR3dxYWtjYUlHTyUyYjN2bUVDeEZBUUxZbkdHSm1zakpXdERCbEl2N2ZDbU0zb1ZnZUtEdDB1Y2clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM5NTU2NjQiIHRvdGFsPSIxNzM5NTU2NjQiIGRvd25sb2FkX3RpbWVfbXM9IjEzNDA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ5MjI4MzI1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MDc4NTMxODgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMzAwMDM2NTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDU5IiBkb3dubG9hZF90aW1lX21zPSIyMDQ1MyIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MjIxMiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4764

C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_ltAnyMZ9ZYcH-KFwvvfjpy5WUO4nI-vZe8KCABYOcJruwesxD0f9xgiU_qrccacP4Dw2pCuHXt9U4FRvCbgs3o3ztm91C1yqM8lh564e0OZNMasasBfYZJH4UA5R8G1xX2SFFgjtOUsUGdYiehGI12uBvMMN_teDz-je_3K8rqkVmK0y6teN5T_OT4bpYor1IoNP4LSI2UcAoBPCh_7J_8b2t3HdyTbbu2fOzBQ5es+launchtime:1728326384630+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1728325984642003%26placeId%3D654732683%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D995c9874-755a-4833-af2c-0647152552d7%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1728325984642003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe" /update /sessionid "{5900197F-CFAE-43B8-91E5-E8C7BA102FD9}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTkwMDE5N0YtQ0ZBRS00M0I4LTkxRTUtRThDN0JBMTAyRkQ5fSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCNEFBN0Q1OS03NjQ2LTRGQjEtQThEMi03NzU0MjVCNjEyQUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2OTc3Mjk4MTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTY5Nzc4OTczOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1NDE0NDk2MDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mNjYxMjQ3Mi0zNzQ3LTRmYmMtYTBhNS02ODM4OWE2YjY3M2U_UDE9MTcyODkzMTI0NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Hd052Q0NnNXZVOXpQUTM5RVM4UkNRanZkWHRJbFM0dWZXZHptNjNscSUyZmlBJTJmMU9yQVZma0MxVmVZNTAxM2NWR3A0TXBxdVRmcEZ0ODY2cmpOQnB4WFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU0MTQ1OTc0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjY2MTI0NzItMzc0Ny00ZmJjLWEwYTUtNjgzODlhNmI2NzNlP1AxPTE3Mjg5MzEyNDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R3dOdkNDZzV2VTl6UFEzOUVTOFJDUWp2ZFh0SWxTNHVmV2R6bTYzbHElMmZpQSUyZjFPckFWZmtDMVZlWTUwMTNjVkdwNE1wcXVUZnBGdDg2NnJqTkJweFhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNDg4OCIgdG90YWw9IjE2MzQ4ODgiIGRvd25sb2FkX3RpbWVfbXM9IjgwMDY0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTQxNDc5NzIyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTQ2NjIwMzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Mjc5OTU1NTIzNDY3NzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntFNzg2OUM3OC1CNzk1LTQ5MEItQkFERi1CRTkwQ0Q0NEQ1MjB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5900197F-CFAE-43B8-91E5-E8C7BA102FD9}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTkwMDE5N0YtQ0ZBRS00M0I4LTkxRTUtRThDN0JBMTAyRkQ5fSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTNDNTA4QzctNkYzQi00ODFELUFGNkEtMzRCNjgwQjhFNzczfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMjYwOTkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU3NzA5NzExIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxQTgxM0ItMkNGOC00MjdCLTg3QTYtNjhBNTFENDE3NjEzfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzkyMTc3RDktQzk1Qy00ODk3LTg1OUUtM0VFM0VBODUyMjE1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7L3IyNTJwKzZiWjRvaVRGczVZMXd0K3hzcGVaWDNZQ0M2L0w2WjZQSXVlYz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTcyODMwMzM2OCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzc2MTQxNzc1ODIyNSIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNzI3OTk2MjA0NTM0MzU3Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMTE4OSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2OTM3Nzk2OTIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7321176f0,0x7ff7321176fc,0x7ff732117708

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7321176f0,0x7ff7321176fc,0x7ff732117708

C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7bd9776f0,0x7ff7bd9776fc,0x7ff7bd977708

C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7bd9776f0,0x7ff7bd9776fc,0x7ff7bd977708

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxQTgxM0ItMkNGOC00MjdCLTg3QTYtNjhBNTFENDE3NjEzfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswQjcxQTJFMS0wNDdCLTRBQjYtOUQ1OS1DRUYyNDQyMTZBOEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzAuMC4yODM1LjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMzUiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0ODkiIHBpbmdfZnJlc2huZXNzPSJ7OEM3Mzc2MjktQzkxQi00NUFGLUJCMjUtRkQwRDA4RTcwRUU3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzk5NTU1MjM0Njc3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MDQxMDk2NjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MDQxNzk3MDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MzM5Njk2NjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3NDg0Njk2MjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjcwNzU5Njg2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIxIiBkb3dubG9hZGVkPSIxNzM5NTU2NjQiIHRvdGFsPSIxNzM5NTU2NjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUyMjIzIi8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjQ4OSIgcGluZ19mcmVzaG5lc3M9InsyNTAwQjExNS1ENzM4LTQwRTQtODlCRS0zNTI3NUMyMEI4NkJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAwLjE3IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0ODkiIHBpbmdfZnJlc2huZXNzPSJ7NTE0MzJERjgtMDEwRS00NEVDLTk2RjEtNzU0MkRGNUM0NkZFfSIvPjwvYXBwPjwvcmVxdWVzdD4

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 92.123.128.187:443 www.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
GB 92.123.128.191:443 www.bing.com tcp
GB 92.123.128.191:443 www.bing.com tcp
IE 20.190.159.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
DE 128.116.123.4:443 followings.roblox.com tcp
DE 128.116.123.4:443 followings.roblox.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 static.rbxcdn.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
DE 128.116.123.4:443 accountsettings.roblox.com tcp
DE 128.116.123.4:443 accountsettings.roblox.com tcp
GB 2.18.190.79:443 css.rbxcdn.com tcp
GB 2.19.117.28:443 apis.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
IE 3.162.140.83:443 roblox-api.arkoselabs.com tcp
DE 128.116.123.4:443 accountsettings.roblox.com tcp
DE 3.68.132.134:443 cs.ns1p.net tcp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
DE 128.116.123.3:443 gold.roblox.com tcp
GB 2.18.190.81:443 c0.rbxcdn.com tcp
GB 2.23.210.9:443 tr.rbxcdn.com tcp
DE 52.28.63.169:443 b.ns1p.net tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
IE 3.162.140.59:443 c0aws.rbxcdn.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
GB 172.217.169.78:443 www.youtube-nocookie.com tcp
GB 172.217.169.78:443 www.youtube-nocookie.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
GB 172.217.169.78:443 www.youtube-nocookie.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 216.58.201.97:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
DE 128.116.123.4:443 ncs.roblox.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 173.194.135.105:443 rr4---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.105:443 rr4---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.105:443 rr4---sn-aigzrn7z.googlevideo.com udp
GB 216.58.201.97:443 yt3.ggpht.com udp
DE 128.116.123.4:443 ncs.roblox.com tcp
N/A 127.0.0.1:51120 tcp
N/A 127.0.0.1:51124 tcp
US 3.165.232.50:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:51139 tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 74.125.175.42:443 rr5---sn-aigzrnsr.googlevideo.com udp
US 4.155.164.36:443 msedge.api.cdp.microsoft.com tcp
GB 2.19.117.99:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 99.117.19.2.in-addr.arpa udp
GB 172.217.169.78:443 www.youtube-nocookie.com udp
DE 128.116.123.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
DE 128.116.123.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:51652 tcp
N/A 127.0.0.1:51655 tcp
GB 172.217.169.78:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.170:443 www.bing.com tcp
US 8.8.8.8:53 133.251.213.23.in-addr.arpa udp
US 8.8.8.8:53 170.128.123.92.in-addr.arpa udp
DE 128.116.123.4:443 realtime-signalr.roblox.com tcp
US 4.151.228.221:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 221.228.151.4.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 152.199.19.161:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 216.58.204.78:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 ncs.roblox.com udp
DE 128.116.123.4:443 ncs.roblox.com tcp
GB 216.58.204.78:443 www.youtube-nocookie.com udp
GB 216.58.204.78:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 presence.roblox.com udp
DE 128.116.123.4:443 presence.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
GB 216.58.204.78:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 216.58.201.110:443 www.youtube-nocookie.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
GB 216.58.201.110:443 www.youtube-nocookie.com udp
GB 216.58.204.78:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 051a939f60dced99602add88b5b71f58
SHA1 a71acd61be911ff6ff7e5a9e5965597c8c7c0765
SHA256 2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10
SHA512 a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6deff391026e4c5e45617104c67059c7
SHA1 a5b82cb07b8ee15e4b11073476cb3e0a7b28269c
SHA256 ac5b111eec86d3dc858f76a20110248a88e743026dab6d128b7fb027c5313e89
SHA512 7abd0b2455dc048a6dedb1b748735ae6a542fe379845c33208ebc3514d939e29f8cea62a5dadb9f113445910acfe5b4f31ebc4dbe6f1fe6caee2782d0c41e9ec

