Analysis Overview
SHA256
ea8fac7c65fb589b0d53560f5251f74f9e9b243478dcb6b3ea79b5e36449c8d9
Threat Level: Known bad
The file . was found to be: Known bad.
Malicious Activity Summary
Locky
Locky family
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Event Triggered Execution: Image File Execution Options Injection
Event Triggered Execution: Component Object Model Hijacking
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: 3F2A2CCB574872387F000101@AdobeOrg_64798625743591501705477688783662225769
Loads dropped DLL
A potential corporate email address has been identified in the URL: [email protected]
Unexpected DNS network traffic destination
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Looks up external IP address via web service
Installs/modifies Browser Helper Object
Indicator Removal: File Deletion
Blocklisted process makes network request
Writes to the Master Boot Record (MBR)
Checks whether UAC is enabled
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtCreateThreadExHideFromDebugger
Checks system information in the registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
System policy modification
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Gathers network information
Modifies Internet Explorer settings
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-13 09:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-13 09:34
Reported
2024-12-13 10:04
Platform
win10v2004-20241007-en
Max time kernel
1799s
Max time network
1798s
Command Line
Signatures
Locky
Locky family
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe | N/A |
A potential corporate email address has been identified in the URL: 3F2A2CCB574872387F000101@AdobeOrg_64798625743591501705477688783662225769
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperV1.23.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
| Destination IP | 1.0.0.1 | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Indicator Removal: File Deletion
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Container\MediaGallery\MediaGallerySingle.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ro.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\PlatformContent\pc\textures\water\normal_12.dds | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Lua\Notifications\Dark\SI-Standard\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\Scripting\Light\Standard\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\Dash-31ab8d40-0.1.9\Dash\last.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\MeatballMenu.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Menu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\textures\ui\AvatarExperience\Avatar2_PPEButton.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Dialog\Modal\PartialPageModal.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\JestTestResult-31ab8d40-3.8.1\JestTestResult\helpers.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\SelfView\whiteRect.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\Amazon_large.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\Qml\QtQuick\Controls.2\Material\RangeSlider.qml | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\DraggerTools\Light\Large\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\AvatarEditorPrompts\AvatarEditorPromptsPolicy.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\react\hooks\utils\useBaseQuery.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\textures\ui\LuaApp\graphic\Auth\GridBackground.jpg | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\fs\lib\cp\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VR\recenterFrame.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler\ReactReconciler\ReactFiberHydrationContext.new.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\ieee754\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\wns_push_client.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\fonts\Montserrat-Bold.ttf | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\ContactList\Components\CallDialogContainer.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\EmotesMenu\Layouts\Small.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\RoduxCall\RoduxCall\Models\CallStateModel.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\readable-stream\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-online-6x6.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\StudioUIEditor\icon_rotate5.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Dark\Large\Service.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\jsutils\promiseForObject.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\JestFakeTimers-31ab8d40-3.8.1\lock.toml | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\GameSettings\ToolbarIcon.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\ui\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Array\sort.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\TopBar\Actions\SetIsDead.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\Jest-31ab8d40-2.4.1\lock.toml | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\BuiltInPlugins\DepFiles\GameSettings.d | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\NoCollisionConstraint.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\Cryo\Cryo\List\join.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-31ab8d40-0.4.2\LuauPolyfill\init.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Components\AlertView\CheckIcon.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionCursor\CursorType.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\asn1\obj.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\textures\StudioToolbox\AssetPreview\OnSale.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\Qml\QtQuick\Controls.2\Fusion\ScrollBar.qml | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Reducers\chatReducer.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Reducers\SubscriptionPurchaseInfoReducer.lua | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\vk_swiftshader.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\models\AnimationEditor\AnimationEditorGUI.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\Qml\QtQuick\Controls.2\designer\ComboBoxSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\Weld.png | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI5AEE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6CB4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7234.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8119.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI813A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICC6E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICEFF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE547.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B1E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSICB92.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b53fc.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b53f8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B2E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI70BC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b53f8.msi | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2AA09DE-FF84-4D73-90C7-4169F03876C3}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxStudioBeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxStudioBeta.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-STUDIO | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension = ".htm" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7931E4D-82F7-486C-9FFB-E44AB90B021F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b71c150c7c1f40de\\RobloxPlayerBeta.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\ = "Microsoft Edge HTML Document" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\ = "URL:microsoft-edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 99890.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 513329.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxStudioBeta.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Bootstrapper.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\BootstrapperV1.23.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb397546f8,0x7ffb39754708,0x7ffb39754718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3464 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x408
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Windows\System32\Wbem\WMIC.exe
wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
C:\Users\Admin\Downloads\BootstrapperV1.23.exe
"C:\Users\Admin\Downloads\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 7C5D4DD8FD7D3667D2DF3F3FD8EC866A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9305E07A3E52271936FD12ABD9BDD9D3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7016AB9F399A591E57DD20A3791C69F6 E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUC3C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUEzNDAzMDUtQTY2OS00M0Y4LUI4MDUtRjk0Q0YxMjlFNjhGfSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQjdDNzEwMC1FOEZELTRFQ0ItOUY0Ni05MzYwMTgzMTM4ODV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzA0MDY1MTc1IiBpbnN0YWxsX3RpbWVfbXM9Ijk2NyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{AA340305-A669-43F8-B805-F94CF129E68F}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUEzNDAzMDUtQTY2OS00M0Y4LUI4MDUtRjk0Q0YxMjlFNjhGfSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRjY2ODREMS03QkRDLTQzQzItQTE3MS1CNzgwNzM4QkIzRTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MTEwOTUxOTMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\MicrosoftEdge_X64_131.0.2903.99.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.140 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BCF8CB10-5E10-48B8-8715-DABC2B2C75E5}\EDGEMITMP_7CC60.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.99 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff70c332918,0x7ff70c332924,0x7ff70c332930
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUEzNDAzMDUtQTY2OS00M0Y4LUI4MDUtRjk0Q0YxMjlFNjhGfSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxRDM1RDlFOS04NURBLTQ2NEMtODcwNy01MjE0MjAzMjA2ODd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy45OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzcyNDM5NTQzNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MjQ3NjUxNTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDAwODQ1NDA4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wZjZhNmRkMy0wYjIyLTRlNzgtYjA0Zi02MDQ5NGViNGM0ZTg_UDE9MTczNDY4NzU4MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1FUVdKRlJ3ZiUyZmVkRHFaRzF2S3VCV1c3R25DSmV2cWx1VTJaTmR6QVdlUm9rWGszV3FwbFQ2MTZ4ZVJsQ0x3a1BuT0RLVEtaQlFSbDhhQWIxUWpVWkJ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2ODU1NjQ4IiB0b3RhbD0iMTc2ODU1NjQ4IiBkb3dubG9hZF90aW1lX21zPSIyMTE0OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMDEwNzUzMTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDE1NDI1NDI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjI1Njc1NDE3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzc2IiBkb3dubG9hZF90aW1lX21zPSIyNzU5NSIgZG93bmxvYWRlZD0iMTc2ODU1NjQ4IiB0b3RhbD0iMTc2ODU1NjQ4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTAyMyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5088
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2AA09DE-FF84-4D73-90C7-4169F03876C3}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A2AA09DE-FF84-4D73-90C7-4169F03876C3}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{8F7D7935-CD94-4450-B6B2-7E141B8B78D7}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEY3RDc5MzUtQ0Q5NC00NDUwLUI2QjItN0UxNDFCOEI3OEQ3fSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyOUY1RTEzNi0xMjQ1LTQ3MDYtODQ2NS0xOEUwNzA2NUM3MUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTE0OTkyODA5MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTE0OTk2ODA2OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI1NTg5NDMwMDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDY4NzkyMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1UbEJ0T1VuZkhVYUtIdk51Znk3WUhhejFiYnRPQnNoc1k4dkh6TERjMlJhdHFBY1ZPaHNHbFJ6M0lxV29wMCUyYnhNSGV3bFNWZEZ2VnYxWXh4QXU2SFpRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI1NTg5NTM0NTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzE3Yjc1MjIzLWEzNWUtNDQ0YS04MGQ0LWJiOTg5Y2NmMmY3Mz9QMT0xNzM0Njg3OTIzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVRsQnRPVW5mSFVhS0h2TnVmeTdZSGF6MWJidE9Cc2hzWTh2SHpMRGMyUmF0cUFjVk9oc0dsUnozSXFXb3AwJTJieE1IZXdsU1ZkRnZWdjFZeHhBdTZIWlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjUzMzI4IiB0b3RhbD0iMTY1MzMyOCIgZG93bmxvYWRfdGltZV9tcz0iMTM2NTMyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNTU4OTgzMDc3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNTY0NDI0OTE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iNjciIHJkPSI2NDg5IiBwaW5nX2ZyZXNobmVzcz0ie0ZENThGOTgwLTc3MjAtNDVCNC1BRjkzLTVGNTVCNEYwOTkwNH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzg1NTYwODU4MzUwMTEwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iNjciIHI9IjY3IiBhZD0iNjQ4OSIgcmQ9IjY0ODkiIHBpbmdfZnJlc2huZXNzPSJ7N0JDRDZGMjUtRTdEOC00NkM5LTkxNTgtNTg5N0Q3MEU1MERBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjk5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1NTIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins0NkREMUY5Ny0zM0UxLTRGOUItOEEwNy1DQTc4NkJGNzY1RUZ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU7E5D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{8F7D7935-CD94-4450-B6B2-7E141B8B78D7}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEY3RDc5MzUtQ0Q5NC00NDUwLUI2QjItN0UxNDFCOEI3OEQ3fSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RkFEMzJENjItRTBENC00Njc5LTk4QjctRjMwQjVCRDc3MUVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM0MDgyNzc3Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjU3NjUzMzg3MyIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe
C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_6F498\RobloxStudioInstaller.exe
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-b8e18f8286604778\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.654.1.6540477_20241213T095156Z_Studio_596FA_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.654.1.6540477_20241213T095156Z_Studio_596FA_last.log --attachment=attachment_log_0.654.1.6540477_20241213T095156Z_Studio_596FA_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.654.1.6540477_20241213T095156Z_Studio_596FA_csg3.log --attachment=attachment_log_0.654.1.6540477_20241213T095156Z_Studio_596FA_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.654.1.6540477_20241213T095156Z_Studio_596FA_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.654.1.6540477 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=a065fa5e0513dcb30a17b6884c502caf34bea3df --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.654.1.6540477 --annotation=UniqueId=6334241286872926569 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.654.1.6540477 --annotation=host_arch=x86_64 --initial-client-data=0x414,0x418,0x41c,0x3ec,0x428,0x7ff7ab424cb8,0x7ff7ab424cd0,0x7ff7ab424ce8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzc2QjRGQjYtQUE1RC00ODQxLTg1MDAtMEE0OUNBMkQxQkE3fSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzczMjEyNzQtNkI2RC00QkE4LThEMzItM0Y5RTM5RTJBN0IzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2NCWUVZWDg3MXRzR3VLSmFvNjNYalV0NXZKRTlYeENUbkU3SDBQZ1VqS0U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI2NyIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkyODQ5IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjU0NTM1MzIwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxMjMwMjAxNzIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\MicrosoftEdge_X64_131.0.2903.86.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7df4a2918,0x7ff7df4a2924,0x7ff7df4a2930
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9FD9CFD-758C-432F-99A1-9069A1E32C80}\EDGEMITMP_6F687.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7df4a2918,0x7ff7df4a2924,0x7ff7df4a2930
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6b2192918,0x7ff6b2192924,0x7ff6b2192930
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6b2192918,0x7ff6b2192924,0x7ff6b2192930