\??\pipe\LOCAL\crashpad_2316_BOLFSHHYARJCUHFD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 003b92b33b2eb97e6c1a0929121829b8
SHA1 6f18e96c7a2e07fb5a80acb3c9916748fd48827a
SHA256 8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54
SHA512 18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ddbe1d65380b4ec10789d1f7f0beeceb
SHA1 d003d138d6baf6868b32bbdaf8b081537313e0ef
SHA256 722a084e8356bdcf951abb84be4ef811745b38d86a99e4b82751a6f58e0b2108
SHA512 4c8474eff966eea65c9994ae43594c686061c6a77bdc804bb7d4ecc60b0cb6d2be836d0f4c912204dfd61996a59776f34e36cc06ee388f675b006a773fdd2856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f033afca-540f-4deb-b4b9-3dbc948df4d3.tmp

MD5 698fba9c049dafa6d12c5a4a6fa4c1b9
SHA1 249348420035d2dfad253ba40787c3770d611985
SHA256 c8e6d4487fefeebcd8df86de84aaf09262a8461c2f0ffbe6a3a22e966cd9897e
SHA512 e3c50854ed909d48bfc701bfa652b9c326d040384fb2b58390ad69a0abc307335c3770a2176bdd6413bcd59998d5e734723328c93e7bffbb0d0b1562c3ad8417

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9da588a066cb91b6139758fd06cdcf53
SHA1 63f8cbe3609160e5a30713d7a6bda53de85083b4
SHA256 71acf1d069f52a2c913e6880410a21ba76eb54d45673423e5275b85e2c62bd6c
SHA512 2b7a79aab5754d9274069f2c48d738d8df85d4b0dfe151bc78819f0ad1374c3dd52e6433f41b1f59d7910b009be6982f50a7af0b83bacbf4606e4e267f284b30

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09d89b6f2691c37af6579cce4528b4d9
SHA1 421eb522aa384688fca2368c949e458f47bb5398
SHA256 666956eacf76c78ef0f6a2e0e9d493e2ec37bf787aabc30f48501032a569fc03
SHA512 6da5d7d2f06023ac2efa985027a9e8349cf95733b7704b0d1594e9e15083730d1cb96afdb5989bb260259a3c161ccbb710f97478264a4c42fed701f922c93100

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5851c5.TMP

MD5 a22483f26c8204f6727ae94a3cb324d0
SHA1 edfc3c7d126866e34d17d6fed62457b32ef4baeb
SHA256 ab09bfc7224f142378a109a58862c8440aa7ad4e1b85e14edae16fcf3aa1983e
SHA512 eb866cc0b76f17af776f6b10db618792cb4e353a0db6e55820065481979be152dc518c26048eaafff9fa5a3aa300fe8e491659770ed499a03578e08c005f86b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6cdd107b4db6515b963d170c19f02972
SHA1 308f91193307284b5d0cec999bb38261adf7c433
SHA256 19ec0405e43defcc7ec7fd920b92cd1fff88f44e2ae7c7571b79e113527df720
SHA512 f5c82ec5de08c156444d29dd0b0b87a8a089627da1be0f867ef8d4c5cfd60edc922399b4bbe528218beb2812fe79cfba06e3a925091702b66203f18bdce9a06e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fcea3f9006d2d501ab1c354e1c671c8
SHA1 1c8cdf45b6de88be7c77e82d88b870ea8e5ede5d
SHA256 240ec8eff8fbbd96dbe58cbdf6d0f2c7cc67b9f7dcec3cad8e612e9a2fd6d25e
SHA512 c8ff88d09d9ccd1dd3b2bcdf59d5de5b7f52dfa78f580ca3e98deb61f48931a7cd2dea33df6106297707226a944958d7aad9c683cfeb3941c654b8941d5ae9dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86cffc19794149c515fa33db9b1143f9
SHA1 cd082d39519996e9bd16b8e131d990e59d1c23ac
SHA256 ef879fda0b2ba675db45a9779184712ac1a430b152c2339c3ec1e8b65b94cf42
SHA512 e34bc3d696b39f0307288431b59025098c9cabb38343501671cff0e55e0ef5d526a2ee7a5e875c8f2e8375a61c231e71b96c44261e4ae4e2ac01724af15c9ae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7543dbb2a7e7d187ca6d46f08a9b1468
SHA1 fcf5ae5e43a9145d6e46743a325493f1b8036b13
SHA256 8cc3bbc51ea1d71d7a5fc4e80fcd11b64f94ef282a88d47144519c37374a06d7
SHA512 9cd71877bc73c2e6536aa5973b78349b9f6de82b30f05555195efbd49108aca628e6a6c819f19c5bfd4276540715284e70d5e747ccdaae6c5a43a3fbe9630651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 2e52bee929ab7d56b2622ae84962e0dd
SHA1 7fd648bb1fb1f069578e992972d7f22ef1bfb36b
SHA256 58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b
SHA512 c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 c161b8b3ad756027c5d7b16784d2db05
SHA1 e84d66f4e9a518b964f1867ecc9f0514cfa172f7
SHA256 5b0f5f85c354a18663e4e68c2f40341059b6c5e9513680f0d1ca85f0b9902ebd
SHA512 c8bffb8577213dc03bb0443c142c726cff2a32f6a6aef9e04888a522ba2d866e360d29f16b750e8dd7631884ef08917f817945fe96556fd2e0f15bc8f0efc462

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58ebc2.TMP

MD5 287ab84e5ee5f589756045ec9d8ce3cc
SHA1 281612bb9f1c22fe017a6c29b78cc0a90f037465
SHA256 d2872b7da86c824bcf909d7e2fa397cefcf5bfe519b7ea8e8eeb5ca23056efdf
SHA512 b118c94e066440c4c84b3b9c2a92ef5d8e36bb87cb958d6833a7cbff0cdf5c598d81d94108fa9debfa23edaf7caf2ca11aecbbb84659c013601db566cf73de71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a70274f0d6b9564fef1de52cff834ba
SHA1 c7a902879a7b5c4f4c36be9e9870c4eb67b19170
SHA256 c92ac8e3c4ba28694da260f4a749303da3c1a2feb4502b9b657fbdbe7f102d3c
SHA512 3e9d5dedc1de133593c5198e5647787d5b4f49867fe382630c7b0a23555121ed7a5619435e8050ba0c26e26b1ffc3cdac833b833ba327674a5b9f6557dec039c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe58f538.TMP

MD5 48bf871480ec1ba7ef87aea85c392eff
SHA1 2df1df3aad50a3546df59223c175eb54d8f5a63d
SHA256 ca62c5d354f97d995c1ba60ee41adff57eef853d33d7f9c10f097b511ac1e8b1
SHA512 b963323c43e5d40079e038922a658a7d2ec564489a0e031b559cfca9f1460b3f72868eed9e6e38697c69c449d85336742df4c1ae4e9e105fe87eb4ce24cd68b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b7c6de629d92f7f6463cdcc24046ff8b
SHA1 211bb702210aa696679b0dd096103b3b40ea07cb
SHA256 f1188870e11f5d18ff3301f9fd89b9118e17938776b41d9bddb4f7b93cfd05a6
SHA512 624f3387c211bccfab6e4730a7668bda5d16e8f30b9f7a9639457e80a29370da4de0dab3ee0c3e7882b63bdedbc3c547372b7c2ebe411aea7aefec8da30bd688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8422b23c5653b383978223e7dbb0617
SHA1 414020040f1de5b779295014971ac41bdd000e1a
SHA256 40ecf47aa01f5bfbec50f279869a8e7c7c2cebb77f7126e8038b2b6655999c08
SHA512 160cf9ae8feb055e0425a69f0b76b6616de558d46622c8e1073db4a62f708c16b7bc182f654355603607798f9534366b8c21ca80f48fdf2c813d20a598c699e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 065a41476c178246573962bfed23b0e0
SHA1 2232df696cccd1e6a26c952537efaad367d14f81
SHA256 ceb9242a9976df2e75732900ed1c00abd3d46d188c04789a57ecd16e99d17e2b
SHA512 a11005b338599433c1b4ed2f41868875b24e563962f8a0d550354de5a4e3e00704c1787dfc9758e67042c063b15a5358699a5f1b37d23b8d53b08d8107040b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 78810d8f504b2d0d19621f76ea8852a7
SHA1 6493507c7c3320480e7186f04298314c640d68cd
SHA256 107fccb52fa28a9a24051817b508f3080a69fe1b213312cfc91e66d3a6f78bae
SHA512 269b63ee07e7bbf615e86c04316e8ccb7a903dc6eb587170c90f742b43afc0521dbc5ae6fb0a19256b80910fb0e89c9bbabc4753e3b046ade708508ca4a49fe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4eba1ab9ccd41866639a38a2d6e3b697
SHA1 c722794a728fdbc8553098b4250f07b5bf19bbce
SHA256 d9e451122fa054cda715580ca875ba60ce0d80a2212bd6965ba6ed2f6146869c
SHA512 ce089cf982c991106f2f8463dff031b69693fd315cbb9342c11bf82aa24cdbcc4f9a7825e8bcd68dd52fcd0c5fe018e68ed9ef6e5e656c5ba36c568352b5e3b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ef59f25c0eccb441bd9981cbf1efd601
SHA1 d1a76e2100022762bee068ecfa4de200bc27f0fd
SHA256 c7a0b90b8ab6ec51451c988ce2442ecaf9c7d90c62f58c647dae32399093ea43
SHA512 1ee1caffbdecb821388366adfd1122ad58b47f8931b80f184fc85773788287cd2498d645fb3a74ba44fd78c8c1470f1f6566c57d29e19a26ea6a034aeff3d544

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 370267f39edd725eaf93515faca96c19
SHA1 abb813124e8042160da5f975c9dd90a45ffb2491
SHA256 8070538f71f9ebbf2e700762fa50aaf6584456b2d3c5bffe38809903c26e85e9
SHA512 3d075a8414f44ee10e1a90a35be2485427f39ec7cac95816cacf8582e964d3c5f83b55a554e55d14d5e7f78b294733df5e49bf1dfb48341c1c2aeb7606690a94

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 4541a5097100cedbe1ab8ba8ad36eb47
SHA1 236a9c043bddcd0cac31868dc550fce020547f86
SHA256 9d9c1ffcedfa1c9a38b19d0f06447d7ee068276b91e37f7ca29c87de652ff261
SHA512 4d1ae838f6b4b4b160d308cc7c1cf95dbc86e81992e5bbb9a9c1e14047cf378c3cffd6e9d6cde5e7b8fd636bdd397cd7294655175b0dbf7e2b0ff72770b784ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 65754f8f8b6989789170862de01e7a13
SHA1 2badab1c69069154f37c18ce32b9e1912eac6b0f
SHA256 daf7377ae9828cdc2e5593fb69e666e79b2796cc301c9056a4ec2a1436f0ec9e
SHA512 cf2a9a0c290702a246a819a8d3f58d1e39b5fa377b5bc1de76696dcea902ea8c4f04d8fe217d9c982934ee8af9cf680f7100d0ab95da09dff8a17afc98b9537b

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 01f0989112da697033f70198ad68b34f
SHA1 f148db894d6f59f379dbc01a2e15ba0720fd7b84
SHA256 619d6cf3346f9383988041d29a0d060d02f16e9ef4ea8f709eb9438234c88433
SHA512 cc739b6d8a7eb9accf382cf1c4f90b681f08641ec2e211693e81768f73e0e423f0c7f46f3bde1b420714051b598fff46e477fb7b14745e840679b86047783ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 610cba74b9f8fb95253ab85d5d2d974f
SHA1 0a6bb0497e09d08573d218b7423dc9372597ad38
SHA256 81378026b31b6930a85295f5f6702aabd54efa6299eb8155a2801fb3a453e38b
SHA512 33391c888d22c626122bdd4fde6d56bcc6c61eff4f63b96e7123ac67f6c16d557de94256aade6a992e40ef6e4fc648700478db300c09ff012b5fe505d1bb33e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 59b4d14769439fbcf5aaa1c327bdbc2f
SHA1 1e88fc601527d5aee68f547a44cdf7deb09fff51
SHA256 95b5dc0098b451f97a0f198c8476d27a6ef38298ab652831bdf246e4af03871c
SHA512 9ef33edc0b8d8cc2cb17a94a228c3705eb0983aa798137a5e1a741d74c559e624d991664a1855b63765f990cabf6b3224945df82e5eeb08877cbc41ce62b02cf

C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 8089c6dfbd240ef77a0ad8d8fe40c4d2
SHA1 f4fc6cd00095d4ae4012271222b36c93eca96dd4
SHA256 fcb7c46d1d02cb09f676d1f22884b6b2d53e5ea34cc69707b2c88968d44e57be
SHA512 0a7a89f170b555ad1b169056c8f172ca8c71dbf4f6fd38fb38c7e9fd471ae84860d9c6546b4ce0fca643a82f2b75baed0b4afe8c167d3fcdcaeb83ad45bc1850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 267859eaee8163ca1045600a729e0d07
SHA1 2cae4b33e6698c49e8f0a5a51a9b48bf061c6d0d
SHA256 0e6aaa2747865027ea2289235add94f1970786ea096c9fa962f600e899b5b006
SHA512 7ed4000781c7f61b4c7d03aa298dc339f382cc07ec987f9da05018e54cf5e565bd475148421585c99d1399480933360e42c39992771652fac423a9482a7b9b7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ffe4e110ad86244ace4c7c63b447e0a4
SHA1 14cdddff5230f200e649c5951097e781013be507
SHA256 d876c3099992902c684569c017d614866ddf2073af919ee1ae37663ecc490116
SHA512 a53a4ea828c9947ad92d8dbef0b19e69b6c4b19f9e0eab313d56686216ab72c2efb8d780fed3cf9d87b5e75f0ea0f9173693293492c30f03ecf6973c8da2dcc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 88384615021e63377fcd260c8c5b813a
SHA1 9668833b35ed59b29e65ef61604f43da2b397b53
SHA256 0d5abe96d9108fe17559a389ea977fb0d580b992a387677c345ea8f0b615d67d
SHA512 032a584aa9f7d4d97de763316bd121d8c3f302c3d2b2ec6cab53e1f8756395676445cb3b0cc1ae1a370347598ca5a947a311f70d9da8e0a4ce9cc2cb24cb615f

memory/2064-1566-0x0000000000AC0000-0x0000000000AF5000-memory.dmp

memory/2064-1567-0x0000000073230000-0x0000000073440000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e5f916effee2a4774c46fcfe89c8c3f
SHA1 c32de4aade8d3df9a98c408d6056a633d8ca7b3c
SHA256 a1db986e1ab96b91fa8c0684e65082a76bf91469660bdeb96860602a8ea3f4af
SHA512 2a27ac8fd12938b76eedfde794d2e4d04fe6d6c939bb8d616774f22f5cf6c16d708855059bffe13051dc5f49037bce3a4052738926fae44bb705c06af6026011

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 ef8a7c7cd2fe22e2a9f9bf740d369230
SHA1 312f977a89f0f4191755f62c8edae6163dc2416d
SHA256 6dbe6976750acd60e2e35bd1d749a477363f94249790b1ee463a65caa60fe85c
SHA512 4ac23788576525ea4cd9ddb9aa79a5da721787c16b8003e30bc7487e0755228ca08e73b69846350dfa7e6cdeca287aac0c6b8b5c6f5506e9b99eedc60a5722e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a588fd088f4cd02180f6c7c2a1dfaab6
SHA1 e548567da1301156530f3fe3815ad884a7108663
SHA256 3468a2c2cfdb170db8c0d95d7f2c6ebe1e1300f998baa9572722fd6b677a09ee
SHA512 e83116fee9a39741bcd5df5ecf2e0834dce9275c2009e76860c69ec7e44a7be9e97be4156ba2ad06e28da42e7c730567040ca01269e21cb3675ba27bb30a3749