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7648 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzc2QjRGQjYtQUE1RC00ODQxLTg1MDAtMEE0OUNBMkQxQkE3fSIgdXNlcmlkPSJ7QkY4MDNGNzgtMEJBNS00RTI3LUExQjEtNDgxNjQyNjA5MEYyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1MEFFMEEzMy01MDE1LTRBQjUtQTBBNC02MEM4MDk4QjExQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4zOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjAtbWluX2Jyb3dzZXJfdmVyc2lvbl9jYW5hcnlfZGV2JTIwMTMzLjAuMjk3MC4wJTIyJTVEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjQ0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2NTU2IiBwaW5nX2ZyZXNobmVzcz0iezYyOUExOTdBLTU4MzYtNDFDMC05RDI4LTRGRjlEQkYyOTIzNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjg2IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3ODU1NjA4NTgzNTAxMTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2MTc3NTc5ODQ5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2MTc3NjU5ODcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzU2NjY4MDEwNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzA5NzA1ZWIyLTFjZjQtNDZiZi1iZDEyLTgxMDliMzBjMzIyNz9QMT0xNzM0Njg4NDI2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUhURVJFZUJQQnpMbUQweWN1SVZ5TWFPJTJmRHBtZzNBMmxIekdPdEd1cmEyM2t5QUU0UnJhVUtyaVhQTlFyNlZUJTJieU9DeUtxMW0xQ3FCaGhjZWhWSmJCZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NTY2Njk5OTIzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wOTcwNWViMi0xY2Y0LTQ2YmYtYmQxMi04MTA5YjMwYzMyMjc_UDE9MTczNDY4ODQyNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IVEVSRWVCUEJ6TG1EMHljdUlWeU1hTyUyZkRwbWczQTJsSHpHT3RHdXJhMjNreUFFNFJyYVVLcmlYUE5RcjZWVCUyYnlPQ3lLcTFtMUNxQmhoY2VoVkpiQmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY2NzY0MDgiIHRvdGFsPSIxNzY2NzY0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjEzMjcwMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzU2Njg0MDIzNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzU4MDgxMDMzMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgyOTM3Mzk5NjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MTUiIGRvd25sb2FkX3RpbWVfbXM9IjEzODkxMSIgZG93bmxvYWRlZD0iMTc2Njc2NDA4IiB0b3RhbD0iMTc2Njc2NDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI3MTI2MSIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjY1NTYiIHBpbmdfZnJlc2huZXNzPSJ7Rjc2OTlCMzItQjA1QS00NTU0LUFCMUYtRjA5NDA2Q0UxRDQ3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjk5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1NTIiIGNvaG9ydD0icnJmQDAuMjIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1NTYiIHBpbmdfZnJlc2huZXNzPSJ7MEZBNTAxRTEtN0FDMS00NDZDLTk3QjMtNzgyQzNBRDk4NjA3fSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe
"C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys3434.tmp"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe
"C:\Users\Admin\Downloads\Ransomware.Locky\Locky.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\sys53A9.tmp"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5272213065057523583,3844462814771869682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\limbos32-master\limbos32-master\requirements.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\limbos32-master\limbos32-master\READM.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| FR | 2.16.165.93:443 | th.bing.com | tcp |
| FR | 2.16.165.93:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.165.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | celery.zip | udp |
| US | 104.21.32.1:443 | celery.zip | tcp |
| US | 104.21.32.1:443 | celery.zip | tcp |
| US | 8.8.8.8:53 | 1.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.allorigins.win | udp |
| US | 104.21.235.195:443 | api.allorigins.win | tcp |
| US | 8.8.8.8:53 | 195.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.21.244.153:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 153.244.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| NL | 18.239.69.21:80 | send-anywhere.com | tcp |
| NL | 18.239.69.21:80 | send-anywhere.com | tcp |
| NL | 18.239.69.21:443 | send-anywhere.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | wcs.naver.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 2.19.117.80:443 | wcs.naver.net | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| FR | 142.250.179.98:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | wcs.naver.com | udp |
| US | 8.8.8.8:53 | ssl.pstatic.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| KR | 210.89.167.46:443 | wcs.naver.com | tcp |
| GB | 157.240.214.11:443 | connect.facebook.net | tcp |
| GB | 157.240.214.11:443 | connect.facebook.net | tcp |
| GB | 23.208.247.43:443 | ssl.pstatic.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| KR | 210.89.167.46:443 | wcs.naver.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | 21.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.247.208.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.167.89.210.in-addr.arpa | udp |
| NL | 18.239.50.122:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| NL | 18.239.15.212:443 | d10lpsik1i8c69.cloudfront.net | tcp |
| US | 8.8.8.8:53 | m.servedby-buysellads.com | udp |
| US | 8.8.8.8:53 | cdn.carbonads.com | udp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 8.8.8.8:53 | nam.veta.naver.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 13.227.219.74:443 | m.servedby-buysellads.com | tcp |
| NL | 18.65.39.48:443 | cdn.carbonads.com | tcp |
| US | 216.198.54.1:443 | send-anywhere.zendesk.com | tcp |
| FR | 216.58.213.66:443 | securepubads.g.doubleclick.net | tcp |
| DE | 203.104.162.225:443 | nam.veta.naver.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 104.26.11.16:443 | settings.luckyorange.net | tcp |
| US | 8.8.8.8:53 | b35f7f91c8cbd9c0ffed14a83086f7ac.safeframe.googlesyndication.com | udp |
| FR | 216.58.214.65:443 | b35f7f91c8cbd9c0ffed14a83086f7ac.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | srv.carbonads.net | udp |
| NL | 152.42.150.143:443 | srv.carbonads.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| NL | 152.42.150.143:443 | srv.carbonads.net | tcp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 122.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.54.198.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.104.203.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 98.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.150.42.152.in-addr.arpa | udp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.65:443 | b35f7f91c8cbd9c0ffed14a83086f7ac.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| NL | 18.65.39.10:443 | d4a553n24khrv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 142.250.178.130:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | tcp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| FR | 142.250.178.130:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 151.101.64.176:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 176.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 54.213.161.233:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 233.161.213.54.in-addr.arpa | udp |
| US | 2.21.244.153:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | cdn-15-165-90-80.send-anywhere.com | udp |
| NL | 18.239.83.62:443 | cdn-15-165-90-80.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 62.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| FR | 2.16.11.56:443 | r.bing.com | tcp |
| GB | 2.18.66.163:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 142.250.179.97:443 | cdn.ampproject.org | tcp |
| FR | 142.250.179.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 56.11.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| FR | 142.250.179.67:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| FR | 172.217.18.195:443 | recaptcha.net | tcp |
| FR | 172.217.18.195:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| NL | 18.239.83.62:443 | cdn-15-165-90-80.send-anywhere.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.21.244.148:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 148.244.21.2.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | getsolara.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 1.1.1.1:53 | 27.93.21.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 1.1.1.1:53 | 485b1b07.solaraweb-alj.pages.dev | udp |
| US | 172.66.44.59:443 | 485b1b07.solaraweb-alj.pages.dev | tcp |
| US | 1.1.1.1:53 | 59.44.66.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 1.1.1.1:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| GB | 2.18.66.168:443 | th.bing.com | tcp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | clientsettings.roblox.com | udp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 1.1.1.1:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 168.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 1.1.1.1:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | www.nodejs.org | udp |
| US | 104.20.23.46:443 | www.nodejs.org | tcp |
| US | 1.1.1.1:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 1.1.1.1:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| GB | 2.23.210.95:443 | static.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 234.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 95.210.23.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 83.110.86.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 205.234.175.102:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| US | 1.1.1.1:53 | metrics.roblox.com | udp |
| US | 1.1.1.1:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 1.1.1.1:53 | apis.rbxcdn.com | udp |
| GB | 2.18.66.234:443 | css.rbxcdn.com | tcp |
| GB | 18.172.153.2:443 | apis.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 2.153.172.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | setup.rbxcdn.com | udp |
| GB | 2.19.252.160:443 | setup.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | 160.252.19.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | aefd.nelreports.net | udp |
| GB | 88.221.135.114:443 | aefd.nelreports.net | udp |
| US | 1.1.1.1:53 | 114.135.221.88.in-addr.arpa | udp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.41:443 | clientsettingscdn.roblox.com | tcp |
| US | 1.1.1.1:53 | 41.242.165.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | setup.rbxcdn.com | udp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:53660 | tcp | |
| N/A | 127.0.0.1:53687 | tcp | |
| N/A | 127.0.0.1:53865 | tcp | |
| N/A | 127.0.0.1:53990 | tcp | |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 172.66.44.59:443 | 485b1b07.solaraweb-alj.pages.dev | tcp |
| US | 1.1.1.1:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | 235.3.20.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 238.187.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 235.3.20.104.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 1.0.0.1.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | config.edge.skype.com | udp |
| AU | 1.0.0.1:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.151.228.221:443 | msedge.api.cdp.microsoft.com | tcp |
| AU | 1.0.0.1:53 | 221.228.151.4.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| AU | 1.0.0.1:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 199.232.214.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| AU | 1.0.0.1:53 | self.events.data.microsoft.com | udp |
| AU | 1.0.0.1:53 | 211.143.182.52.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | aefd.nelreports.net | udp |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| AU | 1.0.0.1:53 | 139.134.221.88.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | config.edge.skype.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| AU | 1.0.0.1:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51949 | tcp | |
| N/A | 127.0.0.1:51952 | tcp | |
| GB | 88.221.134.139:443 | aefd.nelreports.net | udp |
| AU | 1.0.0.1:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| AU | 1.0.0.1:53 | 146.252.19.2.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| AU | 1.0.0.1:53 | 36.164.155.4.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 1.1.1.1:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| AU | 1.0.0.1:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| AU | 1.0.0.1:53 | 172.210.232.199.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| AU | 1.0.0.1:53 | 148.117.19.2.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | config.edge.skype.com | udp |
| N/A | 127.0.0.1:56787 | tcp | |
| AU | 1.0.0.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| AU | 1.0.0.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| AU | 1.0.0.1:53 | setup.rbxcdn.com | udp |
| US | 1.1.1.1:53 | setup.rbxcdn.com | udp |
| GB | 2.19.252.160:443 | setup.rbxcdn.com | tcp |
| GB | 2.19.252.160:443 | setup.rbxcdn.com | tcp |
| GB | 2.19.252.160:443 | setup.rbxcdn.com | tcp |
| AU | 1.0.0.1:53 | 74.242.165.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:56793 | tcp | |
| N/A | 127.0.0.1:56796 | tcp | |
| N/A | 127.0.0.1:56812 | tcp | |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| N/A | 127.0.0.1:57021 | tcp | |
| N/A | 127.0.0.1:57044 | tcp | |
| N/A | 127.0.0.1:57047 | tcp | |
| US | 1.1.1.1:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:64425 | tcp | |
| US | 1.1.1.1:53 | msedge.api.cdp.microsoft.com | udp |
| AU | 1.0.0.1:53 | msedge.api.cdp.microsoft.com | udp |
| US | 52.252.28.242:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 2.18.66.171:443 | www.bing.com | tcp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| GB | 104.86.110.105:443 | th.bing.com | tcp |
| GB | 104.86.110.105:443 | th.bing.com | tcp |
| GB | 104.86.110.99:443 | th.bing.com | tcp |
| GB | 104.86.110.99:443 | th.bing.com | tcp |
| US | 1.1.1.1:53 | 242.28.252.52.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 171.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 105.110.86.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 99.110.86.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 104.86.110.105:443 | th.bing.com | tcp |
| GB | 104.86.110.99:443 | th.bing.com | tcp |
| US | 1.1.1.1:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 1.1.1.1:53 | 171.30.167.52.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 1.1.1.1:53 | fpt6.microsoft.com | udp |
| US | 1.1.1.1:53 | fpt2.microsoft.com | udp |
| AU | 1.0.0.1:53 | fpt2.microsoft.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.githubassets.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 1.1.1.1:53 | avatars.githubusercontent.com | udp |
| AU | 1.0.0.1:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 1.1.1.1:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| AU | 1.0.0.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 1.1.1.1:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 1.1.1.1:53 | 216.156.26.20.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 1.1.1.1:53 | aefd.nelreports.net | udp |
| AU | 1.0.0.1:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 1.1.1.1:53 | 134.252.19.2.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 2.18.66.75:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | th.bing.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | 75.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 1.1.1.1:53 | www.splunk.com | udp |
| AU | 1.0.0.1:53 | www.splunk.com | udp |
| GB | 2.16.76.90:443 | www.splunk.com | tcp |
| GB | 2.16.76.90:443 | www.splunk.com | tcp |
| US | 1.1.1.1:53 | 90.76.16.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 1.1.1.1:53 | s.go-mpulse.net | udp |
| GB | 2.19.168.132:443 | s.go-mpulse.net | tcp |
| US | 1.1.1.1:53 | cdn.signalfx.com | udp |
| GB | 18.165.242.45:443 | cdn.signalfx.com | tcp |
| GB | 18.165.242.45:443 | cdn.signalfx.com | tcp |
| US | 1.1.1.1:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 132.168.19.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 45.242.165.18.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 232.187.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 132.168.19.2.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 45.242.165.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 1.1.1.1:53 | www.cisco.com | udp |
| GB | 2.22.69.207:443 | www.cisco.com | tcp |
| US | 1.1.1.1:53 | seal.digicert.com | udp |
| IE | 63.33.186.64:443 | seal.digicert.com | tcp |
| US | 1.1.1.1:53 | cdn.cookielaw.org | udp |
| US | 1.1.1.1:53 | c.go-mpulse.net | udp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 1.1.1.1:53 | wxl3auyccbgfuz24as5a-f-e7aa54a7c-clientnsv4-s.akamaihd.net | udp |
| US | 1.1.1.1:53 | 684dd313.akstat.io | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| AU | 1.0.0.1:53 | wxl3auyccbgfuz24as5a-f-e7aa54a7c-clientnsv4-s.akamaihd.net | udp |
| US | 1.1.1.1:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 207.69.22.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 64.186.33.63.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 42.87.18.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 128.224.39.23.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 226.187.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 64.186.33.63.in-addr.arpa | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | cdn.bizible.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| FR | 152.195.15.58:443 | cdn.bizible.com | tcp |
| US | 1.1.1.1:53 | ciscoadmin-privacy.my.onetrust.com | udp |
| US | 104.18.32.137:443 | ciscoadmin-privacy.my.onetrust.com | tcp |
| US | 1.1.1.1:53 | snap.licdn.com | udp |
| US | 1.1.1.1:53 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | bat.bing.com | udp |
| US | 1.1.1.1:53 | www.redditstatic.com | udp |
| US | 1.1.1.1:53 | amplify.outbrain.com | udp |