C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Installer\setup.exe

MD5 5366d353cfe8a8f4ff9b4b8fc5ce1e3c
SHA1 4262b83fbfd1c4a4647fbd3a0af85eca81f3d338
SHA256 dae41fa913389c700bd64b071bff7cb827c666cd95cbf106ae47daea2438a3c7
SHA512 60a16a0866e0574aea9640927c2be205c8b32894cb4e3e76738cd3169a45af97aa00ff31b66a90813c04c43f4e71282319af2a5bb25c4cb602f14a884dbd6eea

memory/2064-1626-0x0000000073230000-0x0000000073440000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d75144698589623fe276ef611b56c33d
SHA1 05a4fc38a03b01e8873b5ddb90708aa4f459b44a
SHA256 b8890ed653fe10f40fbebb3a71998f20c90ba2b64d3374acd6961d38e54d198c
SHA512 852cb4f98ca0892dc65f4aa2c8018c3c3d398e66154043f05133e7d38e1324756d673e34c92cd63cc1a8e45952d73c33cd63de33e3744af48b48115b5af5cedc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ea1a2642a2b302fdc9fe401bc96966d0
SHA1 41cfb1aa2c80d128797413ed88d324fb09a9c95c
SHA256 1bd66dec0c4fa5e04959513b869e6141ed03315abb18a4f617adb88fae04d073
SHA512 a7a16f66057d9911a0b17dd60a4cc7582fae53964a3484d1e005b5b677ddf8b677fd072e24a579ad6d13fda656764382e8dacf372876b2bf11cf0b663d323986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1cb07b7d60b879c3da2b757eee54dc70
SHA1 e5ba21d9fb5971b6ba2cb42305ef1e23770c688e
SHA256 9412e448494b5e01720d22bbe9572c88a8bbc3170dd74b1bd31c65299d30368c
SHA512 02b78eee3352ff047f62e9defb64995e7dd5f176ca8473da1e6ab5b057c50f07dc846bc1cb07f968f0f32a521ca2243ffb2265b8a8efb56ec2090ef52ac458b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 012fd829330bdfe40a069b6ea204b6f8
SHA1 00686385f9811249c491dcc4c7082fd077f349e1
SHA256 3e3841d0dbceb4157f4ca313eed73aac2b50bda276d6695d3597f76c90dd5872
SHA512 7aa4c2adf9d2fc2e237df16aa432f1d8b2875a22cc46b4b533e721e5c06886ed976457eb4c1743e798a68cccb56f9de1cdc13c8dceab9c90acbc7735e87674e6