| US | 1.1.1.1:53 | v2.listenloop.com | udp |
| US | 1.1.1.1:53 | ws.zoominfo.com | udp |
| US | 1.1.1.1:53 | j.6sc.co | udp |
| US | 1.1.1.1:53 | cdn1.adoberesources.net | udp |
| US | 1.1.1.1:53 | pixel.byspotify.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 104.16.117.43:443 | ws.zoominfo.com | tcp |
| GB | 157.240.221.16:443 | connect.facebook.net | tcp |
| US | 104.21.61.117:443 | v2.listenloop.com | tcp |
| GB | 2.18.85.96:443 | amplify.outbrain.com | tcp |
| GB | 2.19.117.161:443 | snap.licdn.com | tcp |
| GB | 2.18.63.41:443 | j.6sc.co | tcp |
| GB | 2.23.205.29:443 | cdn1.adoberesources.net | tcp |
| US | 34.117.162.98:443 | pixel.byspotify.com | tcp |
| US | 1.1.1.1:53 | munchkin.marketo.net | udp |
| GB | 104.124.166.136:443 | munchkin.marketo.net | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | cdn.bttrack.com | udp |
| US | 1.1.1.1:53 | tag.simpli.fi | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | dx.mountain.com | udp |
| US | 1.1.1.1:53 | web-sdk.smartlook.com | udp |
| GB | 88.221.134.155:443 | cdn.bttrack.com | tcp |
| NL | 35.204.89.238:443 | tag.simpli.fi | tcp |
| US | 34.238.149.65:443 | dx.mountain.com | tcp |
| GB | 18.245.253.101:443 | web-sdk.smartlook.com | tcp |
| US | 1.1.1.1:53 | sgtm.splunk.com | udp |
| US | 34.149.224.134:443 | sgtm.splunk.com | tcp |
| US | 1.1.1.1:53 | home.integrate.com | udp |
| US | 151.101.65.140:443 | www.redditstatic.com | tcp |
| US | 35.167.215.190:443 | home.integrate.com | tcp |
| AU | 1.0.0.1:53 | cdn.bizibly.com | udp |
| US | 1.1.1.1:53 | adobedc.demdex.net | udp |
| US | 1.1.1.1:53 | pixels.spotify.com | udp |
| US | 1.1.1.1:53 | pixel-config.reddit.com | udp |
| US | 1.1.1.1:53 | wave.outbrain.com | udp |
| US | 1.1.1.1:53 | tr.outbrain.com | udp |
| US | 1.1.1.1:53 | alb.reddit.com | udp |
| US | 1.1.1.1:53 | ipv6.6sc.co | udp |
| US | 1.1.1.1:53 | b.6sc.co | udp |
| US | 1.1.1.1:53 | c.6sc.co | udp |
| US | 35.186.224.24:443 | pixels.spotify.com | tcp |
| US | 1.1.1.1:53 | bttrack.com | udp |
| IE | 66.235.152.225:443 | adobedc.demdex.net | tcp |
| US | 1.1.1.1:53 | px.ads.linkedin.com | udp |
| US | 151.101.65.140:443 | alb.reddit.com | tcp |
| GB | 18.245.253.101:443 | web-sdk.smartlook.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 1.1.1.1:53 | epsilon.6sense.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| US | 1.1.1.1:53 | i.simpli.fi | udp |
| US | 50.31.142.63:443 | tr.outbrain.com | tcp |
| US | 1.1.1.1:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 58.15.195.152.in-addr.arpa | udp |
| GB | 2.23.205.148:443 | wave.outbrain.com | tcp |
| US | 1.1.1.1:53 | 140.65.101.151.in-addr.arpa | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 1.1.1.1:53 | 43.117.16.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 117.61.21.104.in-addr.arpa | udp |
| GB | 2.18.66.121:443 | c.6sc.co | tcp |
| GB | 2.18.63.11:443 | b.6sc.co | tcp |
| GB | 2.18.63.11:443 | b.6sc.co | tcp |
| US | 1.1.1.1:53 | 96.85.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 41.63.18.2.in-addr.arpa | udp |
| GB | 2.18.63.56:443 | b.6sc.co | tcp |
| US | 151.101.193.140:443 | alb.reddit.com | tcp |
| US | 1.1.1.1:53 | 161.117.19.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 29.205.23.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 16.221.240.157.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 98.162.117.34.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 136.166.124.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 238.89.204.35.in-addr.arpa | udp |
| GB | 2.16.76.90:443 | www.splunk.com | tcp |
| AU | 1.0.0.1:53 | epsilon.6sense.com | udp |
| AU | 1.0.0.1:53 | 228.187.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | i.simpli.fi | udp |
| AU | 1.0.0.1:53 | 117.61.21.104.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 43.117.16.104.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 140.65.101.151.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 58.15.195.152.in-addr.arpa | udp |
| GB | 2.19.168.132:443 | 684dd313.akstat.io | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 99.83.231.3:443 | epsilon.6sense.com | tcp |
| US | 35.186.224.24:443 | pixels.spotify.com | udp |
| US | 54.156.2.105:443 | 54.156.2.105 | tcp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 1.1.1.1:53 | www.clarity.ms | udp |
| US | 1.1.1.1:53 | um.simpli.fi | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| US | 99.83.231.3:443 | epsilon.6sense.com | tcp |
| US | 1.1.1.1:53 | manager.eu.smartlook.cloud | udp |
| DE | 35.157.43.72:443 | manager.eu.smartlook.cloud | tcp |
| US | 1.1.1.1:53 | s.ad.smaato.net | udp |
| US | 1.1.1.1:53 | eb2.3lift.com | udp |
| US | 1.1.1.1:53 | sync.1rx.io | udp |
| US | 1.1.1.1:53 | simplifi.partners.tremorhub.com | udp |
| US | 34.149.224.134:443 | sgtm.splunk.com | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | pixel.tapad.com | udp |
| GB | 108.156.39.117:443 | s.ad.smaato.net | tcp |
| US | 1.1.1.1:53 | sync.intentiq.com | udp |
| US | 1.1.1.1:53 | aa.agkn.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 54.243.100.87:443 | simplifi.partners.tremorhub.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 142.250.187.227:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | loadm.exelator.com | udp |
| US | 1.1.1.1:53 | stags.bluekai.com | udp |
| US | 1.1.1.1:53 | sync.bfmio.com | udp |
| US | 1.1.1.1:53 | fei.pro-market.net | udp |
| US | 1.1.1.1:53 | idsync.rlcdn.com | udp |
| US | 1.1.1.1:53 | bcp.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | ce.lijit.com | udp |
| US | 1.1.1.1:53 | 984-xhe-138.mktoresp.com | udp |
| GB | 13.224.222.108:443 | sync.intentiq.com | tcp |
| IE | 52.16.237.161:443 | aa.agkn.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 1.1.1.1:53 | cm.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | c.clarity.ms | udp |
| IE | 52.213.68.253:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.73.232.2:443 | ce.lijit.com | tcp |
| AU | 1.0.0.1:53 | stags.bluekai.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 107.178.240.89:443 | fei.pro-market.net | tcp |
| IE | 54.78.254.47:443 | loadm.exelator.com | tcp |
| AU | 1.0.0.1:53 | sync.bfmio.com | udp |
| AU | 1.0.0.1:53 | 984-xhe-138.mktoresp.com | udp |
| AU | 1.0.0.1:53 | cm.g.doubleclick.net | udp |
| US | 192.28.147.68:443 | 984-xhe-138.mktoresp.com | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| US | 54.227.59.241:443 | sync.bfmio.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| US | 1.1.1.1:53 | pixel.rubiconproject.com | udp |
| US | 1.1.1.1:53 | us-u.openx.net | udp |
| US | 54.227.59.241:443 | sync.bfmio.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 192.28.147.68:443 | 984-xhe-138.mktoresp.com | tcp |
| US | 1.1.1.1:53 | d.agkn.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| AU | 1.0.0.1:53 | us-u.openx.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 54.247.99.208:443 | d.agkn.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 1.1.1.1:53 | dpm.demdex.net | udp |
| US | 1.1.1.1:53 | u.clarity.ms | udp |
| US | 1.1.1.1:53 | px.mountain.com | udp |
| IE | 54.154.212.37:443 | dpm.demdex.net | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 54.245.206.217:443 | px.mountain.com | tcp |
| US | 1.1.1.1:53 | edge.adobedc.net | udp |
| IE | 66.235.152.156:443 | edge.adobedc.net | tcp |
| US | 1.1.1.1:53 | 101.253.245.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 190.215.167.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 134.224.149.34.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 24.224.186.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 140.193.101.151.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 148.205.23.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 11.63.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 65.149.238.34.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 121.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 56.63.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 3.231.83.99.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 63.142.31.50.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 105.2.156.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 118.74.204.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 72.43.157.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 117.39.156.108.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 108.222.224.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 253.68.213.52.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 87.100.243.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 89.240.178.107.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 47.254.78.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 241.59.227.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 68.147.28.192.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 208.99.247.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 37.212.154.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 2.232.73.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | static.ads-twitter.com | udp |
| AU | 1.0.0.1:53 | 190.215.167.35.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 65.149.238.34.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 72.43.157.35.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 241.59.227.54.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 37.212.154.54.in-addr.arpa | udp |
| GB | 146.75.72.157:443 | static.ads-twitter.com | tcp |
| US | 1.1.1.1:53 | t.co | udp |
| US | 1.1.1.1:53 | analytics.twitter.com | udp |
| US | 172.66.0.227:443 | t.co | tcp |
| US | 104.244.42.3:443 | analytics.twitter.com | tcp |
| GB | 92.123.128.143:443 | www.bing.com | tcp |
| US | 1.1.1.1:53 | web-writer.eu.smartlook.cloud | udp |
| US | 1.1.1.1:53 | assets-proxy.smartlook.cloud | udp |
| DE | 18.198.223.68:443 | web-writer.eu.smartlook.cloud | tcp |
| DE | 3.69.35.109:443 | assets-proxy.smartlook.cloud | tcp |
| US | 1.1.1.1:53 | gs.mountain.com | udp |
| US | 52.12.117.226:443 | gs.mountain.com | tcp |
| US | 1.1.1.1:53 | 197.249.227.4.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 217.206.245.54.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 3.42.244.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 68.223.198.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 227.0.66.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 109.35.69.3.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 3.42.244.104.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 217.206.245.54.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 68.223.198.18.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 109.35.69.3.in-addr.arpa | udp |
| DE | 18.198.223.68:443 | web-writer.eu.smartlook.cloud | tcp |
| US | 54.245.206.217:443 | px.mountain.com | tcp |
| US | 1.1.1.1:53 | 226.117.12.52.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 226.117.12.52.in-addr.arpa | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | qr9wo7otse.execute-api.us-west-2.amazonaws.com | udp |
| GB | 18.239.236.42:443 | qr9wo7otse.execute-api.us-west-2.amazonaws.com | tcp |
| US | 1.1.1.1:53 | 42.236.239.18.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 1.1.1.1:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | w3-reporting-nel.reddit.com | udp |
| US | 1.1.1.1:53 | www.virustotal.com | udp |
| AU | 1.0.0.1:53 | www.virustotal.com | udp |
| AU | 1.0.0.1:53 | fonts.gstatic.com | udp |
| AU | 1.0.0.1:53 | fonts.googleapis.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 1.1.1.1:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 35.200.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 35.200.250.142.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| AU | 1.0.0.1:53 | www.recaptcha.net | udp |
| AU | 1.0.0.1:53 | www.gstatic.com | udp |
| GB | 142.250.187.227:443 | www.recaptcha.net | udp |
| US | 1.1.1.1:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | recaptcha.net | udp |
| GB | 142.250.179.227:443 | recaptcha.net | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 1.1.1.1:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 78.204.58.216.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 78.204.58.216.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | u.clarity.ms | udp |
| AU | 1.0.0.1:53 | u.clarity.ms | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| IE | 86.104.134.144:80 | tcp | |
| US | 1.1.1.1:53 | cugpgglubol.pw | udp |
| AU | 1.0.0.1:53 | cugpgglubol.pw | udp |
| US | 162.249.64.234:80 | cugpgglubol.pw | tcp |
| US | 1.1.1.1:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 1.1.1.1:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| GB | 2.18.66.81:443 | www.bing.com | tcp |
| US | 1.1.1.1:53 | 81.66.18.2.in-addr.arpa | udp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| GB | 104.86.110.128:443 | th.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 104.86.110.128:443 | th.bing.com | tcp |
| US | 1.1.1.1:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 128.110.86.104.in-addr.arpa | udp |
| US | 1.1.1.1:53 | etherealcross.itch.io | udp |
| US | 45.79.115.66:443 | etherealcross.itch.io | tcp |
| US | 45.79.115.66:443 | etherealcross.itch.io | tcp |
| US | 1.1.1.1:53 | static.itch.io | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 1.1.1.1:53 | img.itch.zone | udp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 45.79.115.66:443 | etherealcross.itch.io | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 45.79.115.66:443 | etherealcross.itch.io | tcp |
| US | 1.1.1.1:53 | i.ytimg.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | udp |
| US | 1.1.1.1:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 99.69.67.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| AU | 1.0.0.1:53 | 66.115.79.45.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 99.69.67.172.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 78.169.217.172.in-addr.arpa | udp |
| AU | 1.0.0.1:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | yt3.ggpht.com | udp |
| GB | 216.58.204.65:443 | yt3.ggpht.com | tcp |
| US | 1.1.1.1:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 1.1.1.1:53 | github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | github-cloud.s3.amazonaws.com | udp |
| AU | 1.0.0.1:53 | github-cloud.s3.amazonaws.com | udp |
| US | 1.1.1.1:53 | private-user-images.githubusercontent.com | udp |
| US | 1.1.1.1:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | desktop.github.com | udp |
| AU | 1.0.0.1:53 | desktop.github.com | udp |
| US | 185.199.108.153:443 | desktop.github.com | tcp |
| US | 185.199.108.153:443 | desktop.github.com | tcp |
| US | 1.1.1.1:53 | images.ctfassets.net | udp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| GB | 18.245.253.102:443 | images.ctfassets.net | tcp |
| US | 1.1.1.1:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 1.1.1.1:53 | 102.253.245.18.in-addr.arpa | udp |
| US | 1.1.1.1:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 1.1.1.1:53 | tkytmaqijf.be | udp |
| AU | 1.0.0.1:53 | tkytmaqijf.be | udp |
| US | 1.1.1.1:53 | hwfcsfsrysekx.tf | udp |
| AU | 1.0.0.1:53 | hwfcsfsrysekx.tf | udp |
| US | 1.1.1.1:53 | umfsr.fr | udp |
| US | 1.1.1.1:53 | mcxwupekdipuscx.yt | udp |
| AU | 1.0.0.1:53 | mcxwupekdipuscx.yt | udp |
| US | 1.1.1.1:53 | daoxcdb.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | cugpgglubol.pw | tcp |
| US | 1.1.1.1:53 | c.go-mpulse.net | udp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 1.1.1.1:53 | tkytmaqijf.be | udp |
| US | 1.1.1.1:53 | hwfcsfsrysekx.tf | udp |
| US | 1.1.1.1:53 | umfsr.fr | udp |
| AU | 1.0.0.1:53 | umfsr.fr | udp |
| US | 1.1.1.1:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 1.1.1.1:53 | mcxwupekdipuscx.yt | udp |
| AU | 1.0.0.1:53 | mcxwupekdipuscx.yt | udp |
| US | 1.1.1.1:53 | daoxcdb.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 1.1.1.1:53 | u.clarity.ms | udp |
| US | 4.227.249.197:443 | u.clarity.ms | tcp |
| US | 162.249.64.234:80 | cugpgglubol.pw | tcp |
| US | 1.1.1.1:53 | tkytmaqijf.be | udp |
| US | 1.1.1.1:53 | hwfcsfsrysekx.tf | udp |
| AU | 1.0.0.1:53 | hwfcsfsrysekx.tf | udp |
| US | 1.1.1.1:53 | umfsr.fr | udp |
| US | 1.1.1.1:53 | mcxwupekdipuscx.yt | udp |
| AU | 1.0.0.1:53 | mcxwupekdipuscx.yt | udp |
| US | 1.1.1.1:53 | daoxcdb.yt | udp |
| AU | 1.0.0.1:53 | daoxcdb.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | cugpgglubol.pw | tcp |
| US | 1.1.1.1:53 | tkytmaqijf.be | udp |
| US | 1.1.1.1:53 | hwfcsfsrysekx.tf | udp |
| AU | 1.0.0.1:53 | hwfcsfsrysekx.tf | udp |
| US | 1.1.1.1:53 | umfsr.fr | udp |
| US | 1.1.1.1:53 | mcxwupekdipuscx.yt | udp |
| AU | 1.0.0.1:53 | mcxwupekdipuscx.yt | udp |
| US | 1.1.1.1:53 | daoxcdb.yt | udp |
| AU | 1.0.0.1:53 | daoxcdb.yt | udp |
| IE | 86.104.134.144:80 | tcp | |
| US | 162.249.64.234:80 | cugpgglubol.pw | tcp |
| US | 1.1.1.1:53 | tkytmaqijf.be | udp |