memory/2064-1677-0x0000000000AC0000-0x0000000000AF5000-memory.dmp

memory/4892-1682-0x00007FFCC8220000-0x00007FFCC8230000-memory.dmp

memory/4892-1686-0x00007FFCC8390000-0x00007FFCC83C0000-memory.dmp

memory/4892-1691-0x00007FFCC8420000-0x00007FFCC8429000-memory.dmp

memory/4892-1688-0x00007FFCC8390000-0x00007FFCC83C0000-memory.dmp

memory/4892-1687-0x00007FFCC8390000-0x00007FFCC83C0000-memory.dmp

memory/4892-1685-0x00007FFCC8340000-0x00007FFCC8350000-memory.dmp

memory/4892-1690-0x00007FFCC8390000-0x00007FFCC83C0000-memory.dmp

memory/4892-1701-0x00007FFCC6260000-0x00007FFCC626C000-memory.dmp

memory/4892-1711-0x00007FFCC5A50000-0x00007FFCC5A60000-memory.dmp

memory/4892-1728-0x00007FFCC7E10000-0x00007FFCC7E19000-memory.dmp

memory/4892-1727-0x00007FFCC7E10000-0x00007FFCC7E19000-memory.dmp

memory/4892-1726-0x00007FFCC7E10000-0x00007FFCC7E19000-memory.dmp

memory/4892-1725-0x00007FFCC7E10000-0x00007FFCC7E19000-memory.dmp

memory/4892-1724-0x00007FFCC7E10000-0x00007FFCC7E19000-memory.dmp

memory/4892-1723-0x00007FFCC7DF0000-0x00007FFCC7E00000-memory.dmp

memory/4892-1722-0x00007FFCC7DF0000-0x00007FFCC7E00000-memory.dmp

memory/4892-1721-0x00007FFCC7DF0000-0x00007FFCC7E00000-memory.dmp

memory/4892-1720-0x00007FFCC7220000-0x00007FFCC722D000-memory.dmp

memory/4892-1719-0x00007FFCC7220000-0x00007FFCC722D000-memory.dmp

memory/4892-1718-0x00007FFCC7220000-0x00007FFCC722D000-memory.dmp

memory/4892-1717-0x00007FFCC7220000-0x00007FFCC722D000-memory.dmp

memory/4892-1716-0x00007FFCC7220000-0x00007FFCC722D000-memory.dmp

memory/4892-1715-0x00007FFCC71E0000-0x00007FFCC71F0000-memory.dmp

memory/4892-1714-0x00007FFCC71E0000-0x00007FFCC71F0000-memory.dmp

memory/4892-1713-0x00007FFCC7170000-0x00007FFCC7180000-memory.dmp

memory/4892-1712-0x00007FFCC7170000-0x00007FFCC7180000-memory.dmp

memory/4892-1710-0x00007FFCC5A50000-0x00007FFCC5A60000-memory.dmp

memory/4892-1709-0x00007FFCC5A50000-0x00007FFCC5A60000-memory.dmp

memory/4892-1708-0x00007FFCC5A30000-0x00007FFCC5A40000-memory.dmp

memory/4892-1707-0x00007FFCC5A30000-0x00007FFCC5A40000-memory.dmp

memory/4892-1706-0x00007FFCC5A30000-0x00007FFCC5A40000-memory.dmp

memory/4892-1705-0x00007FFCC5880000-0x00007FFCC5890000-memory.dmp

memory/4892-1704-0x00007FFCC5880000-0x00007FFCC5890000-memory.dmp

memory/4892-1703-0x00007FFCC5710000-0x00007FFCC5720000-memory.dmp

memory/4892-1702-0x00007FFCC5710000-0x00007FFCC5720000-memory.dmp

memory/4892-1700-0x00007FFCC6170000-0x00007FFCC6190000-memory.dmp

memory/4892-1699-0x00007FFCC6170000-0x00007FFCC6190000-memory.dmp

memory/4892-1698-0x00007FFCC6170000-0x00007FFCC6190000-memory.dmp

memory/4892-1697-0x00007FFCC6170000-0x00007FFCC6190000-memory.dmp

memory/4892-1696-0x00007FFCC6170000-0x00007FFCC6190000-memory.dmp

memory/4892-1695-0x00007FFCC6150000-0x00007FFCC6160000-memory.dmp

memory/4892-1694-0x00007FFCC6150000-0x00007FFCC6160000-memory.dmp

memory/4892-1693-0x00007FFCC60C0000-0x00007FFCC60D0000-memory.dmp

memory/4892-1692-0x00007FFCC60C0000-0x00007FFCC60D0000-memory.dmp

memory/4892-1684-0x00007FFCC8340000-0x00007FFCC8350000-memory.dmp

memory/4892-1683-0x00007FFCC8220000-0x00007FFCC8230000-memory.dmp

memory/4892-1689-0x00007FFCC8390000-0x00007FFCC83C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8aa90d789186571ff3ca5cdc8b51ed42
SHA1 191ea58a12c26790f9cd21e31a3452c427e27e37
SHA256 448176f6518530c42ed98e1f0f556c1b430d023be92e6ca2dd25d7708c08d673
SHA512 dd5483bdf8f0cf30759bd9c3af863e532362a74d6a0c1abf9d482819978bd3c02ddec9bdb5876158ba8774ad0a6fe3b66d13c3ed3cd974922114f8f3f746a96d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 633e68378acfbdad5c79eb882434eb16
SHA1 0c054bdbc929637c4539437d826c9f6bd57002ba
SHA256 4d89f97c0151fcd4c41ec216f3ad0f0f4295fea5a590ca8bb4e510caff173eb5
SHA512 39f26ab8bf33a4e913f3f78b892e9d6a08c63010a83d458bd3d21754e43b7f9449997639720d5454249742ef323fe476b5d65f9434e0d88bf5e87d8278f9fd24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2532b5aa02938b283b9730c77235d77c
SHA1 7aaa27bca3e236f3c3c730b3dfe6a640d62768c7
SHA256 f833ea5821a9579fcd381ff506070d183e5cc01bfd6d8d40245782bc02dee9d3
SHA512 4edaa08faf18a27f74fcbbdb9b2b14b90a144146883de91edd5925fac7931d29ddbd40d6cc2e2f4790b4f1d8f833f107dc90d61376c05a62390e67255b79e26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9248b0ec3a9da6e10ca24fa8c702e24
SHA1 2984da08a88ff9d42e56b831ffdad1de13b02d41
SHA256 6d8ac29cfc765a88994cf3133a45b70f9f31392016662311115c74741bc35488
SHA512 754011b3b1cc85037bec8d5d2dab407f9af494d3f1f2c40bd0c30714a25351c8dde29a9d0b3c7a029ce0e9b5a886c74dd4f135a8a227a213dc2a2d2fd41204a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd72724bacebc54f0c33dd65e2aeac5c
SHA1 6d7f2d1d16472b7127354b79e5967f337d260cb3
SHA256 3d803deae1fd026e97c35c645d63fe9269914a1e0059af95a6192fd7f10299ba
SHA512 7ae8c031278a55aefa9d6480471419bec94939edac85474547f30afd9e50c8a3ce50f11ff5a3a23ca695bbe04215d87c4c858696f6a7b87c616eec691fd7fd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17463d619143047bc41a76429d7c9b61
SHA1 cc072a9c5e322c1e91f7e74ed9a7f0044e75edfb
SHA256 ba134f608fe38ad8de79dd864168283efdc9954674283a4f9e03bf75d2f5a52b
SHA512 443a1d24db56e2f1375144c7f23dbd25c42c30687671a5db8f517ea2c06d6beb62a1b5b366908660e3e2b3d912e39a8fab3e053db8f15a0b1a702d6c8cc5ed35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99a58db6acd1b110acb89e8276ae2376
SHA1 5bf2416ec53a5ff632f258c65cb727fcf28ed67f
SHA256 978fb68510a3910a7ad4191915fbe231061521b50986b089a3cead487c5ed768
SHA512 d403df9b568f32ba67435272cdf5a4bcba67220c680c1b514d7f45f0ad9c5cdba4938c9da1c418e45b42f28cc3c0444c575ce818667e0f7403d63d1d100378ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be4e72cbf75395b98c517c3d5187046a
SHA1 581e8151e15e71284e7cc089d22a881e3a3c35dc
SHA256 ea27172562d1e9a4948856b433622ea1d6f3db1f3b8a057a80d80a333cb24fb4
SHA512 14ed32001eaa2ed67135a70a51a42020160204fa64fd0d152d3eba10ca8be181f6858878313da9d8db3748901e0517d84629da7fc46840106bd6f08eabe64113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a3506fd49608ea8ddb95428e8f772ae
SHA1 f54cd0b9559ba7381432081f073d4ee4765ad86c
SHA256 b19fbf5a18ed78a5390b5959670769bde5d97d024bfafb49614a7dbd08b8f4ae
SHA512 ab1bafd99fdb3036174e7f924d5a845410718d737debce28022b95861d55d6aaafa13a8174c38d4e9643a9195c00eb68c7654edbbe3408c2ecc173e62c743083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8817123ff6ce4862aa96c186dd5da82e
SHA1 771f4485a961de9acaaa43a410580f8b794ac56e
SHA256 915013285fe3a6a6cc43b0ed12c29c8d9d7ed9c5376a241ec4c484cb277666aa
SHA512 adc9eed21251677d29911f6086759dbbfe7ee7d86f684903d849d4a7406fba1666d1e2f0f663a3eb5311623a17b132049ae06884bf55651c1e0506d8ce44e0c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58c0957eab69b02b16a5c5a819062803
SHA1 f0a37cd9841fe90018e272808ce5869c54dd9fa8
SHA256 cdc57ab277d9f1efb349cf80e3c0a244f38d147ea3793e162d681f97c6291563
SHA512 c00734436bd44f999a482fea709b8875b6d6c2407c58a07e3de25686a0074ce5fe23013425a869f4987b5345a1a2d4d6f859e537a405e242583d6335c206cef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9a96bcf9ab79efdfac347cdb443eb2e
SHA1 9b2b2d54b304bac0b06c40d8e1dd0abc60003845
SHA256 320f82f61f46d33dbf06138873d927bee3996757670d8cd55aeb42a0cf2395f1
SHA512 9ce0237864c658f0e0c811f07a11bb8d1362e94dea1bb01e9704eca617d9e9dd2d2e2809eb198f857fc60e9e2ed4c9f0ee45d0c1accc376851e2c00a58131b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c67c537f157b5ccc87cbff1f10b0da3f
SHA1 f4cc5e6098e84c799000b5316e470160dec4f6e9
SHA256 8d0b247d367df719e17db2ed6bb6382bf9569c2d24adc3dc3c324773904ce431
SHA512 1d7bbf24ec82fbfd29937f1650e2b3f4c030dd7bac2dc24435e88db9afec0ad98a11cd1c71b3030d919b76ce254718102ac16303586e0a16cbfa5fd0eb3f7521

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4629d01e1c034682d074cdc36d69fb11
SHA1 6e599a293394d3ae6770007ffa93ebc81c4a18f7
SHA256 2c9a890fae21051fe164b8479134fe9b5311222fe073aa2b5b2d6172c5f3c723
SHA512 f270ab3a83af2158d5dc38b54683f0875e9339fb0fe625df5575a8e553db484cfb5168d378d0c9a7cbeffeaafc7747a375b2d5a6e3895ffc793359dc4a15d1e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b84fe9edf9dc2430accc1373ef71210
SHA1 e87d039373de6e8a3b3dc32f00f0286b64803394
SHA256 92cab0a458949c951471ad7f0d60f0760a219dfe5eba1cfaa144a78c5a0e1dfa
SHA512 78e3c5f6aadec58395aea37c2076c626ca105325bca30d40a86250a57ef7e191dc9b42fa170eead3edf09c2990df1de610662911b18079a0ead205b100d7772b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d32bf0ff2983dc1d26291c635f3ce113
SHA1 5b590e18736a270475cdc85ae5f1284fe8953eb0
SHA256 d9533d3271c20395c0a4b939c91e3ef976fc22223a361cb94b37ba7433f6bae6
SHA512 cf5ec04dc193850c7a7ff9d50f0936ebc3d30fdb1e224037277d4c9393482a144e09a55594ba8925749caf3facd44a1800e387a4818d93f0ca0846ddb9ddf5c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b1514d43a4b6eeb64e38af8f15d0e82
SHA1 5460f064adfd52025c91fc1a41555c3a8d46a1a7
SHA256 8044b646d16b725034cf892b2449220e782f041883c6a3fd288895a671ca19fa
SHA512 bec6b98834f1696dc2f3de9cf47d917488e6b79afc95207a9ac19284a94d403dabc34e84388cda8f2f55587ef347374f0d11bc712fac09cc88699c0ffafc4398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 750cda91f340d3e74b6f1f28182471d6
SHA1 0fb1dbc6a7f9fa75a011b88c8a1c55ccc3d33db0
SHA256 3cc578de7cab247ee6eab8b74dec9d2f13074ce78ce64a75af91b3eea470e03a
SHA512 ddab1876a39333c7b31a62d0d77dcf58e3250f003733fb20e25a6f08da7225e2f91cf2a5bb58e9c107629af96f5cb3fbb109bf50a67a5864c973c969884a685b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f07fc7e2884ba127ebc5702d62db17d
SHA1 553743870edecc6732205ad023c97ab98851a3c0
SHA256 d11dde0bdca676ade8e32eedeb901d2e24187032f880452adb53ea631acde5bd
SHA512 1be7652ae2a9b523d1b3f8c059fc17383620ecda6d7911c40d51e6c2e0ebe878ae41fdbcfc6418ab83363fa68ab6694aa32af7c87e8c564e969f3fa9fe9d60a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e9eafa4d58aafa3e37e7c1cafb080781
SHA1 33c3ab9335a1a1862868d0682bb8c250c5017535
SHA256 ab84637b5c69a53da6ff8eb2291fefd428b8cdb7ce5427569c1d6764618e99c2
SHA512 154e14cae4dca79585a4d546051641a4857914ac0bf1cd6e81ccb0dfb08414051c54d23f2217b8d2eeff5d8a2d058606079aeb1da7f9d04b1f11f2f6e00dbcc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd389254a9f54138fc6edf8d634015dd
SHA1 2efc777eef3915525e702a0015c045312b81ad13
SHA256 04e4b6944c89fa1021f947b525bcdfd8d8b4eacba2c2eb3f88216acb069f0833
SHA512 2c7c68734c70e83cf26885f7864844bc439be405800d886f776f3a2aa014f898f1904771b3e39fde0b09e998510d7f281a745f68cb35529d4f3d6ece7694af76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c867e88110c010db02492ade31c59520
SHA1 b5615fa93808ad4b533ed779e7b223f363b1e819
SHA256 ec8e4dc4d721262af1351fe81e1024c431c5f9e9698fe391e8885937b275d853
SHA512 af874c369a045a44be180e5978afa559d1193f4f9256fd3fa3667a1a53114ee66bad0b23e0815ec155146e9096ed3e91efcd1f6f5a9b819ec24469ecdfa040ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ebb9c193f800743bd8d574b8284d97d
SHA1 61f10e2a89db93dcb2c6a220b1114c514078051e
SHA256 d86232ec8fe82ada699d2a5be5441d1910471d302e1f9fcf85000ea2404cee21
SHA512 6e880326a4fc18fb5714d89f42030e761807b5b31e06ae24e218e52f0bf5bc7b552775024a53ce8f277458ab39b60e0fc2df93bd06de8a422286b3a0fdd53586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f635fbd11a387a6adc94c77f3e55e260
SHA1 ee7fd40e39b7941c27b7ae7bfe1aca36abb527b7
SHA256 7144ac1e13c92cc86081d3de53faa204d59b5e4fbc24b7992b437c5703b6865f
SHA512 b3951fb53448625d583f89477f2d7c5c88c30c734405ed2f9df88a129058937ddc7e924153369f8c7ba7ac6bf5c5a44376eb241be64c6557ffa32b57ac1a1c16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 582791b0a96142e56a568b93da3fe2a9
SHA1 c419a7a9b6cf2bdedd5a471e24cb426166dd220f
SHA256 beea36d51fe2b4e060c7f95bec0ac18c55c66ad5c2d294615d297084e52a56bf
SHA512 644911d8884e6a3d58635ca735a4aaf7720b7d59e24113ef2cd33cd169a13d45d813f6e972fe6a2cd698ebb8538bbedc6d89baaab6d69e2502639c49f0d590b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b7d44a8c858589eb3dad1b872ea714f
SHA1 c7747206eb0856ef10a62c06d749f8491d6b37b1
SHA256 5ced5cb3e23ae31008d4ed233ee6cf48537c659f1d930dfdbbbeb51d2872b407
SHA512 cafdfe6dd6541c02ac6a1b5338a2758d54123a58f4eb5ab23c06c246f8b705dd7eb18aa150e3e0444d9176ad4263bcbe1070bda459232c0cd5c9455c7791e6fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e519ed4fabda243a17c9b97ead9d8b42
SHA1 b23d0fb64ef4d19ae8c3339830cacf298e5f2595
SHA256 bbb8162c638f291d9178a91e7204078aacb75df7f75a43a47828611018983691
SHA512 7e147b3cdb37bc36fb097fd3abc12661177f98214296f7807fbfb361da27b1a71d883374c6d0dd4b058afaacd3a92ae6f23f5c6460043886ce144039bad05ac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3dbd806c68359861a928b35fba232c86
SHA1 45bef55284f6fcb44bae820d51ee335d66c234fd
SHA256 f555593036b00640fe3d94a104c33c106da97566259dda52c72cd4aa2ccf2866
SHA512 9759f03fd9625397dcdca2ff31b997d8b9e050c0ef0fd8ef6e91f097d48a841adce56e0fe29dfd16f0faefa4a378bbf0c4a49ace2fb716c9098d3b8d99abfe66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45a43f0a75868059bd4745c12fc8ace9
SHA1 98790b69d91953b86c98838c1318698f9a55d006
SHA256 543de917889f9ed1a8d1018f3baa4d5f5fabda3a289f518bec71842d5ee4fe1c
SHA512 577c5a0c89c039935df1912ece3879ee988fb8baed671d20e0899f3fd8d08c2ab6da9d82bed5413cbd363e0b11a3491716635aee9016254ed39f567d17996657

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c1766f09789ee71e0352082261690b5
SHA1 b0c207a1927bd7ba947563ab18c532da2098e7c0
SHA256 9fb760740a0a1d8283f5b4212d33873775c972ad8490074e334571fd0858cf3f
SHA512 4a2a1ddfc0c561b51a4a40283e5988956a643178fdcb031cf3f2606560bbd26318e48d77db7f9f53abed47f5d4d8e2155c42684b12f47e5bd636ce2509b8fb40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a48d75714c6b36a1944e890eb436e468
SHA1 c14ac6358b4f1dceaf59a5e17c7bdbd96ee93957
SHA256 3805775dc7b43cff7d66237a0300a4c3af12b61e9028b0ba7d99a328539e21ea
SHA512 5bbb0e4e70731d044a47528cbe7e52cf44cc5e1cd5676af0909f0825d85de0d71d78ff9c53e40616272d44e8264dc1fed06404371f673540c9a40d272c1cd627

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.19\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe

MD5 f34465b4e626bd45ce9b984b7233c655
SHA1 d31182f357a2dae0ab69b2e948ad6106ece228d8
SHA256 07f829c35f0fa4b2352b947ca0764093e0a06ebc8eb759dc912360ec69d5ee07
SHA512 d64cfc1181a98cad8ccc3feba7d024d3a78d2b1ea2f07402135eada82d7d4529cb636448779444a3b20991f4b71f7382bda1c14fd2a4eae1fbc39099153db06d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1d9d7f51c97fe15fb7ac1dff4bf94bf
SHA1 884158a6987326d8464b78e8b0103c721c580ea3
SHA256 0ca22d9813b7ea6db2167929d2d1492ad687de4b7eb4801a4313f5dd842ae9ba
SHA512 da98b0689001e347c20068838b63b21aef69d7b027fc22cd6533146d0008b83938ac6a08a7e2a5474fafc6ee77fc766a0d9fece68b9a8a15cbf0a54106dc1574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 596edd3342b48f1247601cdad6fb3483
SHA1 6b493786274f7aa3c5c021807d142f70ebe9da83
SHA256 1832fa21fcd6e4dedb39d0e77d7f49b5dc5d6fa269ae493bc28b9a9580c438cc
SHA512 f76f7ed0d94fca989a756f66793ec1b1e6ef8f0ac7f6de4bcef94fc7c135857e2c25c9bfa55b5adaa9924030b44da0eac09f63eb2897bf0f6bf5aa79b96d3af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7a303d300c403ef857f079da2c2874c
SHA1 f0848bf3f27513d9642d4ee0916bfd5a2a1fb5bd
SHA256 f2b67cf01271d1649c5402dbd6e90e49aa9aaf35b04d45988d3a9cbf589ff8af
SHA512 7b74bea7372b9f495a88ed60c9325e4d8fbe87db60c7eedaf7b262a797870f98ddc0df52f9de231662f634c9406849dbe4587d9e7a09c01ef73138852fa004c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a45b9507d7584ed5282d13a42a144f0
SHA1 ec76ed9c750c49e799119418757fda3cea37f9ed
SHA256 3af19296b8a9b380b77791fc830333d14a2ad0c0edd4983195aeabfd37c42104
SHA512 c719c835ad249152a77ff2d125ce5677467ecc61939fd09b6a5b3eacd4722f00772ed639b94b1aa8e1f13d15880970060c81fc57a0b96602582de7948c18d23f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3be52114ec117e02d1a778868272a30f
SHA1 18e5b56132fbbc616b967da6b7f826de07b89dc9
SHA256 3f07fb29ea66568fa31b38cd9e31fb5dad506b61c648a68dabebebea3f877da0
SHA512 8c12ec6f22b97f40644105c6ad750ecf23689e309a3bbf52ede816fdd5f26d0a975acc07554ad885d70e42b6dc3e550f83a4962372280fb9bb02a22cfa120775