| US | 1.1.1.1:53 | hwfcsfsrysekx.tf | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
\??\pipe\LOCAL\crashpad_972_OCNUXCZLKJJBRWQM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7e194de76f6f7e7d36fbd4ad82d93261 |
| SHA1 | 96733f478bfcbd58c2f029eed87c96669fdd72f7 |
| SHA256 | 8d8eba9a1b67e3fec62041dbaa838627130e987b221c8ba0b6f07bb595c8604f |
| SHA512 | 60e251afe41ec1794d33e147ac543f9a7c96543411c4a3aeb10058c5df6f0f73f7134893f0cd625459814459fcc21309bf069c5521b512f2e895fe03a32d3dae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c7b95dc68f4608a2ea793efcb609caa |
| SHA1 | 2fd6790fdb5548b91e8ab3b272d40bf7d93837ff |
| SHA256 | 822eb472ab9c77997d47b0df9b87a637a95b976439d8b0a6ef5caed74a9368ef |
| SHA512 | 21daa424febd16e4ec88efc9cb6d0112d09fcd31f33b6298f3d1598072f322beebd6ebe1e1eab67bae4e51c46d7a3e58e502c3631aa0643cc8ca8676af9beb77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c5e9476ae285f100bf852539a9ecfe2 |
| SHA1 | 269508d0c93082524ae3e8d91bb5ced0fb1bf031 |
| SHA256 | 1af4a6de7b74f766539eb63268ac0c861a61ac0c1b12a2ad19040c7b0484644e |
| SHA512 | 0591e1c5555f146479659c4d4a3ecf1b3b8d789eccb652b44a5080980a6dc25411f63d0e78a0bbb9aa049905f2ba0d459cb8ad2b8297f416905e96b988e1ea91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80644e7b1720d4b5841a63c659c63f1c |
| SHA1 | 6ab61594d9c2930cb274e9521556d5ab5de91af9 |
| SHA256 | 178f56505c89434c537a427363cc5fae92398cbaef8812d4730233ca3d5d4e89 |
| SHA512 | a6197ada9c0ad4c3b90bbd8a87454ec7a2ac642ac687de8e3fa38209096894bab660d49db4318a8cd2faf4eae13e3d838a30a1932b476366c4ed4c69d7d39f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f050a55f03338ce943d7e5fe19d7d85b |
| SHA1 | 623914a04f07e833ea71506115d1fbe30fdcdc31 |
| SHA256 | 9686df611f0666f9a315e788cbf183c1e5c88a9630818ef0215bb35facd764ce |
| SHA512 | 4b2eb0486edc201a3ac9cef00049632e4c3a57025877451f77a2fd77a7f750d2d9c311ab94d32cbb399884ec3ed17eb0589722a4a82c9c39c04bd1f12ed46717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582db2.TMP
| MD5 | e6a89f6e885afcca7d99922095a9868f |
| SHA1 | 1015644b8585af8bc0dbbed45522fff73810fee7 |
| SHA256 | f807df885d38f6d57780b4c0cb159dad6f4e0086a60e4a7eba3fecb3f290c39f |
| SHA512 | 5f9b9b7209ae9b4d36a92fafdd0b7f1768fcd85e9692637b0a5aed62b32a0a2888d47da095deb57f791b7eae7b87da9b9ad7ed55004d0037449eef6d3154cf3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1443d03a97b2ab3c7b60b7d3bcccd84 |
| SHA1 | 19e03a8b21bdc6fa86d577c644235689e1532983 |
| SHA256 | a4b1e57c7fb9f1e15aa9aad63321d11d04d0b3b8bfe749c31508ca832cf323bf |
| SHA512 | 812badadac4f2ea94bd23a45d3332d4a94ea5b977cb78044788b6eb08c3712056649eb2d3ae496261d065ec3852cce0dda41cc35ebbfbabd7e334b3eb549c896 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c0846256fd36f4fb6853620876edc55 |
| SHA1 | 2ab081501f82f891409079ff7405edc6ee855b2c |
| SHA256 | cf0b83fba2eec3cb0cd567d4ed764c13554c78fcef02a67a11a50152d335f2de |
| SHA512 | ca246604b1d7f6c792e987ae59c6c165ab0d9521ca6c0ce5ec5f67949ca14dd0ffc66e9d461d115c37f61733fa4efdacec5afcd0a50e3c30c843407ba306fcdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ae26982e86d51969f53b0fe91ede770 |
| SHA1 | 69b360d3c4a3c25d27074a9e407e8291a95e7f53 |
| SHA256 | 1f120581247edef98923911f36536dcfba810ad0deb7e85255b9188bbf3d08dc |
| SHA512 | d02b5e7c7b1cffa4f3c98692b744fcf42fb0c212e2b38d296909b5fab2b02381e564c88211c208972561036b072ca42f610b06def0b706dacd227f47be237561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | db6e420cf3493d7c5d37066f25206fb9 |
| SHA1 | 28a8f7b8cf9e70abe416b444d9357d9ee9943e93 |
| SHA256 | 0a795398e2a5c17542d5ad73a3325176337daa2088bdbff36173f0c92ae37cac |
| SHA512 | f7a2152efd33f2df780e3329f0ef1933a2aa265fe5406b96bcd8624d0d6a1ac393b14cadfeed43c265f550a7d7bb82f91edc792e78e123fcf186792a90921e8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e69955ad4a7e8b64c240e2dd04267fa |
| SHA1 | fc9eda2a804c9d534fbd3fe74121273a5dd312a5 |
| SHA256 | 2e3760c008aed87d4638928582a6de7b86daa2540a7e7ee0d2d5d1b27e2dbf62 |
| SHA512 | 1816bc0b70a4ca992b8241d50820f3a23514dc99aca80f5928aecfe47f4058ed1fb66156c0603e8178045570b09d2e0d52bbe63682a6ac710a1b51ecf8e6e169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c1a892ac01617e4756b4521b1f69dc9 |
| SHA1 | 0d65bd782d89f0013f295a935bd085ecd9785d3d |
| SHA256 | f0c6154931c108c63f7fd235b04d3c5d6054bba9ef8b8c7c2fa7f6fc12badd2e |
| SHA512 | f3331c31f6280acf6bd5b6ef3427a6053f42093bd687cfc8ee92026038d86d113c1d0404942b1e40cff9d72bab3d2da4f1dfe92fc2cb3b27e4b9cf0b159ea252 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc2563fee5cdb8b0952428a717a022a6 |
| SHA1 | 495f5a5f3782d2bdfa6ebedaba691c8e7aa594b5 |
| SHA256 | 47ce250e2231732f369e46eafcd9b1e434c2597cea70af109f940284ce20ef6a |
| SHA512 | 1e79c8fec6c1e39cac951e361e9bdf5bbcf4108c4355375b108bb709639873d7481290bc7f9a0a5b12b92324ac23272cea89df52bf963dfe59a2cc851ad178de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43d63438ab0fb564aec7fae26050321c |
| SHA1 | 7870a54520f23e18b152ef5d0dec4caf4a7ee04a |
| SHA256 | d8c0af8b4e15fd490e5cf10dbd8ec451464c674e5cb434c080bc8c1dee75d60c |
| SHA512 | 817a89beb0d6570b9ffe52fb15f04b7c0454cd528c097c12c7a4facee81f4c30d406ad0301a2fed9f3335e1e85336299a740f1f4253ec7805042a252f2c6adbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\039c8364-3dab-426e-8412-3c51b9cfa3a7.tmp
| MD5 | 24e578c9ecea703999a447dc78e8cd31 |
| SHA1 | c7b67180a6a1b47eefdb4e3185e4cfc62247366e |
| SHA256 | 88db7a3ba527399a8c8e72f49ec6d04d913d20b5674d382b5ebedeeb34300fd4 |
| SHA512 | 4fa312f92b897339d0acb3beaaeafe6b223f527eff60ca64a64bfc965194a8afdb52889556e01fd77e4808b694ef1aa7bc90433243aa0fbb34a75b2a0523081d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d5269249e9c5a5ebd4fde9056f9921f |
| SHA1 | 7c084bcab819a6270299156065d897e33a1b94dc |
| SHA256 | 54b46f4a9a9a5b6efb4d9feb2a192153bbc3b5e5fe5c9cd65feb05b4a4c960d0 |
| SHA512 | 38350fc78793428937846c47936bbb99886d763e30b38ae1aaa4d439ce96a29736cdfce778f635050e0ebd965c3944053baacfa616548a051bc583102fcde140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d4db8e09c45049ff25b0c75170df6102 |
| SHA1 | 6d1f07d1556a132a4a794e29df8455cc271f05a3 |
| SHA256 | 381473cd4e59e55dbacd388d552dcf27ebb82e7c8ddf315262a558fb25b3f742 |
| SHA512 | f78a68b51982e6f2cf25b12b3e24195a003f9c2d8ea84f7b5ab0ed3a70a5f2c7ed97932bcf5b30be57db7f6133c9b8f1744f801ee2bf4351b6fba5527cc1b51f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 807dda2eb77b3df60f0d790fb1e4365e |
| SHA1 | e313de651b857963c9ab70154b0074edb0335ef4 |
| SHA256 | 75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc |
| SHA512 | 36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6323714878cfbeb05f53d6503253b4f8 |
| SHA1 | 66310cbaa9c191a42836930ff123070bbb897761 |
| SHA256 | 1ea42f4a2e7de4753f94e6c4cebbe1e0d5d76b8685c67fc77fa5bc3f9838965b |
| SHA512 | d8da5c57f221dd9acd65ac7ae9e3c75dddbe92ff7d9adfd22a2e849ce6d065712b5823f97bb2b13485e02ea0606f3dc135e704e802668f97dd761f518d3e8b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90abb710fb276412ed65f346c64b8498 |
| SHA1 | 3337472999b0ed237fb7947ef23b3d9fec82cf5d |
| SHA256 | cb4382dbf6b28f703232edc19673b628f1319f6c98c25dbeed90626ed2ab7aa2 |
| SHA512 | 4fabbabe2d8ac5a7c51c47ba730772525c879408724de6d31a4bcce634d8460ec1b26e952fe6343072fae8f93848bb7de4bfcf303792e74b89b893fdbba46656 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acd2cdee56d74ea4447d092a329869ff |
| SHA1 | 0ce786316170d406615d887b4e3d16e930417f20 |
| SHA256 | 1404fc781ae46ab08bb06e1be7dbeea12d4f2ea3205b6640188377bfd07607f6 |
| SHA512 | 0753a15e8111e2c6e1ed8e84bf28d802e261a8565c84ffaf4550b703e4620892fd605be3f709a90dcb972b7a8b9a34791b99f1c0c29e14206e37bac4c65d652e |
C:\Users\Admin\Downloads\Unconfirmed 99890.crdownload
| MD5 | 2a4dcf20b82896be94eb538260c5fb93 |
| SHA1 | 21f232c2fd8132f8677e53258562ad98b455e679 |
| SHA256 | ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a |
| SHA512 | 4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65297e84560e1e262ee2c5371f3b876a |
| SHA1 | ada116f46869c7f3a037e8c67e745c7ea1e6e058 |
| SHA256 | 4887ab7ad8512bd6e4592939e428837fd59bc0981a05c04e22e7a3a4257c286f |
| SHA512 | fabaa6dd412f3bae792b2cc6412ba1abad8d21afd878f0ab5da44b392dc9dd7acfd1d1db6786ee75b5296d769950fa7273cfbf6ccfe2bbc2476b5c817101004e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5ef91fa1d9617aa436341a60de423848 |
| SHA1 | 55b2cc71fe9d48217783e8787ef6b2bf37e36687 |
| SHA256 | 7812fd2d201cc1a196a0f01d080bfa4865595a83e2b6a7cd18140d35c8696396 |
| SHA512 | a0c9f75b716879550064f2fe173438340cc1cae193dd21e19be3d87c24c09a2ad85cadd5d8bed7a2af7724004a2a2968e3fa3ef9b269a3e6042333f88ebcac8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1c24.TMP
| MD5 | b65028faa734d2d7c00a537a6db828d9 |
| SHA1 | f94700ba4bf1049d8e1e5bbab69f64bf0c515b9b |
| SHA256 | 8c9ef4598302c27e98d74c99872183303559d76d42712cc5139bfcc93e184d2f |
| SHA512 | 525b20043c31265485070275343cd1dcac7ce0917c67390e0862ed985512cb1139f846b0507ca5bf6ea7268e9ba65f250b025512b37feee6fc36114d370df220 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bc7db7458d9d9d8589191a111406695e |
| SHA1 | 679e595446d5d61edbaede828ddaef31a3956280 |
| SHA256 | 3e4312d5dfb5c96e6a465697204314ed792919a81652f106389d67e04c0732c0 |
| SHA512 | f342c77429b4b7b6eb880057e8f5fdaa49a338b9246492c13f4d11fbea41960b9c1b603b77211334f73767fd970ef939ae6bffc2d95fef5646f1f5b8069cfc11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9011743f9b7c217628bad9009c53847 |
| SHA1 | 6f550d4413d53ba004d66d4b27cff36b90a5db80 |
| SHA256 | ae5ef9563756fededd60399f42f01003fb2dbc1b3f6a38a47a188cc79cb9ba0c |
| SHA512 | f4c1ebb4027e25c417dab0551b22ee608d7dffbc5b0c2dab3d7b0885ddf6683c9483bdb34b91432734808b310999aa50e8d7c700cd23bd6f2147ae11bb8049bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dd2a925b503d901dcb2df23db6fa7a02 |
| SHA1 | aa6596bd24ff12fc8044bf8d52e1a53b7419b4e3 |
| SHA256 | 6d6fb707a07690e65fbe29c0fb7f6c07712e13491c911bf49965c7e2c60177a9 |
| SHA512 | 4c29a8796e0c17a6e7acda161d8078adf808f3a16af095d8b85ca4474201f3812d43283d918263cf2926be9d383cb43cf755ffae2bd29412374e8cf08ccea4bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a154b8b6dd3ef7fe6728463e5e2d3a4e |
| SHA1 | ada187b8ca5c1dd45e829cf67d0bdb4502c8a132 |
| SHA256 | 761af28620bdcd960b034e31e192ee5509da013368dd4df77c52d5c148490c01 |
| SHA512 | e2770de7e12bd5587ef3cac37610f2217802d248a771515bd9211dda7da549290e860d1065dbd880569426e6547e4c4d71f98cf239283e7796a66eb79f493c67 |
memory/1280-1263-0x00000166D4EF0000-0x00000166D4FBE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cdf01261d3961b0bf1ee248033dbcb35 |
| SHA1 | e8291be3b60128fb688b2ca95088060dbd749c6d |
| SHA256 | e007a86b9e625f8375ef096a1e67aa29835891e4aaedebfc7969b01fa6ef5b36 |
| SHA512 | 5471c5007bd00defade3f44960f6606ed0c16b37bef8d4a249c396a920b7f20b4ac981b0e7e7f723542692a2f62769957602125a9ee15add9b84f694ea0a159c |
memory/1280-1283-0x00000166EF620000-0x00000166EF642000-memory.dmp
C:\Users\Admin\Downloads\BootstrapperV1.23.exe
| MD5 | 02c70d9d6696950c198db93b7f6a835e |
| SHA1 | 30231a467a49cc37768eea0f55f4bea1cbfb48e2 |
| SHA256 | 8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3 |
| SHA512 | 431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb |
memory/1276-1299-0x000001C7B4D80000-0x000001C7B4E4E000-memory.dmp
C:\Users\Admin\Downloads\DISCORD
| MD5 | b016dafca051f817c6ba098c096cb450 |
| SHA1 | 4cc74827c4b2ed534613c7764e6121ceb041b459 |
| SHA256 | b03c8c2d2429e9dbc7920113dedf6fc09095ab39421ee0cc8819ad412e5d67b9 |
| SHA512 | d69663e1e81ec33654b87f2dfaddd5383681c8ebf029a559b201d65eb12fa2989fa66c25fa98d58066eab7b897f0eef6b7a68fa1a9558482a17dfed7b6076aca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 5dea626a3a08cc0f2676427e427eb467 |
| SHA1 | ad21ac31d0bbdee76eb909484277421630ea2dbd |
| SHA256 | b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6 |
| SHA512 | 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f67dcf929f5cbcd9e903b15e6a8b5df |
| SHA1 | 6070569e1e67c73250539d3bb42be8eeb810bc21 |
| SHA256 | 5cacb7a0cb867fa06ab097dd8576e70c13531378f1131d2fee906bd747b797fe |
| SHA512 | 0fc146ebe8264103b14d1f4f34d3681298d8678a628787a5429e5464daa700a85e527d74916cee4f50af8424ad4032a73c0f0821a969ec4a4ee702def23e1780 |
C:\Windows\Installer\MSI5AEE.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSI5B2E.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f8617b5995d989770c624e12b140252 |
| SHA1 | 90c4e2f10d6ad04cb27039b3df765151026f7db4 |
| SHA256 | d2921506db6c57f316bdde9bf72fe8d2e4af32999e12f9ba8f761028cea0ed91 |
| SHA512 | 7d76cc15086ed07ae8ab983667726a0c46af34a544b24774625d1dbb50c72655e776e576349b0ebf7ed0f6a4c7d3482c161f30531b415aee3e8940e31ce8f9ae |
C:\Windows\Installer\MSI70BC.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd824ae2b6de65d501453ad4f1a1df83 |
| SHA1 | 5775405d284c9ca99df34d6fe77aaff568079da5 |
| SHA256 | 4be466defae7b8aa32412813aa5f65ee46c01d3937e4c33dc3e5c658a8e20356 |
| SHA512 | a936cec7d841f2f28701905b9ddb81f9b364d49da07fa81280c0da60e6523fc1b9770266ccfb62b3b2e72f62c29ba5c64df25db25f2567b5ade207e5279d6210 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 595e9de7842c481133574fa048808556 |
| SHA1 | 81ff0a543ae688231990c7f2b7c8ad24515e5451 |
| SHA256 | 1f5a2bd99e14b5435ec3a2f02d073b4a71dc460db59a345b4753abfede2b7e27 |
| SHA512 | 2d4d0d550ea8d7b39c64da463eff631bf5f6d33bf4bf4e97f09e3ca10c648305b7fd6eb6229a868b6e28935f6b7a4d9add4707ad57d6b2593f90b88d92c6843b |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | a1c0810b143c7d1197657b43f600ba6b |
| SHA1 | b4aa66f5cdd4efc83d0478022d4454084d4bab1d |
| SHA256 | 30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae |
| SHA512 | 8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5c14d84a7edae83234156d631be4a765 |
| SHA1 | de6207c1ba97b16e03d355aad524944e586be3d5 |
| SHA256 | f23aa87d4179dfaf63f00d132d6cc25c0270487ae20e2853b3f5e5e2054eb468 |
| SHA512 | 8bdb7babbb20ea7a4c2239efff0ed7619cc2ca75cc3e71cc883134b9bf8175db5d784ab30ccfde52fff5107fa8b44dceefce4dd1b1b836eedba0b5205866f8e0 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | f7f075d6cca390dbb3195330dced1bfc |
| SHA1 | 2a6624ae08c077034b3b41dca1376287f7e0cb43 |
| SHA256 | 97c03bfa6193f0d5f897eb78b1867c17790b085fe610d0e1130e9a80e36d5577 |
| SHA512 | bbb4389ef71eda38ca80a999b5a6616484547b72974b906a7b26939eb5b5d911dc68d046a371a3791e8b2c7557b987e94a52fdc9cd7cc9e6996e3ca5371004f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 516706431ba27fc916ee42b909e63e08 |
| SHA1 | 04b26fb3595a00d1d26c6ee4ff185578a4920d15 |
| SHA256 | 797d46b69ec1a6ca5c463b61ca69d4fa450fca39f830f60ff1e1fee87fc78eeb |
| SHA512 | be73e27c7eae354c7dbfa58e736777b7668bf57a9084fc869778479380be11f4c494a069897f4caae1bd1d2cf52d685a32b91b8d45ca0d4327dd4dfe81ddf078 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | d3bc164e23e694c644e0b1ce3e3f9910 |
| SHA1 | 1849f8b1326111b5d4d93febc2bafb3856e601bb |
| SHA256 | 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4 |
| SHA512 | 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 35b86e177ab52108bd9fed7425a9e34a |
| SHA1 | 76a1f47a10e3ab829f676838147875d75022c70c |
| SHA256 | afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319 |
| SHA512 | 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62 |
C:\Config.Msi\e5b53fb.rbs
| MD5 | abee6bacec30d25b75908cbe9988ca78 |
| SHA1 | f23d073773dc715516df9116b0ecd5ee0020fb17 |
| SHA256 | 56701691d189a3326f75a309a01c26bc73c8b0b9002a2154d85eebaa8b1080c6 |
| SHA512 | cac11efb85741fcc663b73546faf1783af610759412e49bd65424bc2352c5f6d12bfeed90ae18bd35c725b553390dfb5b0e88f4d28571954819b56def291f51f |
memory/1276-4132-0x000001C7B6A60000-0x000001C7B6A6A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a086f39b3c7cc778b2d9b771793de36 |
| SHA1 | 6b0cf98e2e5131a07c3ecde991aa3f36c39c7e91 |
| SHA256 | c5e1dc45ad4fc7efdde888c7061381d7bec423e228cdcca2903b05669ea65ff5 |
| SHA512 | e119164352bd53d83500e40d3451e0a2cdbce4eeb6b015f816876bde0c23124da6a28ec73848ea503679c1f413f2d515e94e97a91c3da053504773289bdac738 |
memory/1276-4147-0x000001C7CF6A0000-0x000001C7CF6B2000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0589302f91aa343fbe0005be96fccbe2
| MD5 | 0589302f91aa343fbe0005be96fccbe2 |
| SHA1 | e522005b2f17a5e1686ec12c78c59f9ea97bf3a2 |
| SHA256 | 24a86d06e182f61060442200d2e197a3bf1ae0757ccb60ba65137b66e63fe236 |
| SHA512 | 63e5f206365b59426f9bd66bbed78ad0e74018f5d9485f69793fa1fbb78beb8baf3f182814c4938a123a6ea993b91f39a3d070e676bf146e622e99a4e2874279 |
C:\ProgramData\Solara\Solara.exe
| MD5 | c6f770cbb24248537558c1f06f7ff855 |
| SHA1 | fdc2aaae292c32a58ea4d9974a31ece26628fdd7 |
| SHA256 | d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b |
| SHA512 | cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a |
memory/5812-4566-0x0000013DE5A90000-0x0000013DE5AB4000-memory.dmp
memory/5812-4573-0x0000013E00540000-0x0000013E00A7C000-memory.dmp
memory/5812-4576-0x0000013E00000000-0x0000013E000BA000-memory.dmp
memory/5812-4577-0x0000013E000C0000-0x0000013E00172000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4cd06c21fab8ef081326893959e3eff7 |
| SHA1 | b34a76fdc3c7e394d3c3201ff3ca54f49f14b6db |
| SHA256 | d3de0de0a0e5918a7a3ece2e847cd5abba98d729aa5958aafd18354b2c13b34d |
| SHA512 | dcf05e6a844df78fa09d88a3088957bd4648b3c68dfc123be9417f737be21ae08288bd36a89353a90b079095b9a8ef064ac2ebc5e357c55bd4d48b5043462ac8 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 3d467d2ce78ecee6566b68d92140d7c6 |
| SHA1 | edaa99f6cb6427067828d39feddf3059a545202a |
| SHA256 | 600905b15b185fb7da2e0db5804b9990d26e915639814419b90376ca24c08cb4 |
| SHA512 | b28fa773ace88633ccf8db0a4354d6148348727dd30c0e3423e6dffbb72fb0a9579da7a433a831d19b69f698267e8cc0c67e54768d00c89ab861f877f7d3d87c |
memory/5744-4742-0x0000000074DF0000-0x0000000075000000-memory.dmp
memory/5744-4741-0x0000000000680000-0x00000000006B5000-memory.dmp
memory/2288-4748-0x0000000074D00000-0x0000000074D12000-memory.dmp
memory/2288-4747-0x0000000071FF0000-0x0000000071FFE000-memory.dmp
memory/2288-4745-0x0000000071F30000-0x0000000071F3B000-memory.dmp
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 07b434627505d33f506dda9276797db1 |
| SHA1 | b7a253e109461e1107fc78c2dba0041550507b12 |
| SHA256 | afeebc4fc917e2678331c675db14913e0a73ef589fe2ccef1e0870df14e62a0b |
| SHA512 | dc0e402b341a7ac9161c190f592e26007df452c33ef645a05b28931c7e2bf0c62b356812ef04d43d2e245c12445002004128cfd0eb553a2d6938b6d465097cd9 |
memory/5744-4784-0x0000000074DF0000-0x0000000075000000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Installer\setup.exe
| MD5 | f6ef6691c60c40c1b64c857aa7140f65 |
| SHA1 | 0a18181edb6539ace366e7d804e37ec558c52b79 |
| SHA256 | df10339c63d2f24162ffa7d61c797f46a4ec4d91f1f74c3290646a232c7e9c56 |
| SHA512 | bf2829c18f109ee181518b7819a23782fdee4f81644a9d062e060ccac7a2df27d2f49cb3c26d63e6c9e2aed6ff166f2af596c0365284ef1dc0a70363ea8fd404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0ab875f318074832fdfd1e41cf4b27f |
| SHA1 | 7ca24d045b4deace6a6457e93fc7d2910698059b |
| SHA256 | d875e15516edfdf87f17b5738277fb85a2a20117d236390d91c170cefa29dee9 |
| SHA512 | a1065a142bf8f75d2e318fa0ed1677cc8efa0ad549451eedb4b591394a1774972b0e832ffcebe21870932a6719266d25ef18a6f765c3af29b1432dc947daf11e |
memory/5744-4868-0x0000000000680000-0x00000000006B5000-memory.dmp
memory/2288-4875-0x0000000074D00000-0x0000000074D12000-memory.dmp
memory/4292-4876-0x00007FFB47E10000-0x00007FFB47E20000-memory.dmp
memory/4292-4883-0x00007FFB47F70000-0x00007FFB47FA0000-memory.dmp
memory/4292-4885-0x00007FFB48000000-0x00007FFB48005000-memory.dmp
memory/4292-4884-0x00007FFB47F70000-0x00007FFB47FA0000-memory.dmp
memory/4292-4882-0x00007FFB47F70000-0x00007FFB47FA0000-memory.dmp
memory/4292-4881-0x00007FFB47F70000-0x00007FFB47FA0000-memory.dmp
memory/4292-4880-0x00007FFB47F70000-0x00007FFB47FA0000-memory.dmp
memory/4292-4879-0x00007FFB47F20000-0x00007FFB47F30000-memory.dmp
memory/4292-4878-0x00007FFB47F20000-0x00007FFB47F30000-memory.dmp
memory/4292-4877-0x00007FFB47E10000-0x00007FFB47E20000-memory.dmp
memory/4292-4886-0x00007FFB47310000-0x00007FFB47320000-memory.dmp
memory/4292-4891-0x00007FFB473C0000-0x00007FFB473D0000-memory.dmp
memory/4292-4890-0x00007FFB473C0000-0x00007FFB473D0000-memory.dmp
memory/4292-4889-0x00007FFB473A0000-0x00007FFB473B0000-memory.dmp
memory/4292-4888-0x00007FFB473A0000-0x00007FFB473B0000-memory.dmp
memory/4292-4887-0x00007FFB47310000-0x00007FFB47320000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 347bb387a4ae377a64dd9d3f1010136a |
| SHA1 | 5ad42cebe1de374e77651e4bc0f9d626dfd5d0b8 |
| SHA256 | 5745b10473268e800546603c841c9984fc7e9a38d076790a589455024329067f |
| SHA512 | e687080597f06f1c00abe85b0166a70566705b5ffaa15b6feabcc711be4b283c881d80011432f278de3b6a8a8b357f6b86eab5ac14dd8248bef7aded65a2aefd |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
| MD5 | 2516fc0d4a197f047e76f210da921f98 |
| SHA1 | 2a929920af93024e8541e9f345d623373618b249 |
| SHA256 | fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c |
| SHA512 | 1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a4a7489a97da957abfb376c2bc7c6a6 |
| SHA1 | d944a743ffd110ef7af8fff950c13715e2836bea |
| SHA256 | 3ffca3de9dd4445ebca20ce9ce3da32d6aa6eba85bbdcf6b4bc69ce74fb45778 |
| SHA512 | 66158e33ce63a1d87c6de0b7e91ef3c0ac6024634aec7bec38a186e09c28500af850199c9d4f806c38f6bed39f90fa0d6b2239399e387ebbd216f1a038ab1b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90cbf588355f9f5b6c56670f6ca4bc18 |
| SHA1 | 198a4c8190adc477d03b03d7166f8de8ed037f70 |
| SHA256 | 76be8955a5ee4aeaeb58f5a5e722fdc769274b7bb4766ec1e2ffb2c7af772357 |
| SHA512 | 7c3acdc5604b18360a29741a2bce6e77d94bb33e1d40a0862dfd32b03b652adda6cc28407562045dfc9797d73d07d08b7f82ec5d18a008852026609ae0c6b498 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\43f986b9c477e6e54972129b37ca0d24
| MD5 | 43f986b9c477e6e54972129b37ca0d24 |
| SHA1 | f527d7fd1728ee63be9f283a4239f0e0af4f7349 |
| SHA256 | 8245715699014b8b40ccf4546ddc146bb7664a1a8c3bf216c7b1ecc7d8322656 |
| SHA512 | 799f8642df348c486424b1b515780d87c4033eb30a77bd578ea185910b3c8ff063564211dd46c1935b8ecc03567f5bf4536fb57d7f6f2157dce7d1fa411fad79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 811c0aea017269ae8f6115bc74794cd2 |
| SHA1 | 565797c852e92d5ddb91a3e94becb3fcece550e5 |
| SHA256 | 59a7815bd09b78f91045e1d4609b01bfec607f595feeeab3d2772802666d0f99 |
| SHA512 | ce79d909a49d5653cad618322f9a85b5e278dee0eb561c0e8865a81489108984a852bea0d668b242bdd091067ba7c719dfe8f168c18c14572145a96efb45d58d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 648e553d7dd8a6dfad3d18454723d720 |
| SHA1 | cfd86a8b8868309037e394b5d5c4eb0c6ed2c3b4 |
| SHA256 | 5e461b5c52b6e278caef80c6f25ee6ea661a7afc454d320b4299d3bcba0ad5dd |
| SHA512 | 2257c1ca2bda4c1bab2eaae2710dbd04d5544c30182a4a925a27a66156065ae9b44074d1a6dda99f09f145dc1fcaf31fa87f59e39de945f526465424ae721d50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0
| MD5 | 1410c9debe851e72746e4b1fd4f11cc5 |
| SHA1 | 879e59298595ab5c69c0d43c2bf87a26677099f0 |
| SHA256 | 1da72fb16439a044194496abb2a0cdc67ab23c83265f38569cee8dfd917a1444 |
| SHA512 | e7c5ba78b1b45cf659cbf3bd7b6d04d7e829e37795bb1bd7626cfaedc5259636e552530144514f9a612902595d66cd1ee3e7a29dc3953bc2d780e90b69688b1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0
| MD5 | 5d1e8727df21267a79a92c3d0be92b3d |
| SHA1 | 311e416109e6bfa1871a6d2abad59c5469a19cf2 |
| SHA256 | 9e45787d7327248704ea1a067c1f10b2c83194fd75bb3a587d182c2770f38e26 |
| SHA512 | e80b9c8120fa71ace0452c92fb51a01b131565b50b298482543dc7034441bc1b549d9f30f28f999e11ea2e232bc481a1a762667619dd194eeb2b3ed6f14f0d5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | 02741f01f7662fd2ddf43741e4c43071 |
| SHA1 | 4d26e13d631ef290ad464213c7d5aa3932ba3725 |
| SHA256 | ccbfee47169fb6f4f0d708024bf922d79aa78734185f44897791903f415f7304 |
| SHA512 | 7f6c9cb7bc004d0927515a14681f1c3718610dde25d97cfb6275e10039b8fb78fdaf191046313e11cfc77c9f2ca93c782e4490c098e302e5ee52672def166f74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0
| MD5 | 5a4074d23daec25d9303d7302d991bbd |
| SHA1 | bfcc5aed96259e8f5cbbb27b0bf2f8da93a5ceb9 |
| SHA256 | 35d6d8c7db04da8565418782019bd75f31bce79a85c98a2827400d5a94bb8103 |
| SHA512 | 53cb622a5ecee36a4262475e31b1534f9ea8a39063d63c0f22123f9113c8105a2eca97efb754462e951a26292c4ad369b52eb04b0f817ab7336b3effb9fe147d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0
| MD5 | 7d83d941dff643000263147d4f87d70f |
| SHA1 | f282a5fc81c2dae8ea3c96426288d810d053d865 |
| SHA256 | dc08758899e759751ebb674829a6c7b8cb332298fa7ae3aeee1c2f113e93b19f |
| SHA512 | 0578a22be11c875cafffcea1baa39d987dcb89bf61ef0c3cd10904b9adbb5542c49c1f3f2033c6713ee0ef40453a9ead0532227145da48db8644cd73414d97d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 91a929e67aaa7eaa4d8c7daadab897f8 |
| SHA1 | 08171a51962b5c7bbc6da45bb608552dc8394bd8 |
| SHA256 | 99b406bc7d8ad2ba093e157c52a2f0e53a5b7401aaa80da6ebd285b1471b6c8a |
| SHA512 | 8e1e3077723c012d2da7f5e992495c4a6588b74d63f84ad755f122810645d61c4532a7d62c8175f687c6c9a8c196b0c21cfb3aad3eca3c64579745af4d629e43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | f1dceb6be9699ca70cc78d9f43796141 |
| SHA1 | 6b80d6b7d9b342d7921eae12478fc90a611b9372 |
| SHA256 | 5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f |
| SHA512 | b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 53214f37c15ce68a217e2915c835b235 |
| SHA1 | 912add71f2d55aef34ceed48859cac16207759e3 |
| SHA256 | 5b50f1bacf12105016c72bb57bdb3a468b274fc21d4485d1922a14e2e127f803 |
| SHA512 | 7289364baa2d22ebe8754a3b0c0ee75e707d88cb925a7a2e871644899bff3a91afff924eb5f3bb1afac7ec6d5fc571dcefc20c5bbf049a1bdc1e0a8515f6fad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | fc8b9283e9c3686899120581f73dbf88 |
| SHA1 | 5d2c3af2bf4a2054daf15098d95992c9aac1bf17 |
| SHA256 | 27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216 |
| SHA512 | 9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 2ee3f4b4a3c22470b572f727aa087b7e |
| SHA1 | 6fe80bf7c2178bd2d17154d9ae117a556956c170 |
| SHA256 | 53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799 |
| SHA512 | b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 3908716b765ed743acf5a1981e143a7c |
| SHA1 | c807e8bdd9ccc8021205495de41a6b56d9511894 |
| SHA256 | e32d875b9ba028daee97e6ef89696de413442ce32be675c9cbdc5f2495e5a4ab |
| SHA512 | 18241ee4074a7bef35905074108b46a806defd9d92699c773ffaa0d0fba9f6c32d8b4cfc60983c19c683cc8b85e511d2c9352fe3bb68dd4f5db80acf9a53b07e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 4b76402426037caf152947f8287ff127 |
| SHA1 | 6754eb9e9bd622d152b1ab958cb6465d5bdd90f6 |
| SHA256 | ef4949139d10ea9b20d7ea642fd8947a758273bbf58501257f1201955e634187 |
| SHA512 | fde567a4c12e45e1f232961e9cf9a0b93a8ab7d450920a4e1161831936264d97f2734b1e2f0bf6fe5e8281723a9a368f6fcf298371530c42e0ffa721e795621d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 18a9531f05f4a3662558d102349767b1 |
| SHA1 | 328114b78180b5931d651669bf0b21d3a5cf8adc |
| SHA256 | 2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716 |
| SHA512 | b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 8bd66dfc42a1353c5e996cd88dc1501f |
| SHA1 | dc779a25ab37913f3198eb6f8c4d89e2a05635a6 |
| SHA256 | ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839 |
| SHA512 | 203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 4ad64b8276b4c91e8b4a8c29c286b0be |
| SHA1 | 1ec3308f54f831c9d77091c7778856376682e3be |
| SHA256 | dd7f2ff3804aa453d5a974f21e8a432903ec9d51443467f53c95e97dbedf0b4a |
| SHA512 | be01b165393d8da062c4a1752711a01edd94b051160a2f7f8e6c4f4bdf6b56d749fc3cefdf5829221527b222a7b31770b544487b2d6f4bce52cf1aac4a51d243 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 7be57a45cb4cfa25175b9e6683e6ec46 |
| SHA1 | da32d0bccb313405a270f64933b18b125455d0ee |
| SHA256 | 0920423488d6702e1e9863f78345fda0b9a34e5e26f3442046b35c8c19ae5651 |
| SHA512 | d48bea4ccf7e40e30551aa0b3df81a87d64ba44884ec915c13dc23491a27cb6ab15d3c7e5a7c47203ef69d7f6bbaa8ae07c275ffa256b7a3e0aeee2a5950ed7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 933b847d646154f68829fb1423017ee0 |
| SHA1 | 09bc5713a9598a53e3fc89940f8175583bb5326f |
| SHA256 | 7a9ecd7c422b35dadf831dfd19676957e063d71630dd6e190289985bed2836cc |
| SHA512 | fc55b2dcfc12401a1ea055e604269d22c2c84f53ce9b0d9510a924ab3395467d4c61bdd5e7ce2bfbbee61b158c8ded8815c2518b039b68345eb152fd1dd6c7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 6bd297ca3e7194e80a3b03d545a2033d |
| SHA1 | 6720368ae50640eedbdb4b4d3e1311a3d696bfaa |
| SHA256 | e59224be8c0105da450467d1986adc9c315ffe34282c4b6def19ad9cf413db8c |
| SHA512 | 885a70a2634d882188241c5c725255bd2611973c3a6999220d1215ed90452bd418250e9f18e81722277777c66ebc2f693c37a988b6a2f7623295b34356b3cdce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b517fbec09c159cf6f6c40ea9e3a807b |
| SHA1 | 2d2d48be6e4c557e38c6c0fd23a9fc7c46623ef5 |
| SHA256 | 21590241b4b365cf47f2619aaed9c67178a27edd9ddfc11562762b11a01ceab5 |
| SHA512 | 3c8fada67536b2f396566f76e39d922e52357ed4db93fb0f7d4a188247e911f90f01cbfe936a848aab75421de8d17a8e6f91211d5451e9fb5ea70fa7bb88f08d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1f902edb19ffc0f169a0ab15bf9f811 |
| SHA1 | dd9200176f730029109ecec65395ebddefad47d5 |
| SHA256 | e1554a2af2ab3c2656d9b8e342dddff1af7f4e7df06989500c659d5c004b5918 |
| SHA512 | 3c89d4aa5f026a165418c7cb818c0c1614def01343d35e3778fb1454f968fe64a3eec60db93fb7d6a4ddd763f6a7b1a0e1d5cccd809f263628c08a38ee838232 |
C:\Users\Admin\Downloads\CIH-master.zip
| MD5 | fe0ab5f20248a3f4328055cc50de3bf1 |
| SHA1 | 3b092c183137ac8f1e35b0b1fcd4f9052ff13c36 |
| SHA256 | 8475abf73f5d0c4314e9da81d7e5d183e49b2b506c544458ebfb5a5998a078b5 |
| SHA512 | f301c20e1fb9c75c1f1b802249ac46d743dad8687e08483bdde60bff55046e1f3fbbb72eb94a0165cbd0fc74a9cf51435f9bd25de95c84682972af3ac2725a32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4fe673b3311e07e34bc16429470baba6 |
| SHA1 | 9982c369352b653b1c6c41561f93352b5787b22b |
| SHA256 | 372dcb0a1473659bb9483d5f8ddfc469904c2f71d4cc6c4b4fef72cccf13797e |
| SHA512 | e9b28f7b90b425fcce366522871786337fcf65f7b3d5f415d55e0f8a75dd343599d676df9e374927fb4d7d4ad80700fa7656bbcd5d53cbb945920fa90fb87007 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b8e4203782f49cd8b10eb745dc94386 |
| SHA1 | b539eb7647484f73d583e4c1e631ded4c927c489 |
| SHA256 | c65e8538c7a3af74d38866d872642b582d2e272b3b204abe727ea8c9b14386c7 |
| SHA512 | 6601808a4c91b67464c17355e5d96e513cd0e1678baa7349602485b7401f2071e6c2ec70531d6fd03e608d32139e1a0a928173e0e5992a2349a419757c4f40be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7e600d957dd26f26491e1594f12ae0e |
| SHA1 | 4c4bd6833fdfbd5138e654cab2942ffa4a0d619a |
| SHA256 | 8162ca70797e3038f0faea78161ac92854b7bc39252d1ad9f1983c95f679caf3 |
| SHA512 | 19a5ed212ca4119c9b08f782710eb1f22d82cd61ace508fdd92309f56eae959a52d5acdf75ee5327a376398aff8799ac1b706f95e1fc79790b5bfd09d6dfe80a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4eee7e0ede3ce943b375910c438446db |
| SHA1 | 93c6c8338245a58fdf225a8d31487a43908d20ee |
| SHA256 | 707e82542ead3a7b9987581c3c704ab781ba1f20a8915c2a39629b7871d73c9b |
| SHA512 | cb585d166428f5e6b70e04fe8ef098ab037a2fc26608fc8e550ae7dff320d0f75cca970803a3d0c6ddb7beeb7af01a96c57cf87278d970c6e127d70d7524b57e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0
| MD5 | 560e895c3b6689d5fccab211df76226c |
| SHA1 | a066011ef542399eb345e6cfc7cc1ccc110711fa |
| SHA256 | df7c67264a8a02b9585fab9b6e6255536b914e4c5f752301c2bf4b12c93ac966 |
| SHA512 | 069402249f9c4b561ec0e2a4bb79f60cb85066679615cfe467177dedb92d6776ad5798d2c08a1b5afcdc195540fe770e7d1370cdf389eb0fa430278aee6f9e61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fb8ee61ad931146_0
| MD5 | c874df65a59cf336ae3f1fb7ad538e4b |
| SHA1 | 19ea2b90b5ca852e3f8ada15b8df344a89846595 |
| SHA256 | bc5e0060414a320395e6a6e336a1256af26263d50465f53c60a52135148f8a47 |
| SHA512 | af93d89ceb5120554d42a6a28c160643674aeb9984467b9ec6369a6258890a8c5332837e34667e70740410118ab7467c4ee2331057116673eaa58bf42fb21eb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b1bae872dbac44d_0
| MD5 | 9191c0247138f4bf0d554068aef897b1 |
| SHA1 | d09d706c916ffd061a9dc6dc1bf6f048ba4e01cb |
| SHA256 | e2c663cdb209d134c4bef0a961751faad3daf0e2ff78ef515699ad1e9b0705ce |
| SHA512 | 5ff7b1d3e64d6155506abc6b9fb876f6ba96060b058a04c8b527df0440c6471f53e89a41940d804cd688a4c756b28b4d330dd467b64db0d5d41846466aa05254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0
| MD5 | f80996333b146b18dda7961193cab62e |
| SHA1 | bb7b7b8a6d4a5a8f209450e1151a26e1300bc4fb |
| SHA256 | 97714f21a4969bfdbc6d660faf08ba195df2116373fb989dbb12506039324223 |
| SHA512 | 6099274ecc20e08715c8f3b214e4c291c45288d6fadb8c7a3693c251d9eade367aeea1a054b894b8ae66685068222ec9a252379c11a94ac9d3a5de59dab3bd0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0
| MD5 | 3bb588b193af32ba64a67d3f46ccee2a |
| SHA1 | 553c8dc69f02b05018e0bb94adabe67e28f05adc |
| SHA256 | fbc3b234a9e9ab13587d5fbd08ee0b64b4233a4053baf629cfdc0841a87ca054 |
| SHA512 | cf69523a1e17ba79974ee31cbd50240012db3ca834bc3a5429132da412444eb8aea86f9793c08cb0f9504838d31e685794fa6eede23d57b282621b9d218786fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0
| MD5 | 4e6bf388e51625564e0891da497a6515 |
| SHA1 | 970dbcaa156f5ac947655d1ebce038e240522a12 |
| SHA256 | b3c2cbae007fe65b5d86fd112f38aedb615150d308fc93f821d2b8ada665a4ed |
| SHA512 | 0eb8e4a3d63eea025de9cfa9e7b62368317fd17d1a09d25337584d4e3fb0f150b0d86ff4a5f95e20677b41a88f4a0f72de76ad54b7b5813850eb0ea4dd9c649f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | 380338e189f33dae2705b7fb71c4c7cb |
| SHA1 | 16fd6a824afe0e48e416c54db491bf4aa0e1b3e8 |
| SHA256 | c85d46ccea87df0975c4c669d2d1d958820e5362f95e518b7464ff5c0a01442a |
| SHA512 | ac4f46f03807df2246fad4751e0e1ad53644bcb261e8efb13bb0702d21dbaf76a29c8c7cae357a335cb4d25ec783d711b958034bee0deda048c4233e338e3e6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0
| MD5 | 63f897b12673d0e2004ea76f303295b5 |
| SHA1 | 422e256734714d71b815276738fff6cb043be948 |
| SHA256 | e3194066ddeaafc395973474b7b30963884ce86897783f529688e16476a432bd |
| SHA512 | ea3a938b6a16cf1d31009d415ae9f63ed60cb94b43fd17576367e043ae0b9b344ecb7510923b74ffb2e043d66e676294a5d7cdc0dd89c21ab4a5e72ff186d0d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb06c86d62c891d4_0