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9778a41eabee8ba5d7b4118cbec563ff
SHA1 2a6625b822c5b3d9953810ef94cb90dc25c77ef5
SHA256 0d2c5215faa6daeec4b64aa049a4dedf162b98228c5585780c48192403ce8843
SHA512 4b190e3307e2c09548eb67f083fb68bd3d1d11b05e1a7a4679da88181cc3d7a0c8f48ea786d896f26348cf642e1ae7f20b2c07643850e8f121eb83ad198bdb8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9467f87ae3712fb6106a889bf3b050f4
SHA1 c2f79df9236fc45936437e5b1ce4b34c88e3d0f3
SHA256 412a0a664941c6259efb17cd4a4c8f054a09239a26ef07f136326641798f9a32
SHA512 e111c1d4cf70d51d0e67b8db6734367c41ddfe4728fb41d921a523a28bbd70377f3f0d1712d5d0838bb29c1633e562d6084fc4d14dacaf5b8f22222228f1fcf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2b17bf5f712064befb6ed90e68037c6
SHA1 49a906e62957ebbe11e617e60348e5e0531f317c
SHA256 2cad4f739fc53482df24fe19aff17aa12797122851ffe7b7030e2512dd7b23ac
SHA512 9e21b1a575f2cae7a82451cf564e4f06bbe85f6a2468cd242414a3f4e27c36f20307d4dcc32596f4353acc5f77fc801920a774ea63a1028eeed0020624a8328e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7a682a066f1e4eb7316c05c24a5f620
SHA1 a09afe9bc1954a1c5bec2fe7fe0bedb289fb778e
SHA256 ec0e81d59598a41e50b6fcd7498c19f19fbd405954f8459e3fdb284f0a3884cb
SHA512 c376d9cab7cbcab530fc79990939a97e19e13964b39bc6766ab3f81a1bb7bfcb4bb1bfae907e6a787623b44955d83de92808be403826c94af324ca785d98b1e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c251939085ee052494885424378cada4
SHA1 da80db8864fd358edfd52b9a3038baf768e3e7fc
SHA256 0a377b20d94a9f94b615b0ade4d316806b70a550d044f949aa44e939fbfb7ee1
SHA512 00dd908d460ba522f1a32b8d06948498aee58aa210c371a20cbb3049db1718d6b33259174e3cb4df9acd01be4cb656d9f3c63aa1089da661a5a67a2ee87582b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9583184d75ddccdad63d6df74ef28696
SHA1 bbcd3dba3e5112b4db6937cbca7933240d15bb22
SHA256 944bf5a3e3d70f63563317fe4bbf244e0fd84e5ae87ba22499fb2a7020d9921b
SHA512 0092df08753fc6b7fc023f6780b53ec8700abe79b5b6140dca2e9bb53056386c2fce0f424a423eb0cb222abe6e5af3fd53ee810168cc5e59104b7c61954b470d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1e6c7ec89a0bde527c06e36f3d5ce5d6
SHA1 cfa9dcfb33b104c30d2687e469c31b6f2afa1cdb
SHA256 940d46d1fba931ea98572c7ed3f72c5710628cd17ac9ebc6c20bbfac697091ea
SHA512 1aabc017678fafe3ee34d9eb90f3d19e2753078c3ee7f44c99c612f924076cf8c9ffec849e7fbd1cc701052b5555a963b6fd453ff616a438404e369ee53e079a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 072d1360189ccfdba3834c4113492476
SHA1 5e415553463a7a239115b12423c1c530ce9ea70a
SHA256 a9fccfa509ee24a5d3ab8265a5884c0e827285c62f37d0148972334b7351f221
SHA512 dc69606d1d102f34059bb6762308eaf5ecde512f67f84db4bffd8557221dc3ec4c83ea72a229c97a8696dcc8228665c82cf9174e3d33a0398491b7495850da5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5930b3bf6efb93c57a001a2c5c1696dc
SHA1 791f16c74893a231a99666569e20cfe477359b55
SHA256 69b9427e880a5dd95438bc1c2a84df95029ebdce7d2d70a427bf6172627c2c2a
SHA512 2353954f7198198493c99961bf2c3d6bc3ca79ebddf396b6362ede5d038d9a33a4cb244407160f5284b53896092339ec1007124664dbfaf4ca27c95b7231b09d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fcbbbcaa231911d15b6935abe35df089
SHA1 6389a97c74c6a1525f85e5e537d376181bdd1703
SHA256 632180f8a57e50c32b4cd76d54e0cc790c01c0e529842341898d674134d04342
SHA512 c578764fef24858ad30832fed9af5edcbf915cf992fb32b29b691ccfbb31a2f2851c23766a023267e435a33952a16b449cddc5fe67fd8e8cd64319d8d4d6ac8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57f7899b9ed5eb8385339c711e20734e
SHA1 76fe89678d4fd72c417c236d9ff2b7ef177bcd08
SHA256 19b5c9f99fb7de7ae904a95d87a4a200ca5fb0403c301e0f778b689d29ee559d
SHA512 60cef539402d5b9ef807d5abe22a1273a93bd85b4da5c1262a32c769660c3aa2c5af9f3a08857762e24e32d9e2ce496941cb7a4dac2dd0231b08f13238f37473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6dcf3b16299012b67de4bf79c8d118f
SHA1 e1bc37eeca657eb006bd07dd456a9389e555e084
SHA256 874fd198635c99a60dc6e789f598f2b981fac363f4cd6a666e9aa12e52560462
SHA512 6e7f13e17e121e731b4aac01194be8be9c5d1e33b56b89234cff6db6fe439ba833138928a682f9157b61e50136e3729f639bd41ae0d9d6630aeb313568032089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0a59d7714f7478a1b7624d7324691f1
SHA1 32fd866d44c7bdb8d209ace62645cabf758b3117
SHA256 cefbf161f3cecaa3bd28d4a9fcaf88ae596b91eb3da5586d6c195a57151d6874
SHA512 0747eedf27b8b92cb7ab387c8eba1404cd19729220e62a6cf0727f94a4cac3bea83270c637ad86aa59c1160f8b75e817878acd85ea87fdea5a12e9460962960f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 521067522fc7d4f764be0d280ea0fbb8
SHA1 de2dca416d9044f8075f649d9c8bc707c297b4db
SHA256 92724c9cad9751eb8f514ee74130d0a570379aaa571a047483e5b882aa730bfb
SHA512 de467297354c26f280a31c555680a85610f38e646704f2776f5b39f712a7decd9ae593d2001ddd5db557336d413fcf435b0c3bee4f8981ade9cfdf470d043181

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c01f30d5130a778e06095cf96b03d62
SHA1 d673a041aeff971934c30a36ab0f633d86c6be5e
SHA256 261151239aa16e81c373a87b7de23f71a185709911961c6dfe52293c6563e3a8
SHA512 c8b366f60d9254a1d6b75ef5892cfa695578698b762409548d7aae411f7af5d35564715997f6d198c42bd4d50fa62be631687d403d4c928dc19b10f7a0db2b7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a18ce4544e225a18c12e9a7186cd4e8b
SHA1 1c874e1712dbf3660dbba691da5cc88a5a814d0a
SHA256 406201512dcd1b7d38c557264f16a1ef533d31dcc282b9ba52dfcccc0af005d5
SHA512 3ad4f22e8e2ca31b85d5d2d38015482c04a31e02e97ee57fe9b7435d120cef5215c9534c40faa3f12062b0ffbda3f330da1fccca7cccce823f8e2bc1662c98f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ccf6f02ad1b0932219cb4e4470dee74
SHA1 19780f4d55b0b9e6a3827c393d8535acb24baa9b
SHA256 db3e83bb0a440781295e13d65237c63365ae163b45aea61b339fbf953dcf6c03
SHA512 a1b10e74d1df862d1400da4a19ffd1df04be97425caecf3f058c52ef960ea967747206b727a1bc0ff2b9ddd27faa4c5e18a3d2356e4dd81b6a350de79085d956

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 079c97d2941b4d4c232199f53f4401a3
SHA1 7ad99048cb78d5b00911d65a7002733fb76daa73
SHA256 0a43388366c848b6275b823dd3003a5155d053b6e0b1ba1592463cc305a9fb52
SHA512 520d0b8a5a7ae61c3f8e697f8602bd3e6b68dac717d5f93e644083e9bf79dfe556de8ee5145b3a670ae6c6156f468b9e02260d18cff578ef69e07e88f5df4572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7643bc6e52d17d19ef3251ddcd8b262
SHA1 5e3d0765127a3f6f26a86b78649ac18772aa107b
SHA256 3f031bfc721b9f1cb582b08132e62efd401ff538c1b238b56037f6f09fde2297
SHA512 bc6ff56327dfe0200f690489313f1cc7e8b7f547003e37c9fb9852b50297c7becf0d222ef7dcf6a314e3f79bc52feb6fd4f86b2a307bf1c0c6345fd2d50d48dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 83eeb06f940c396938f318d5918981c3
SHA1 06d62a8b99a2d9b312ca569440bcffe4a7ed6f86
SHA256 22a30cc9ccb4d72b9579cbee1a2988d03be7da5b010492d5a8034621c3177c9c
SHA512 7344157169ae9f5e46408d6e725a826a5e109d472b0fabcfb105e11882da624203392adb32853717aada2ac1c64e0e2272f004b3524d21cc7724e7fc6b4869c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26b8980adeb376a8fa915bde444e274e
SHA1 a5459871732254b2ca661fa068b857e84a022e48
SHA256 c0576117e210f0c77213efb8fc92c837810200c1ef5d4dba602ca933c41fa40c
SHA512 4810312fdc0ed0dc32cb65e1f6b9051150b34a5ce286ac82dcd2acbc7b297f78a09c477fb4676cb421993dd30fd26b0a651acc17720f001ef5fa764d8c7137f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11758fd55c4b40ad8a0ad050180f41b0
SHA1 77fd6732d7f4465066c07974513e9885e3a75737
SHA256 f993d56cdc144372cb6c6482d281ddf1f8d97d1dd7eb7600e65844e6bb00fc62
SHA512 296359657519b70940a02bf43412103319b30e04c8895c7e38d6ac66cbaf1811e71ec90ec2053b4a6633e4f762edba401009932081e403b097d03a60cb3beeac

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\SETUP.EX_

MD5 7d9b08085e191a947af59768fe7ff86e
SHA1 ec5ea25bfbb1d9e032c11a33211787db53cc3b4c
SHA256 626fbc297f0402bc5d9f19cf073d0125c21bbd494d17aa5c4c2babad071e31d9
SHA512 e8028bdf4a46a78c7d491db1b22b7deb32cab945f43a51c663c62d77f4e31e608708893f37f450fc34db781054ebd35da7ff5a369bcd8a805e8b30905c49b496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7609d8c19cc15e1c177c12183c8e1fe7
SHA1 7836d9d13b2d3cf3a26e2f75b3e4f8719246af87
SHA256 7258bcbc5bd6a02d424d12fca8ec649cb56de61c48ea14fe1d2fdf923624f276
SHA512 3e1e980f6ede3db950406bf8e1fd2a446a323717e9041317758dd2d6c0ecbf3b1341bbd64dcc0a1dba9461843e9091caf51fb217adb91521a525f528f8a252bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c784f5c24d3781e19d73963d197896a
SHA1 a2e18a694928c3a18b4cedff141c5f8da4da54b9
SHA256 63f542ec474a244b8d3733ff1f5236e9663b8285e3512e029882456b4bc8440e
SHA512 6a3a1d52d16e114bff533053901a4a13feaf08f8c7ea390ea93ac172815edc9276869f2b5bebc986ff9199ee1ebcdae6c005142c67cf5109c81fd73174683ea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3899c3b63f993785b074f063baa4e48c
SHA1 68cca2f5f089adfb47b4de9c8cb730e53e0c3efa
SHA256 d1428624374861865fd3168f9065aec0543356fc33808bc30f29c1328905e765
SHA512 b73b425d38d47fc76670ad7b36ae51828c4355e18735ab040de4ddbdc671ccd7954007459456d26de23c8c33c4f11451244d78f22780ba211d26cb8541d1ab4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cd9c92959e48448891a3750ba572a4d8
SHA1 f13f2d06b96fc608717dbae62cf268c3168f0396
SHA256 63f1c6b9277e5e65b0a118897e0c9a789d1f6fad13ce79708bed24e61eccffad
SHA512 2b39ffbf49e4a7bce42612767b52eefe3ff3800f9fac4d309f9cea4297030e6a7e16dd2e37ea19c0c285302e1a6f6833e37a91e971a35b24d02a6ebe245916e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52c275fcd2a33e0a720c99abb26b4ade
SHA1 5e8248140745663f9e5b81b3e217b9fd3e6d852f
SHA256 6cb93afc07f12d12eb63df19961f89d63a5cf0f6a8488d4f7634a371688f1fbe
SHA512 3c57bb8061697bb6e16c1777bfc587024932628a2d0e24096468f6c1a568e29080e7aafd32e08563e429a30f0d4faa8a0df8f3cd3395f4964f4937df5a919d44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\672113bb-ae23-4fc5-8daf-0912da3ac99c.tmp

MD5 6607e8083b742803b7bf5b46097ce4e9
SHA1 4eb36cb5c5184900fe71ae3f8a5e0568dda1cfe3
SHA256 3a520a586a7252714ee37ca5ee0e802454688d8179c9cb58b0d4e6e3aefdf51e
SHA512 4463a9910a0a91562691dc4a3fdcb594eeca1a42b23f1d9a3f04245ef82de6d1f88b882a698026d86506675a6a25d97496ca805c8260eb2c4ff4f0bfb6b13445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6928f61755234e04ae6709b25b029f4e
SHA1 0c01770986f65e294247dd31d02d7da45cff174d
SHA256 3a81e68dd325abc68d68444310bf8ad33af04c5ce28a56c3af30acbf066751a9
SHA512 552128ab2033d2aecdb38a93e5d0021655639c7b3834ce854eee1421e7b2840b61e09ea14261ac04dca80f765304e8dc5083749745cd3fb6eec0c5e0c401cadd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99a37000391b1f63f8f12b508a32663f
SHA1 27f34d12ce5e90ff3fe6993cd9352fc5c1ee0ca0
SHA256 3fbfa82349d42bea612ea0c6a077942077c26d45e3d5fb238372d4d8fbab33e1
SHA512 5f6e7305fa9d33064ddb418109bd0b49fdf5c8104684c643e085d7a6ad6937988d889d6e4b67fc2d580498fbd68a90ce638674b8de9cda2cdd3cf1fd921de792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28af0f7562858231381926a6c77e393b
SHA1 dafe95b1d22a278ca7ec4948095418d674dba98e
SHA256 14b10b2d7ba4c1efd730bde97af2048d134ee69acf82e0ebc703be64feac7306
SHA512 f891005b27325821c89a0a09929ad9b6c9ddf1d626c9711e488f87ab993333486a3606647038d6fbed67c9839aea739dc311671bc447ec61c2924485d05eebcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6918c5a0e4f323c94e08059471198095
SHA1 4dd3b5624c3d6b278cf8322d061f89e078d211f2
SHA256 16142b3a6c37f330887218e54fc25319c7397fe6a4c39a2e6aede86854c953be
SHA512 475917fb3a2d3c693a37f24e9cf27f66bf6f9db8c2fc08078cff0cbaa6f3800fe9be719ce725c41120467d5d60cac7b807b5edcd0431e69706685202c7086e76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14d71fb1979de136331b7d7427964f45
SHA1 be3d749212561ed5aef440d0123aec1870ad64d8
SHA256 887bc2f8e0ea3edbecaa5e31b761168b3b399fb97a135274b6b0e89ce6500b1e
SHA512 659ebaee5d1e180fd4b535b58e0e688f64b81863b2619864e62c8aced4393d55237d79e53b6f0b233850833f9f7c70553cb486f485bdb7a6026370267953a33c