| MD5 | c5097581de90c815a781ac72d422083a |
| SHA1 | ef974ac9bad2eae46c8db35c250122624ba92850 |
| SHA256 | 60414044c8881706657646494b885bdfe4f8b4c1ccf338320b90699b2ea45fbc |
| SHA512 | 8d785c44b0536e0faa0be7979840f54e2b07ec77dff2e6eb6a1dda77736015c64ec06a5cb16634f157f999be77b664e412fd4447ee31bb6baf6b0090e399db22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0
| MD5 | e8ba2651fab4b935f75952f3bf333f11 |
| SHA1 | 8fbd08748b6842c4c8aa9e914b304b1bc99a9074 |
| SHA256 | 52e11887e18bd32974bc737fcabfab76b0e79ebba674239f33d3253ddac48cbe |
| SHA512 | 75cc2d57b67511b4baa17cd4bf72198f520bebafedc7ae9fcd512a47d287881768b3e35de01b0fab7e54d3ea84d4ed26d53b9808f5fb8b60dfb369957ad8758f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | dabdcc7aafef64106e9ccda1061b6d91 |
| SHA1 | 7166afd958e47f627555b4d326af536bf2a22399 |
| SHA256 | d0150f875e7d96b7f64abb99a25b7ba7fabee62d1f163f7898aa5a584f477171 |
| SHA512 | 7c001608c81481d54222e4a531b446e1d003a2e5edad31189c9d431bf7b74e2ae0864b353824486364caed09c7cf43a8e4ef9ef096442a95f383a1252caa2702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0
| MD5 | 91154f4b4858e8d9860bf5a4625765f3 |
| SHA1 | 5ed1c765a2ccdd41e2f3dd08a65f714eea070f5a |
| SHA256 | b7efdd25e88158d4ecc794b4aa3fc7e28005a3b8383c8c4825f77263b5899d26 |
| SHA512 | 49c67089df174763bc66aab8919cb26d44cf524e54b6c4efd71f05f0e1cf1d95cdd917f9f23f2da462f4af20683c343675d5f1da4664049d36db6e0784697091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 5908a984d32298a495920412cdd5cb7d |
| SHA1 | 5fb867d3b67b596cc69280d339d94afa747d15e7 |
| SHA256 | 36f4f7ad4bf03e9585f7cbb4cf863bdfa697fc5d242362580e00429a7d38cd8c |
| SHA512 | 3bcfc48d8dd89d95d537a7bddec633ca199638847ded1d1dc405124df2a1947493b3cb4f214e8ada83ac3cac8bcbe98da92e1faa365475af66db1fea4886ae84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | cc5d1ee1b0c791f19415b0deedae079c |
| SHA1 | 09757f9ab2c74334fe76c1c3802f5f43bf521740 |
| SHA256 | c48f3c136154c21b0fecf75288d82ae3540d1f79303add72f504961abf0e77dd |
| SHA512 | ad6e36aef8b2ed6588a3d87c299b414ee47ec58453d183d86b9cd1200cab03aa0b11819d4cf33136c160af4188d1fc47ade01a565cc75bf8c8deeeedb3ac88a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0
| MD5 | fd971443d78c1e7909a9d2348a688dda |
| SHA1 | 0204c5ff95165e26f6f9eb0ef770fff2332c391c |
| SHA256 | 9dca9dae842cdf2920a97890a0612569bf0631126fc37202624905af766769ff |
| SHA512 | bf672bac405dbdc5a746eae6e3a58382f998465d9c568221925a2f8cbc7bebd347b32c0af429456467214e6611c8bfee0ab5911b6b443422ec513eab954d7730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0
| MD5 | 97f9035c135df09f27a9388dc362308b |
| SHA1 | fdbbda3761ede61ea93f833c546064bf8fefef21 |
| SHA256 | d20ee0b84419d8fea3593b51b66142b25394cdd7233f48d7e552d37bceb55f71 |
| SHA512 | 13917ab31fb277683b42a89f22966de6e7aafe1a6aaac67ff7cc37f542a8dbede4e40174c73e8496fd60965169b18dabc9ff799da7aa78ad974deb72df798bbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0
| MD5 | 023273f94a931f0350e7c84722609c04 |
| SHA1 | 71032d32e953033823242235ddd097edddf6b83f |
| SHA256 | 35602903dcd6ca4d15e0880998cebd3b95b544af26cf03052f1c4dda30091824 |
| SHA512 | ee2c218c1bb817f7ee1e02acc8066b94dbad4204d032f606a2d5f0c2c879394630cef2262805e85a66ee673485f024393346a8763fc5839bc3f61330ea9ad270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | d20ad848806b5ab7e971edba28fd7118 |
| SHA1 | b0ea82241d69e9b784ec3e45148ab1f1b002b862 |
| SHA256 | 7fa7771ed3c5c63d9cdd7f2df05b08cd042079e701c71c5db2e4016a0b3d86ef |
| SHA512 | d13c06bf60819add3b7820169b66732fa6a8f84db327d663f1c1206486d3fceca2dad730e8c3f078632e7a8b8f9955fffc777e9b38a56b3cbe42c6519adb9f65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0
| MD5 | 409a8e05874f245f7ac5cd7f6ce4ca34 |
| SHA1 | 4a13169a1eccf59406a3bfbc8bde9826282eac7a |
| SHA256 | 81b8a85fd46c216ad850a6eb0a324c3534c9f0b3b95cc515216a876a3aada0ec |
| SHA512 | f618d19dbb643bef4ef6c5212d70175b3ad0bcec5cd7280c6e53866ee7ed56f169606e27f538e661f76c05ff0369e3608435b2bc44c0e47aaab2da4ffc6ceb64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25f31e74990b6803_0
| MD5 | ce87dbcf4335591d7d250f228b2967ab |
| SHA1 | ea935542ec19a416d82a6a1d047750c0b4c39a65 |
| SHA256 | 4b8c11243061304950f294271834bb053b64e610477d2357b79e1a6833b76a38 |
| SHA512 | 860c24bf02e7620a50d457839f369bb9664babba9225021e3b8fc01c006d6cca7dc5bbbfd3eeddb635511b6e95efc3c542f716e126e2ce84b3ad94ee3cf95fae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0
| MD5 | 7781789e265d98c1e22ad72bbe281bee |
| SHA1 | dd53d1deb9a98f91dac9316dadc07f0c297c917d |
| SHA256 | cb11308253b51429b0696855195fa93a1ee417cbb6336bb1b95a5efa653f976e |
| SHA512 | 58ef57ade76d1f4077c5f7b03f0f4b69de17363ba8c60782464533cda88b0ed6ccc2feb8c8517208783390d403569d23b98a348931aad1231c2c9f3b864f2995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0
| MD5 | 2d9098030f9c4cd31200a11b1f1da594 |
| SHA1 | 070a53ea2adcf0c76feda6a44273d5089c8ef5cf |
| SHA256 | 6ffd404e1d29e69780fea31172586c27ed57219d1a6e0b13aa12ca60968b2544 |
| SHA512 | 046e11cc02ca584bc5d218ec218277d759e0275639362fac429f05951e5a37e8f313168c32f2658778c2d8cf606f51eba4cf6c8acb115561d273014bf262c94a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0
| MD5 | eac9f96d02d0554bb36cf12753ba4b3b |
| SHA1 | 1c57c61e300760ecc250e11632af4fca1b595944 |
| SHA256 | 0279bfd47f9560ee3c281dc1bf05694ee4d2d70696afad3bf12a55db7ee66880 |
| SHA512 | 2a62d51f27d4b71c591daaf402270c29ae8da4ad74b43ff8239edcaa5c868b591e55e6a89386f6df67a49fb1debb693cf1c94c675b3e8634422ef9c3dff03a7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0
| MD5 | 46f889b90bef9c9cc09bb5afc1a7fadc |
| SHA1 | a45e09850c00d585adaf42752ef2fd118e482ab9 |
| SHA256 | 2dd89592fbab5c4071206b75490fb5257cc010c8e4cf738aae3b876fa596e43e |
| SHA512 | 6a9781be406fe85abbe7af48b3c33a01b08dfddf8a655890876a9803265c26f148456d44ed37f27cf2b20974cf6fb8f8ab7c162fe1a81ad356e60d3ce2624182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | c0d2f49f09b5d4cd4a7680dc71b63432 |
| SHA1 | 471ef52a7a6b94310512883d36731a04cd671e33 |
| SHA256 | d66ec90000b13a48562deb544929dd7cbbc23832ace2ed0374daee1c560c14e9 |
| SHA512 | 14a7c3e6f9de49d303c8f7a5e338e0b977788cd4c4b4efb3ea62611cf49aa7e34c1c747017ba747b5a24abde6bf89df28c9935cd4155c8abbe779c5960e6126d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0
| MD5 | bd812a207dbd93496061654085e607eb |
| SHA1 | be8034496ec52560221ef4ff682ea13daf130774 |
| SHA256 | f841521dec2380ee7bb7b84695da60445c524a3a74638b45685093422b09753e |
| SHA512 | 1c8fcf698a641aad844b0dbf172d0c572d33aa4206d36eaf45230e1f1b4622b48a323c5174f8222b0e0fa35d8dff1c3c6296dd5c8a9c90249e1428a0ff0f947a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0
| MD5 | 6bcec71f0984f5e6f20558b52baa50a9 |
| SHA1 | ef2a3b0823430b0767813fa11cd70509425d46ed |
| SHA256 | bd467812a9d75c27c555b64c8dc38ab20593a7c9f223765a6f33957b4d89d240 |
| SHA512 | 0237089984a3a47af45bc218c20063854a45e0fc4f7387c0c41bac25cb0ca544cc60156e46f27303d5e92234154e359e984006b3100b2dbde90d8346061f6812 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0
| MD5 | 6e3bc73ed6093d5201dd2f2e0e0db1d3 |
| SHA1 | bb82d8c500cbd75525249589b8b32d13472b0d5e |
| SHA256 | 332171e87a3a955522e6d5b8c8d63b6e9d152a51e360f83975353caae7243c52 |
| SHA512 | a7a68d9b70f2bea04b4ce6d482a3e73a686e15e36518a6627502d29780c09d58f527da9e29803c01f2f48ff286651cb421424e3fc360e4ac7ef88b4559cf18a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0
| MD5 | 95ac197081cd8e9fa42f1a172dfd8cd4 |
| SHA1 | 9d7bf0eb7e9e78ceb8336809d2ba8fbc51c5e799 |
| SHA256 | d834c90df7d657289c775fb899e09dc58ef76aa7d00acf377afd732f738588fc |
| SHA512 | 62d97192619c262f17fa48953f1667a8c87c32fb2c1781174140c3c0e01f990b7ff9042f40653dd710fe9ffdb756232cc172b196c4f7d91628dee4864560ee95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0
| MD5 | 162a2400d0adb294f253e2844d724d43 |
| SHA1 | 8da5c41989c762b0db2062c741ab96655f5d8761 |
| SHA256 | 120815dc8c4db06fa139feddda21af1e3298c03c6e92bc338f3dca06b1a7dea1 |
| SHA512 | 00997dd36c4b170b546d36bcd490aa6b0f6fee5f487fae95c14d6102003a2f321b6770dd5d5d3c40343e2be79c7d3d06e56ba32aacb0d76bfc0286d52f0f01bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 7419b63bcde988834329b9bfa22bb97a |
| SHA1 | b4b9b1ed3bfada4fda4c77ce91a825a413e37edb |
| SHA256 | f2191bade9bc99d2bdc127e99f2928d0e21d98d265d41ce7a44a8a3c78a4dde1 |
| SHA512 | f948cc4083ec3cd6a78e8ea084ee19c04a21b0dee86be725e6a13d4acffe82e9581e560f56acc503f213f47815be3181ac0006bd9884c12e61620c24cdf80b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0
| MD5 | dcfc9e87f7c6616c0a115872bd61ee78 |
| SHA1 | fa764ce3381dc57eb203955149bbd4aeecb01a4e |
| SHA256 | 23aa0b901f3e194093c57c8b47009c8ef35a8df74eab7a2a21250189a5a3980e |
| SHA512 | 0b70d5294cdd06648db5c3979c33798851f8ba1209f4e1f699ae395d768114f643c4cc279a28915e49171fe8cf848f805d7e5197505c67b312e23b1a0b40e415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4de9df79c57fb3d8_0
| MD5 | b38aadca6c9e6570cae799658dcb5620 |
| SHA1 | 1583fb8525e60595f85c5281026b7406440836aa |
| SHA256 | fc761017992878797f7d9fddf49babdac3edb4c2d4032b907814a98b99459519 |
| SHA512 | 01ed57f273f95cfafd982a73116bd0fe7dcb1cd616ff6a8b3f71c79a0f00f509fb50389e4b43d27fbf8f3cc09748aeb60eb160e9451d2566f613af129f9a0e67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0
| MD5 | fd2e675118db548fa7a7b090ff12b885 |
| SHA1 | 8fc6abe29cebefe103cc99b4c9964c9217410626 |
| SHA256 | 24b5dbb60934da2d393208661c8bcf7d71cdf4ce58f92405c8b65cc538123a6c |
| SHA512 | 21af470df1fc62f5f69bb4c3104da780f1b01e5b4d937e6ff3adc77f0278299c1d450e9b63b4fffe7b6e53205a6a6f43b36f36999628ce8e075a8ad1a8031605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\827a381adfabe2a2_0
| MD5 | b93edabd5a6ad6925454128748619886 |
| SHA1 | 2d8c8ec0fd76314415e44a2ee7c9b225610ace52 |
| SHA256 | 5def9b9e4150cfce3e68d2b42af20b4065875bff6b4671b9c2c4f4275664c159 |
| SHA512 | 527d0cd63b0fb58631a8cf3042e12d66ff98fc78d9867d460b919c313204f199a86eb104562dc5ee8858b40e2d04c35e2d35a20341b72f54b042b7555ccb44e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0
| MD5 | d2a12bc7fd58b6631f78599be621e86c |
| SHA1 | 578869d348a395bb9ff4e126ffa7b9b2ac0fdb42 |
| SHA256 | 3f63823f7728af2b244fce23b30a595613e32e000544151c5fd32b9234aef1da |
| SHA512 | abd39bf97a07d64f4d29c98588e99cfd7777526ce9dde0ff61972d9adfba20b3d21e8bc83e0f046b675fb6bbc4e9df7f2dcc29d1a0d32aa6181fffe0efea6d2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0
| MD5 | f926762bb67ca14568014e59c408725c |
| SHA1 | 40d14aa4069c44a98690919772643f06fd286e94 |
| SHA256 | 344d575650ace4e70e9b9b42a4b2c802687527f327804ad7a04909072d5f2cd9 |
| SHA512 | c9ebcc13b44fb4e3d1cc7df24ccc7f4c318816d35925b4e0237173a0af5a65130cdb143eee7653c26e7179344608968f51226865477c0e679aa7a6e7db45096e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\458962bde4745863_0
| MD5 | e7b13a470985d4fb12f507efba98c79b |
| SHA1 | f34cbff3e061dcd38660d7f7199de75b5f7affd4 |
| SHA256 | 519d35be7fff1cec60424feec0037cf3e51baeefbec326131942490d9857c869 |
| SHA512 | 520c9d54316d6be585f51e5aebe2ce5da1f8e462802ea8d14de88c46d5ea612fe05d33fc26abc2fcafc1db4fdebb0915284828da22f6f34aa7b7679daefa5668 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7e98dc87f7b1169_0
| MD5 | 546c279605ec1d4b4fcfb60962a3248a |
| SHA1 | 1a8f5a63fb79a48c6cc41801e75ec232c9f480e6 |
| SHA256 | 65a4c841a8bea397a2e96af9cf8e9888381b86a34bf54aa24ff88fc12671fb6e |
| SHA512 | 6a55b4b4ee8f2d3821c5bbaa2a63afcd225c6a20c0863da193276d0f4a67f23567c84da61c2d69ce4a13d00d36a143f7d9781702a011da8bb44f7645a423717c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0
| MD5 | c58a68ecb0b7f2fd4db6f93d12d96f79 |
| SHA1 | 6dc7aee6dac66bbe2c4b77dd3fa392f17fadf35c |
| SHA256 | 769904a2355d30151aeeff5b5e3b3034af6b25ae56df4e04b59daa81b738fb38 |
| SHA512 | b45a1c728ca205655b726e5fdc492d44f2780e9c6234702318df8d4a9fc859a835a17faf83a4f36114fd2e8f7bc94379125ea3608e44f4e3380c2fd95b26dc7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0
| MD5 | 6257e2aec03172c83d3fea81b1c1b394 |
| SHA1 | fead7bc37d5da2025d55fc9781085096544d7533 |
| SHA256 | e72ee0875819a48c14b88c5dc115e44347a82bc4ce8b54fc4cf9aa6315e297ed |
| SHA512 | 9d01124ab248fd06070e5f2a4ae493f6b0f6782a045c6b75222baa5c551077ce90cb306b046d01753acddd1623203f110a04c9033a11e8effdb1fb064a7eee2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.splunk.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19d13b51297577b5948981b8a694ec70 |
| SHA1 | 9d9a78230c3c0350e9591a99c319ab2341e05e44 |
| SHA256 | cc880361c51e070da9a184f6556f7b1ac70d21411ac2ba21dc88e45919ea43d4 |
| SHA512 | 35a54c7b4dd6c02df6cbec1e0da159c21039594bbcfa136dd6ff1e0a8b75730de0f7d5f158180ecfa64245327e20a29ae89388fea8859f849dc7dd545ecb9b33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 752d987d145b20caced6623a5d5229af |
| SHA1 | 66dc2470c6b9d27ba43f298ba0dffe8bab4472fe |
| SHA256 | 7d27d4176d97848f72872a19e25ef45b969a76c2b322068c9ede252d3a5ae2d0 |
| SHA512 | 04b8c4ab3006cbb46df79f5dbe10abc8ad2e425bad4bea32fb479a90f1d6f7524f8d8ce17441c8a63d52976763092c858cd21a5f5d409a23a06e1e7319e013dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2
| MD5 | 7f8a92b0610b0b7c99f6c3b0dc48d4ff |
| SHA1 | fa864ed7594e7bee95dc9b59ee9fbc61d6f41447 |
| SHA256 | 0435f0b5b5b5dec8e21aefa41e111c0f3da9f274a01045613c399a5ba1f54fd1 |
| SHA512 | eae2ea53de86789a72a0575a66cee65a12de69a06f4ca67f7ee2429be2787ac255885c6b0b31932dd9ed364618a7599bdabdd8034b7b4966a91ab8481a5591e0 |
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Installer\setup.exe
| MD5 | 69221ee7ef83d7eb340857b5833eea14 |
| SHA1 | d7f27c64b62eefe2c204a323cc812fa56f58ce1e |
| SHA256 | ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9 |
| SHA512 | 8df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | c51d020606ba0bd892fc13e1c1c52fb2 |
| SHA1 | b6724559ac1d8ce726487f9e7087853c42b3b530 |
| SHA256 | d8d9a4eb9994a9fb0ee53e46da8a21b293cbf19900a39cc58bbba3701c1759ff |
| SHA512 | 807fc993fb5e4c35c248f9e70f51838056eba997fbbcb405c93bc4304ab73eedb29d411624c179307150f2bb8da5136c6d623ee52e4d0a8d9049d2e0e19b22bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | b64471154ff618b63c14c46598fd8a34 |
| SHA1 | 0a235de5caf2fd124202e1142c90c7ad0ebb4daa |
| SHA256 | bca188e18b2b82cf10e445212fbcacddcfd3acb9217123a5e7a1592553bcf426 |
| SHA512 | ced21476354e73e74e65f2f972dde7a28d0d7a60163d802a629436d7a7acc7756d3a4da9574d42101297de4342745ba97c39ec8f643e1c90a504d6155572ed07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a56799c657a062db4fa5a0e9fa6c0abd |
| SHA1 | 185660ae8c260ed8192b8de32db171cb22371e9d |
| SHA256 | d9df1e55ff5d917c2722f75e300707eeb77fdd529bf01fd59c172417f8e356b6 |
| SHA512 | cc7cec963d36ba3591b56cf253a42d0b5e43f366bcbe01d156ef3552d6cf4b64f799bd50ebbde1261ed509f426b064e2fd5f531a9ed4aab8fb2a903a9d03681d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47321d4211dd5ba6970dec0e5c402aac |
| SHA1 | 562ec958b232032ef3fb8ce56d17bf50a0890342 |
| SHA256 | 206a33f8dd7bdeabf4fb19136421e80addb324b37d541a1d26e5ff59a1e75a9e |
| SHA512 | 295d2c25557628daa4d994fa7d48ce8e23a796fd3b12f4a843cf05210ab3964535d7f7a375b1d32bcad105bdf7dcf25ac54e6ddc9567b5ad01e7d1602796914c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a22d29e8304efe92a000bcf316b87cca |
| SHA1 | a669ef1a6f65ee450cc8935801ba9fcc974a2384 |
| SHA256 | bdc1d7b64c7b029fe4dbd87929d4df1b895d398403255a035b1e269683c7c124 |
| SHA512 | d9d3d9161939a30a290023391465decc396f71b903e738fb69efd85dc58cdf1e2537b49ccc99a82bef9694afb648ff2970d4ab1dbcf8e216cfb41ffe0480f70a |
C:\Users\Admin\Downloads\Ransomware.Locky.zip
| MD5 | b265305541dce2a140da7802442fbac4 |
| SHA1 | 63d0b780954a2bc96b3a77d9a2b3369d865bf1fd |
| SHA256 | 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0 |
| SHA512 | af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fff106a06ae4af35185a85a35253958d |
| SHA1 | b6cd425058349cf712041cfb648a425a97cda9cc |
| SHA256 | 34403468d1a60d8819e6e2ab6fe2ad6524fa9b0110dc507a14c85a31c8b055df |
| SHA512 | d1b2af08acb145c210cdeceaaca7c9f77399acd94304a79282e0def761f6dfd19b3b7bd3ec71fe41b0c070b6f96a058b7f4eee873e685101163091c123239cf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0de1009a9982b5e0c970e9420fac51bb |
| SHA1 | 9f4336bf793320d1c9eb34b8d0c728f08947333a |
| SHA256 | 9952adacab38428f1c694e55647217910174d943af3bf90b43cf91f30ad7eed5 |
| SHA512 | fda3c88f1636914b6004d145def33da0f5ddcff5116450a54830b45477bc7d5050f1ea0cc5f41edcdd484a6df57b314a813aecf63dc23dbf755118c04ca782ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f7a280ccc8d3a8d9fbf26cb5fcb0908 |
| SHA1 | c901a1afe8cdb7665ff4869c3f0a3c90b8fa923b |
| SHA256 | fc113a54ca71328bab0cec99d658475fed87c8502bd64629a0a4c7a43094a5c2 |
| SHA512 | b7b23ef6c40d98cb704ebddda8dfa47d8907daca41c6e461ac03106382409831c63fa3a6c42d34a771143c32e23008872c3db7f66ab6c0bf42fbedb5040bedad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 966218d8c5cc719fa88fe68b0019b803 |
| SHA1 | cda8b15d433431fa220ad15cef1577444c46c691 |
| SHA256 | 2561d4c05e56f3d8f3302d0bcd151bc3811cfa73f31b9af03875ecf381c5354e |
| SHA512 | 1c8a50ec946e0128de89fbec41f29ff9fbb73da0a4e2ed2b2ad5ba17a7d57e20612e00d41ad3ca5b7e72ee59d2c6cd304f8d72071effe53387098abf565aac16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7e90787a2c4efb54555a96058edab9a3 |
| SHA1 | 59769ae8922a547e39f2c995f5bf51c6b10b6c76 |
| SHA256 | e824175a00e258ba170df6fe9e93c93f4b68f15584377513d34972cfbcf65349 |
| SHA512 | 7bcb5e3027b20822e043b8a59800a1fb37648375dbc733aebbce883e282248f41c913a252ae725613a0bdd790c1de8ae838feb2a65793b140f0db18b026a0694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 672a7f8a8ab130436a31016bd96423f6 |
| SHA1 | aa905a675dd1dac3327eb6694568bff55d6370c6 |
| SHA256 | fece0af1fbce8c1e8e7f1b71a1571e091bfa9cab90194463e1d4f4a3629aa45e |
| SHA512 | 17eaef86e6483632a9df853e0e6488b57a9bd2d590a93912f18d81a3b7f23e782684014b1b08efd59df3c62bb4c0de411a5c443a4ee572ebda4ec1b3c231d77a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e3c50ec4c34bc0fc492c5e1c3fadef98 |
| SHA1 | 32983a0f7855336cc18e6723c2b35705fcf280b2 |
| SHA256 | 84ec8f1bad075ecd7927771cf8eaf217593bafec1db35e57274a89219f6d399e |
| SHA512 | 2bef0586dd29f813c635aa3e8f6afa3bc1c96c18a75c874f8dd68118cb592661ff50101cfac6ae398351735498840a4367ee473574134c45efc506c8f024ad15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061
| MD5 | 6b5c5bc3ac6e12eaa80c654e675f72df |
| SHA1 | 9e7124ce24650bc44dc734b5dc4356a245763845 |
| SHA256 | d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81 |
| SHA512 | 66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7bb0353e08e1d44599c516485ba879bb |
| SHA1 | 909bc39046f250ad7eeeef88a5b528a9f1fe04c8 |
| SHA256 | bebbfd02897374b0f63d149a7acd0e1cdab2999e99276a9eb7373971cc603a8f |
| SHA512 | 6c523a08ca69cc7001b1d3631e1e9dab9e71522ff208bb08bae3b13b73f043922aca59fac1b751859134b3a5a913ec92652f54bdfdc3202a8476e46393e45e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\90c17866-2957-4dff-bbe1-1f29ae2c7689\index-dir\the-real-index
| MD5 | 826433e8162dc6429422ca7b5ea2a5f7 |
| SHA1 | d0e2206c1ba85e9ce0418d81d0025fa87545c9d9 |
| SHA256 | d95c89b41e50f56859794992470e99d37d683d8ecac4b236c6a4be8388d993b0 |
| SHA512 | 3281d151faaaabb4db312fddb4a020783860b16906ac04916a0ac3635e98f85580b5e530e9fab9ea5195a9e3d42e085e9a782e390a608e71d8e2163b77054a56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\90c17866-2957-4dff-bbe1-1f29ae2c7689\index-dir\the-real-index~RFe6cd730.TMP
| MD5 | 8c27a06cda06002fd39d518cbdfdc301 |
| SHA1 | 3ff9a6a3813a12348c512fafd1b2d2f81695e135 |
| SHA256 | a0dd149bd49a28e76713bfa65f0984795ca4729e82bbcc08bf191f36a3032ce7 |
| SHA512 | cfee1e538430f1754f13f2fdc807f51f659da231be0f9bd41ab6264cbf84c1ceae55c734b1a486bcb5ffbe0f50e614a572e3de93fa87432a3bc9f70f0dd1527b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 51c8443c7581f08f8e34286cd4914cef |
| SHA1 | a6001f0db9cdb0bb66435efbf879f0ea79717f1f |
| SHA256 | 3c832600a807d484c421a93dfe8cff5426d0fa414a2b3a93498d4f51b5adf63a |
| SHA512 | 14e9a36b18825ba364c8747c9171ac4f32dcf434a9ddeb7ffc1a1f33aea197dffe1d3198d1686fe7f937bdf3fe1c31f2b47907f4017c23919a0995ca10434b6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | b35dd7b3a682bd16181c0f3cf8f103af |
| SHA1 | e7e80bc429e047f2435db08ada957f051222bbc0 |
| SHA256 | efa9fbab416c37473ca8115430bf46770a61db45f10bdeaa0bf7b12514f87c07 |
| SHA512 | 2c3d6d58f35a183dbe2a4003a39ed2ec582b1096071998af3f40c4c1489f16f49eb9736ded10cf807a1788ae7690139dbc5b67c8928a9429cbf160476715103c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c628dd7d19b636c53e359d4e03b8bff6 |
| SHA1 | d1770ae5bab68ce1a436ba77075ec129a5329a74 |
| SHA256 | ec05de0cbf055333b46c0aa5dd64b0401c7a16e227a37b56ffc9b7bd9a2be681 |
| SHA512 | 02692137c59e5609b8d96a8912de942408f83ec24c98a99ac5e95dbee8346eacb0550addc76d52838050b555512a9bea3ed9a3b4112818fc156f90ca9f5b4460 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5998a704b474a4c3fb870d0ad829519f |
| SHA1 | db8e08fe15adcd4d6caec3ad6d399f7b51c9ed81 |
| SHA256 | 76903aa66e34b94378d6c4716dd5a7d709eca5f8a06b586efc4cb271723bb6b4 |
| SHA512 | f669206ca75b715af4274524404ea5e6aa9ffece6c00dc3870b4997a25f686d3b4aab97a4c0ac20ceb0fb46e505b64d03089135ebaded69cc0e497f1aab8d6b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 983877f30e2d57948c5d5436eb8e2eb8 |
| SHA1 | 7578983a7b0b313e77a679e87617000e90006048 |
| SHA256 | 6c73ec5dc799f1c6212deae7edb40848bfb38cb5004f2bc5b7c1910e34b899a8 |
| SHA512 | 89e50b324755236ca5f189534f3507ad3cb43eb280498c5f454a81fed30c673411faff1b0cb4cc7fd97be9c8793a5c59655b96e10cfb578c56f99f167eb42942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21eacbefbc92d99845deb4e0f59ac67d |
| SHA1 | f04a380a5bee9a8ad21041c9757e7dde15d0acd9 |
| SHA256 | b95773abd1f020f2fc536baad749a2e66ede9bfd152a15b9ad90900c4ae9193b |
| SHA512 | b5e3e6e202c87d2d34c0c75b1667ba747bbd0f8da755e1d840b9a6517b3c57182043cec2246db566f1bb12693c4ac8d84607bde0c15f4436937fdd3a96c1be3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 389d32103dd9ed80603209ffcf735683 |
| SHA1 | 87dfbfdf9039f03d9637f4f3737e8be87061609c |
| SHA256 | 4bb5fbdc9ab5301269612236a126f8a4fdaa97e99e28752b47a17a6238fd6a09 |
| SHA512 | 8fe428e7a946c7c4f96e6c25c6dceffc6a4ae7e571c6cc6c66e741911d6d5c713a7360c4646a47db62af4e58c28e5f8d527db7a27688ceb8c28bb75ac5600328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db80d672a14a2d79_0
| MD5 | 4d1a15b155d1e28e8fb8c2a09d08c14f |
| SHA1 | 9d164552da058a25e78322fb62224d1fbf9552db |
| SHA256 | ce0f394f451d90e275e93bd3db30ade92f34a609a90378692fcd6d5bbc669dce |
| SHA512 | 80dde21e876d1044eb77a0a3b6fb02effae70325d535a2a44626e3718bf5f6a24e515dfb9c283bbd90760a70614116fe02efede44d377b9adb2653c6ebd34910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3aab5a8dccfb4ee_0
| MD5 | 3213de16709413a50338a92df0be0ea0 |
| SHA1 | 1aab90df33f902f125f3e16155026f3167187f1f |
| SHA256 | 0c19fdf5601cf72113df853b7c83ed43f3db7c50654693fc2acaa9be589df807 |
| SHA512 | 56f1ffe0b48320041ff0baceb684555488a660e864a91f5bf13e6a1a7ebbb45cf369dcf557da978deab7aff190bb10e2d75a8b78610f18d1639bbde145828305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b4311b2387bfb57_0
| MD5 | 1d7e5cfe249a2568c9c2663eb3ac3c09 |
| SHA1 | 433b51e685705aa689b4919b93d3b190ec21cba4 |
| SHA256 | 9ff640ff183a0501a32c2ceab8bdc2bcaadafc2bf9a48d4b8d6da34b1c6444cd |
| SHA512 | 541049781a46e311c19e30b0bdb4ca17cc197eac85bbe1e78e6505977741a0beaabdb390f8b2857e294649f1812fe6f74b75959ce36fd31c8d48239530ea69ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88f32242cf1da472_0
| MD5 | 4bc04660212bc100dcdbebe63a737353 |
| SHA1 | 7cc074b0cb29ae9b2f59e0b66744bc4f638d0fa7 |
| SHA256 | 3b16cdd6426ca1be1035a15c124b29b1f14e5d2b2aa2ba63152ec2d927e98a19 |
| SHA512 | 7872673329ba4be29f8845e47060f6d7d139e7c6324dc81c421387094c49e5aae0ea9f43fbe513a0ad640697373a55c6d9623765bc99f04d855db06941481a64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5c5b9cbc406ca3f_0
| MD5 | 490c2a216ada799861bcb80b37928339 |
| SHA1 | 18efc9b3ca1f7c1f43b1fd99d18daeb4217025f7 |
| SHA256 | 0cdd50ef8c2fe6b34d8d6f1e8286dd77c03618e49f9b82e7cd78183724ec2ed7 |
| SHA512 | 9169ad0cd80131f8784d12430dab8ae195aec3de8fc3cdca308a5af5f56a17323d3c1532d808e1ffe99bd54d946abdae30e3eabe3fa1282d0415ff4bb1699b7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff446546dae110eb_0
| MD5 | 37f8bdbfa5eb2d97a5487be1e59de400 |
| SHA1 | 00c3bad09718e6d78dd4e5d1d4456eea7219cf07 |
| SHA256 | a52d0b7668995f904e357f04c2a47d6b29e4ac021b3584a347ce1af354a6b679 |
| SHA512 | f7ac7140b8fe85caaf2d835c48d85851d0c3e8bf4843154d3c73f9f4743a3d6bec398063b57c41afd5879ff3d6ee28fd305f51bea4fa686b62a44cb3ba92fcc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94133c491567ed48_0
| MD5 | 35b944dd05f078c14bb5c3aba275f069 |
| SHA1 | d26b76a1fb0e485d2dbcbccadd8191a1e5f38d7f |
| SHA256 | c50de5e00ac66541c01493efb1a428b672e40e8d0b50deab6c2c7c549207c154 |
| SHA512 | 3ac8d3bdb1e74700b5824ffe85118cda6db15bdc2300fe7055bfe2aaf3b67d0a71ab8d5071821d671509e539e37dd3f125c3c985da853048de2e87ae3e16d2f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9974fce18fe91f40_0
| MD5 | d32b92b0384c5ffed79aa67a3319d37c |
| SHA1 | 6f05997a795da3498f6d5c3d16286130e5941ce3 |
| SHA256 | 8603fd2bc51a277df48fbaf6048607c249584cecd6617635366beaef4eee68bc |
| SHA512 | 259186f990c3b4aed19e997b26844640238a2a945e88883f6da428249855cf88b2d02f176189364420d993b45354042a1ef614a54db3f5aa03d7db201e938ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f9fd988dc5ea5bd_0
| MD5 | 8dedba1e82ebc2a08872502089a84240 |
| SHA1 | 81330a38510448ecd7d2495600894c1134b430ee |
| SHA256 | 15594e1fb337fd61ff20cdcefa0bfc848661fb984a6beec48374d50e3ec9429c |
| SHA512 | 0880f3bc1ebd3f5dc4fc9acae9b6277caffb51dff506341093127bc707bdeb46e9b18aa6cdcc5cbf22a1af4cf1d49b8895d6cfc48856a40373ceb1ec4dbc921d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 595f1c3f4405a375a6e08a583ae1a56e |
| SHA1 | 689e83a178caeec61e0e619f734895147346f893 |
| SHA256 | cdbab7e3e266d87808de0dbaeb84159afd1fdac51e4dd642e85378b8de26d50a |
| SHA512 | c06a38604ab96583d2a2bf50b78887bbc7289e8cbc8fc5ff4e8078985ef41470c29aa724d52ffb4af8887895255e860c89e0d4da73500554e8cc0db835f9aa35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 363e746d3f39e16805e4286b87776275 |
| SHA1 | 58aae5a28b1cbdb4cc334f465fa5c3f554383495 |
| SHA256 | a6c3da441d35ac43e15907c277b45d3a18a5dd6619a9a2bdcbfdc257085fef68 |
| SHA512 | 37383bcafb1e21433c77398844ff2548b4c1aedd85269b1daf82c7576363c0c8354f6e4aa139a68ded006adeca1dc7a9ac68444dc220fac08d4e1493f8011b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\326550210f866221_0
| MD5 | fb602fa20d58771b25758c1200297f04 |
| SHA1 | 0a9b11e86a2dbc00b67b2c2044bbf397b3c9cf55 |
| SHA256 | 93b54fd3f20520585076caa2fd02a5a3bd20a5f24b3573350d2be0c9e6046dcb |
| SHA512 | 7e35ac29d4207807607b59c001811a9b0dae61f5adaf650d4899d11ca75de577f17dc580575fbaf6fcdc419060cf2995bd331f0cb5cfe80a3879075e78ca2527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14aab44ff1c5ff18_0
| MD5 | 90c18d3146b35efb61d7bb00d3b6bebb |
| SHA1 | 73ed32ec255f4f17f0542ba135e9c0665e244d77 |
| SHA256 | 5a471d84281b1b19f0c44705ecd651454e8e95027a0ac372bb7aae9646415fd9 |
| SHA512 | b8f8879d95fc6dc903e1e2943b7291be2c03ba770ec742618b6a256186071886bf025dfebe7c5783f784fa167113e5c11018cbf415baf7f78bb0aa681128efad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4dd8bedcc0bbfdc5_0
| MD5 | f37cecd19e2f7d29b4305f44bcf76521 |
| SHA1 | f5846157ccb20a978638cb4ad0fcc15892532dc3 |
| SHA256 | 12f087abd7cd6c9ece972107d85396c95bb6cfcc80edd1bb6e1c928392339eae |
| SHA512 | 0029b5aea1c6ba43da5e837c8aa66b7029f9d3b2b653191c2e0d60f650e37af745097499bc56af1596915cf82a9cdbb22b29540ca296167c5cc654afbf407baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3565b269bb2b027f_0
| MD5 | 837a7d889eeee2a9759b8b68aa9b57b0 |
| SHA1 | 5c636564eda5df7c7e2a5e8ee568468679d97ad3 |
| SHA256 | f5621caa06e33f95fcf6fb311839b6d8c2c1d17fa95698e94f1d38f073d019b6 |
| SHA512 | a4a43501ba821fa8f2c727775c1f4b387f2b47554983a48e835473c8668f01beb4bd7cc09a94822f4b91caced2c553cb306b165b213790efd74228bf398f58e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1c02dd72d05ea5e_0
| MD5 | bb192991cd022f02fc9938d685bd0b70 |
| SHA1 | 2f60ea109a3351bd45f706c9aa182d7d1ffc1cd0 |
| SHA256 | 5381fef45146205c9381b23d2197533f351d000165fadd5c00c9630b4f6f5435 |
| SHA512 | 0baad07024da76789120fc8927740bd9782d54dda937ae8eacdc99f03deef686edb11b069afe2fb9c26678d917f5503f4a379e9437ed2bcffaee25f882f28fce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b559b1b262604f4a_0
| MD5 | 454d5159f366d2d8ce5aae992d688584 |
| SHA1 | 747c210222491c1bdb40156b37f67cd3bf16d6fb |
| SHA256 | 80d91e0c9d550e98d1c2d3c41ad75b531fd58a17c09e2dbc6637e65ea20d3caf |
| SHA512 | 999abcd330244290cb91f862a337d058d7017ebd14cc39dbe3f975509f8b85c6af8302de4c9222d90d6a55973bd9c53c31ca5195ac0ef5ae8c6509e816ae1b51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a7d81bcf7af9666_0
| MD5 | 94a30af8d2e638187c219715855390f9 |
| SHA1 | cf0362f8062490d4cb8a9dacf5143da38f0fd1fc |
| SHA256 | 819021a33a7d3b94c809ae54b7f37ac8501238a464c99f2d8507d51a8bca5d04 |
| SHA512 | 3bf5283f97c997ba6036dc3a45d98a908b24be87541dd193bb7744e1fd4e935e6b17f8a5700870af542b4b893328901fcee4550106aa12b42d4181179e287966 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1ef4df9897ed2c6_0
| MD5 | 76d54bf052e3a93f6ff731eb17aa7982 |
| SHA1 | 7c1197b723056329c2b726a8156a602ca5913910 |
| SHA256 | 73e07d9f5afe94f90a6caa70267149b444eb37e0f5295f8826cff78ae54f93d4 |
| SHA512 | 7cade00a07799f968cda07fda077e11d71447ec79b31adffab371e7c5344e8ff141902fce39991aa6d4a42ef52905359e3e01ccbc99c33e302474f7b5e19363e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe5a6926cd32c324_0
| MD5 | 9ed19371cc28afa970d89b701cabe484 |
| SHA1 | 8a8599c4f848333c8bccf24d92a3476d77ba60e5 |
| SHA256 | 5efd4e32742495b1cc1b78d04ecbafc8f965e95254f00b81f4f7b18a31560496 |
| SHA512 | a442461129980dc4703372b03b23667cf492fdfb934dec731163d4da25fead7b47aedebbddab9aa7645e6d9bd8a82431d6eab89ea9b84f7fb949366751c2eb6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e2e410aff312d5e_0
| MD5 | 5a3d89e114991b94a11788e69c5ec07f |
| SHA1 | b4d24a8b59b16a5e0eb29c5a47c96750c51b6e3b |
| SHA256 | ae6d5646158e15b3f057382d56b796ac3443d7b2bc15b745c16a98f6dee16231 |
| SHA512 | aef2b1c14db25f0f36852f0be15a557ae0dd8752d91e2c8ece2214d379ef9ca942614940101a20fcb4b1f89f6a0f4223c9e05c93699b29890b7a36dd9d4948a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b21011e866401381_0
| MD5 | f566a4abf4c1f6b4996c23111780b80f |
| SHA1 | c0c185d48071727b9b9d1077064ddca97dcb5215 |
| SHA256 | c0958a808daafcad3a4d382ca9411c54cf0dd1ded4448f9f55868ff22b339118 |
| SHA512 | 19391e9c5e3d711ee3211cd13cf015f9ff6b46c2b09f137a018f77642eee32fdccc88bc1109664c1248c2d80b6a13cc96542536cce70468fb59e9d16750df9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df240ca4e17d263f_0
| MD5 | 46c79b4a36eb9b674ae5e594dd042506 |
| SHA1 | ebfb7710791d39aefa77ca6e71106e4387b00990 |
| SHA256 | c5aff8245e00909ad96cfedd4b8f9c5ca0c8fbe875945bbf9945fff32fc9a638 |
| SHA512 | 48c98659662647156593bdcdccd2a241c57e7d8633ad860e6aa8cd8dea18cbf39a9ebc38953064920e5938e1ef0c36df25a7078053a4a6d9ccf1d53cdf97e7f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb73c6570251aa2d_0
| MD5 | a0ec80422d8654d3e4fd194d64015a95 |
| SHA1 | fd76d6eda9e13a4a1c9089776176c13b7b0269a7 |
| SHA256 | c3ae9c6cc124c1842c800a134fb38f069c49293dacbdb2b1ab9b65edc91f4963 |
| SHA512 | f696b1a49ba9d4afa0602a8b632275098fb294a482377484bdff39b0cd893bbea80aeafd797674b8b97536a332df6814c2e4200affbf82766b4d296fa8a2b66d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\622f12e313d906fa_0
| MD5 | 92dbf8604b49e802f4581128be34b1e3 |
| SHA1 | facc46440211c62e4ada63c0a4622d4e6d58b05d |
| SHA256 | cbdd2c1f3684741852f7ae2ef92c4de37ac4d1dc37d3ff04cda79403595bbbcb |
| SHA512 | 128603e67718232830b3536aa1ce6c00c87db3773de12abd8d2b4587e036a1c547fc371bd8e4db0053df186bd07d74caaf7c486d9b0ce23bd5ff7cf77fefe8c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\387d1c1009f96627_0
| MD5 | 0e3017f976d3dbd4bd96d754a71ae280 |
| SHA1 | 27cac08482b7fb57bbf8eed371b66e2a6b8dce31 |
| SHA256 | 9b1f653695d6c7a9558dbe43de0f36908513f52c9bdbab73f98cff29dc34b873 |
| SHA512 | e0fc507f645b88a4cdca14b96bf855b7a5c21a908c43c43222246f310c7492a5f62b60307bfa759962c5c9cf729673d97e15f2bfe62444ec3faf4464732e9780 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9461ade24f7113b_0
| MD5 | eb41521c59e7f0052d961ab571200171 |
| SHA1 | 5a21de8996fb58c918db1d4143de6e03cdabc649 |
| SHA256 | 7d50cfbe03a8d093015c2a71e57140d3a658cd4c48d0c07f2a519d17c32fc593 |
| SHA512 | 83fcb96ffda61e49d788e767bbca2dafd24d52488dd955d3ddcf6f783ea76e52cd74d6d65e8e495eb3001c483e20ad55e995060755fbd960fd7b24e62306da5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\317e25fb4e2730aa_0
| MD5 | 980bc952cf57355f020439093da281ed |
| SHA1 | fb40dceb8598736aaa49a982c3111328324dfd37 |
| SHA256 | 7ddc1b186c39e1b264da0473f9e77ff59ce0bfd967df8d97b1125072678afc3b |
| SHA512 | 83c502dd1e38c8ce05b23b78b5e70302f372f8b37c53b09c248aaea5fb026f7e46947edda3d5f4eef96937e570e718d356834301ca06173f4635220f634ebe8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\398f89396d810049_0
| MD5 | 57da8732ebb8fe8f1aaa72ade5c6c01c |
| SHA1 | d255c909fc1feb14881963c35c78e9866a60757e |
| SHA256 | 3480db6e7e0e967400f2691d644808e658ec07a64fd310c7e6ec76e429609d2e |
| SHA512 | 88a4f4ba379d67fbaed700264f71a88ecf506526efd08a7c5cd4ec91fae33e4f6e17f3f526010a92b08465a98b10f45957b10067d3723b3b837bb16f89f0dd00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17d3c4e19caf221e_0
| MD5 | 42768b092ebc6189e9b6ed24f4e46d6a |
| SHA1 | 5952efdffc1440a1fe611c476353141494feabc3 |
| SHA256 | 60d035e5142db562f6d865c6749d502a56440c27fa060d84d06b60f394cb55ca |
| SHA512 | f82aa9d76bf442dfceedc9b9ba679012ecbdde0203d61cc44a871e3ac3a0fb9497e06593ea6c5c122993bf592f2e5c2e429963678cfe37820fb57e0830517f60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\132c79edce232d6b_0
| MD5 | cd52b27e570a28f1fd23c9e627b23844 |
| SHA1 | 0e0dccf3478e057654c2e2c754190b6d0e63b281 |
| SHA256 | c8ced0d607454777e52766b3c443832de28c34bb219576d2a19dbc011ceb434a |
| SHA512 | 2c560d6a9049dc6895125501748f3ae3b0237f3521bffee18c5440ce851d74dac6e00148dd1c1de95f6e2f5a73caa99a9a0b583edf3daf084e2913ff322678b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0
| MD5 | 2573135a9937691f88afce8ed36ffa7a |
| SHA1 | c999b532ed1996d5a58e75600f659f8090ceab75 |
| SHA256 | 7b199c89a0e0e1513bf7cafd7b8d1821d066d700525b19407128fb8b6622c7f6 |
| SHA512 | 7673fd2dcc847a57667c65b9e98d919ea418023520784797781b3efe72467a99dd87d4383c21e45507de26f915c3041c6432c93e9c1c19feaa14116af15d32d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4
| MD5 | fd89e7580f16e47ec42acbcc8bd6cf8a |
| SHA1 | 275a92bb043f2b8875f0cf6d1cb598bf8981d725 |
| SHA256 | 415413ce21c8bea35696f5abe5e9684cbf7ac86e16fc54ca556c996a3988e4bb |
| SHA512 | 8d3f39f8a45cfb11867d667deec73327faf8f4b57aa8b86bf7785c79fe8305326331e2d9cca417b0180f73688cdc1c817f42c1281525129e33752b28f0708c62 |
C:\Users\Admin\Downloads\limbos32-master.zip
| MD5 | 268ba6497082b06a544d34450a797b66 |
| SHA1 | 308661df459e55a63695fcf39a8e58a48bc8dc8e |
| SHA256 | fb5926c76619c3e047464a3f5d5453fa4b21e586c66fec7b19c5bfaa591b3ffa |
| SHA512 | f38d744683c55419625ff35c496a1c24a63e8ac440a05c2f22be2f36c16009768e97ca5301b66dad5333e94dece6ffb25f8d42da3df5fe602af299ec6b450577 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f49989c216c1463c91ef103029caf3b4 |
| SHA1 | 26d39ab711ec508993c225a5f70eac3ce281bcc2 |
| SHA256 | 6f665c023f24749193d316221f8c09cffdd0bea28a49ac5d0da6fb15ae4eaa74 |
| SHA512 | 30a8f634c403cb7228eeef857b358e816d204658ed58969f630d0f594d7e9b8617bb5e43bd41066bb00ae950f1f9a9507cc07a1b66e908a51e70de64e2c7e415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 562e2de370c45849fe7b7cbf7a0d53cc |
| SHA1 | d905cb87aefadbaf23c8d3bc895f72aed685380d |
| SHA256 | 7cfff20135a9d1d50efd635e3c45b30229652c5621980010d06f4bdb38fb13c8 |
| SHA512 | ccfb941cc8d66c11b2295ee5a8dd5844d87ce32d86401fd59d48a6eeb48966cae346e7ec6bd8f3489d3e3e6fd74af318a6b618f53b6818130a188012c39fca97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 62e2f2e1e1dc6b50c0d43aa005bf6ef3 |
| SHA1 | 87935b17c092d8e98553f969603974cf40b382fc |
| SHA256 | 86de1524a9037bcca1ad6d498f1ae11018e74f8f174a51c5b79797e0505ad6ee |
| SHA512 | 0d47e3dfa8f7f7cdecea5d6c4bf9da111ad2ebd116999609bc8c7bd7932faefb152a5dcb3e0bc7c279a5f5cc76d8c06bda9d5c204ce4a0204246f05412bac2af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9babd2e1b3de46c580fe4330909bae1c |
| SHA1 | 12737cd74117df0353e1f66e7792c69bd23c9ec1 |
| SHA256 | a774687f6208e1e3ca2929da0c04b7efd19f2d1c3ce0a705bf3c9f8dbe28227b |
| SHA512 | 56d742ce2c13d9157cc64271a51f5e8d26bd8a86394745f494c67bee3bf83cdb80d1f54f9985603ec74037e9b0e943660638751d2fce0c0414b73cb57099940d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a11eac2dca644963768ec4862a9e78a |
| SHA1 | 8f192f7b2c25e1ccdcceb2df8ddb60e78e083b0f |
| SHA256 | f32652a92740ea2e63dd356640388a0d24b3a05c8c55cf4d8a729eda0a4d4145 |
| SHA512 | 430fbe6808c49ba77b98e7ce05076290692eec1e9768dfaa3d86dc269293c5ea8abd85c0b0e3b3432842064b5d3d602c73f32fb7366641250c098cf105ed74fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a6101f303397c67e81ab5ceb1d5402a |
| SHA1 | aaf9241bf51de53078757365e4abac3a443767f7 |
| SHA256 | 98bd4d01504f1ea28cf000708aea942c5bbfc6290b99841ad651719b6dc32bf4 |
| SHA512 | 02803501e059ff0259227f7930eb01288e6414d854ee262cc126158679e2b9efcec143ac205c4986c802fd2747f82ad395e414e39a2e4c892357c75a6ac6bac4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26a6c6a27b7c0e8803107469304d473d |
| SHA1 | 76ab4cb15beab3a2018d7bc5427bdc330da5dd2a |
| SHA256 | 93a47a3f8dedc175482f92b68b775c42c55ac9a9c657bc2b120a7e2a2f791b76 |
| SHA512 | f633b8470290d529837652bc5324853b4b96e3a9ccb652665c8d46d823a0ee315283b11636740971f175972bfc1a8eb2d8f3c8a2413f0587556a8450955bcafe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d46386a622fcc9ef67eb22992440034e |
| SHA1 | 87afe99be1daa717bd7b382d68a917519f70cd67 |
| SHA256 | 2c207f673e1192b0c26ce7cbaf73599233f12322b7d1a2d0ff9ec1a0cce1d8da |
| SHA512 | 58797c9282d550774349008b5fd63dfab1f194183f0aa00319bf68a58d1ddde5b07acacc426b8db1da6a4e3b1caf96cbf3d1531b0c66fe34338ed634e85eed72 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-13 09:34
Reported
2024-12-13 09:51
Platform
win10ltsc2021-20241211-en
Max time kernel
943s
Max time network
845s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241213093509.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1d3623a-ee11-49fd-9c8b-03662417b495.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Browser Information Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\Taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1006597246-3150276181-3318461161-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Windows\system32\taskmgr.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1006597246-3150276181-3318461161-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\Taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff90f0546f8,0x7ff90f054708,0x7ff90f054718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff687215460,0x7ff687215470,0x7ff687215480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17240564839549575830,3410976952036448744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\system32\Taskkill.exe
"C:\Windows\system32\Taskkill.exe" /f /im csrss.exe
C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /f /im svchost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 90d9cc370060ef5ae526755155220c89 |
| SHA1 | 3d536fcef3ebde92ca496819539288686ba8528e |
| SHA256 | db4df83a39030515b39da7becb9f640e86fe6daec54296ce4fccaf9423c29e27 |
| SHA512 | 5179e5b0093b160b3f67fed92fb4edf97ff7439d970dce46c281cdcbf4589f157f7bcd1d8608cef03cc81258f3c0744f31b95db8c70f162bed255efad48e37b2 |
\??\pipe\LOCAL\crashpad_4808_HTBQSGOQCQTEYTYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 69cd4fbd25488dc00a347c8a390c8652 |
| SHA1 | 22cf04f96e4af55a94c87105201f08cf7ff47aa5 |
| SHA256 | 23ef6c8a50cc68d03460913947c655fb7c62854cca6108e5c85cc472edcdd5cf |
| SHA512 | 02ef1bcd904dcba1f0f035a61593dab52eff317762cebd59261b0d211b0b7f7447814ac5ec6c47481088761a338b6ea00a2865e759565980043b47bc4f60f5bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6ff787066eca76a5fb28f2c29e8457e |
| SHA1 | e1b724bc81e2afd29b1cb8a4d9aee676bade5320 |
| SHA256 | e74614979d3b736022cb1b3c9dae445f1096ae59a556a8b76173f8dd50bbfd6e |
| SHA512 | d1f43d6e93596c2eb0bcd8f10b47093dac1dfed6b0e13332c931d5be4d5e948f63d3fb01deaef8f14c47d0b7702551cd34c4a19f3c92f660f50b9d437c413ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 2cad20898338fbc7fb993756151e2fe1 |
| SHA1 | 740566d988a46b18920bbb42ff71eb145a931aee |
| SHA256 | 4c2f60eb2a2e891ea30a7eed7813758fb7d3200f5938e7012a22233b26b9dfa6 |
| SHA512 | e1a82109629e89a57d803f1bf0433c07d01a1fcc9db30ca81eff4a415bb4f36dd772bc05272538fc0db97a20f7475f172164fbe3142d507088770a53ec1a0796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 56e47e42e93cb007425ca27659342c6c |
| SHA1 | a43088920d5d1ad6e64a534a2f3e08ff9f35b500 |
| SHA256 | e015ea9b14df7edacd1052d1f54e0327f369b8cdbd01af4ff7d324f2c7d560f9 |
| SHA512 | 500a6a34bb60f4705e782d7fcbcf047deb08cdf363d41767cd09e5807d3f6596189a70850b43a00c994af1f738fe565e2e501e749c1048bc8b34d171714e92c7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a7e007756c65266e805aee09c0df3ac4 |
| SHA1 | b731c6447206ba717978a9891298b20abd15a71a |
| SHA256 | 66bfeeee843cfa337dff9be47aa74effaea70dc14a7a933e17508e7d4410456b |
| SHA512 | 8758dac834f894488f8f47b50713c61308e0d6d998bee98f26e532e91a054abd68cb56d4b46fd6a497a1d8c11287be8be94c9dc7745d54cb134b8a0dc5864a4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06249a1362f65e8f4956971d78c45315 |
| SHA1 | acb72efe0dde464c0ce986ca4dfd1dd1f1a82506 |
| SHA256 | 1866e3af2243dc09a79ff634b50ec7b26e7efc6866d7e4c771d495d06c965bda |
| SHA512 | 6135e475efbec38dbac0aab20458041c6af2392943de125fbaf38b62ba19df2af5e882823535e1e0c46818b5df7a090fce5d2114e2279d30b35a4e1ddf7f1b90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | effd4e37521963446df1632f59ceb39d |
| SHA1 | 4d97f9930eaeda30d839c6fef917aadf1aa3752d |
| SHA256 | 778b75414fd0263522a941a66ddfdb646db53ccb5372831eb1ddd33dd5433dc8 |
| SHA512 | fc0116dd7bc027dd65a7306e81a2e07b3f2c1c0a450a35f2ad06df88145979d59355dc7dfd3e89f31c4f3824c08139d664c832c10dd94a98021cfbd9aa01e346 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | d8c86e7d523ce692226bc2731ee03459 |
| SHA1 | a63bb7eba70e607d9557d5f59caf383b5a66161e |
| SHA256 | 9c2edac30eb6825a955114fcb679842a742cbba2a06413d3976047c8f1250261 |
| SHA512 | e2342039ba773cb0121540b8eb2e2b421db155384c7e48d4e40267f95759120782a905cfcdfc96931f1908f24d0d7eb5179e15e121592c3efd3e812998019f3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b70a077ed738658376fa91524f2beda5 |
| SHA1 | 7e0c7a2e3356f720c5779729261104697bb2331b |
| SHA256 | 5711c6f23ad1ceebbf3368c6519a2fc6d85154c69f9ecd3f0cdb2e06c1b3a1e2 |
| SHA512 | cfb626c078b2958b4c53235fac37205f77ef37a67138cae4a7e6129c3c39a6bcf7d2198ace9d69b170b5df065a5f3ce5c4f3ecdb34f6e16d967f2da88165d5c7 |
memory/2516-237-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-236-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-235-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-247-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-246-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-245-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-244-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-243-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-242-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
memory/2516-241-0x0000017F08BC0000-0x0000017F08BC1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e85ed9aaeffbb360ef3a1520a4423978 |
| SHA1 | 3ad28ea7caf77fad18e0b0179f9fc7e92156c24f |
| SHA256 | bea5e2b6a003f689d3dcca325b9c5d8c9491e0eb30ada65cd9f8fde4592fa165 |
| SHA512 | 37351369bf16a782c8d570414cfbf32d2c8e80c1b2f1b346629b84f308342fda2cb124f26a09644ba681235695c1e25ef6c62d36375f101a04dd34a058df9386 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-13 09:34
Reported
2024-12-13 10:13
Platform
win11-20241007-en
Max time kernel
1304s
Max time network
1301s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe | N/A |
A potential corporate email address has been identified in the URL: [email protected]
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\configs\UniversalAppPatchConfig\UniversalAppPatchConfig.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AssetImport\btn_dark_showworkspace_28x28.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\New\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_nb.dll | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\GameSettings\CenterPlus.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\packages.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerDark\Unmuted0.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\ButtonR3.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Chat\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\MenuBar\icon_leaderboard.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_ground_2022.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DesignSystem\Thumbstick1Vertical.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\InGameMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VR\buttonActive.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\msedge_200_percent.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelist.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_zoom.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\InGameMenu\XboxController.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\edge_game_assist\EdgeGameAssist.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\LegacyRbxGui\popup_redx.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\DevConsole\Clear.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Radial\EmptyTopRight.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\is.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VirtualCursor\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\InGameMenu\GenericController.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\ug.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AnimationEditor\FaceCaptureUI\CloseButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\LayeredClothingEditor\Default_Preview_Avatars.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VR\toggle2D.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\PlatformContent\pc\fonts\NotoSansCJKjp-Regular.otf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_6.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AlignTool\Help.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainEditor\plain.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\chat_teamButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\Fondamento-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\PublishPlaceAs\common_checkmarkCircle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\icon_flatten_erode.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\MenuBar\icon_safety_on.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\UserInputPlaybackPlugin\Ring.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\eventlog_provider.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-self-tip.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Locales\fr-CA.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\msedge.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\avatar\scripts\CompositorAnimate\v1betaRC2\AnimateDependencies.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\Merriweather-Italic.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\button_hover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Radial\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\en-US.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ControlsEmulator\GenericController_Light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AnimationEditor\img_eventMarker_border_selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StartPage\CreatorHub.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| File opened for modification | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\families\LegacyArimo.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6FC8AFBE-5FFE-45FC-BCD8-4A7961ED0EDA}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.86\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"%1\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\psmachine.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\DEFAULTICON | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-b71c150c7c1f40de" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 965332.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 53704.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Ransomware.Petya.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe | N/A |
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0xdc,0x108,0xe0,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjhENDk2NkEtNEQ0MC00QTFCLUE5OTQtNkMwNzAwQThDQjNCfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNzYwNDA4NC0wRTY1LTQwQ0EtODJGNi1DODExRTVDQkYyN0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNjE5NjQxMTAiIGluc3RhbGxfdGltZV9tcz0iNzQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{28D4966A-4D40-4A1B-A994-6C0700A8CB3B}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjhENDk2NkEtNEQ0MC00QTFCLUE5OTQtNkMwNzAwQThDQjNCfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0REFBRkM2RS05REM3LTQ2RjEtQUI4Qy1CRjY4NkQ5MEFGMTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI2NzMyNDMxMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\MicrosoftEdge_X64_131.0.2903.99.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.140 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B080964B-0BFE-420B-83D8-92B803314C59}\EDGEMITMP_7F3D4.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.99 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff71b282918,0x7ff71b282924,0x7ff71b282930
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjhENDk2NkEtNEQ0MC00QTFCLUE5OTQtNkMwNzAwQThDQjNCfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMDREODdGNC04RUM3LTRDN0EtOTZDQi0zMEJDRTVGOTFGQ0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjk5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MjgxNTU0MTA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI4MTU4NDM3MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4MDQyMjQ4ODgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzBmNmE2ZGQzLTBiMjItNGU3OC1iMDRmLTYwNDk0ZWI0YzRlOD9QMT0xNzM0Njg4NDMwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWZUNGhvZiUyZjU3U3c3RnVGQ0NWRlhrc215SWpnajVvMTFLZE96R04wR3lQd2ROYmgyMkR4bmd0S2dHczRSUXBtSG5EblFrY28zZXhaQ21WSWNaMFZmJTJiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Njg1NTY0OCIgdG90YWw9IjE3Njg1NTY0OCIgZG93bmxvYWRfdGltZV9tcz0iMTQ1MTUyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzgwNDMyNDcwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4MTg3NDQ1NzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NDQ4NzQ5ODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDA4IiBkb3dubG9hZF90aW1lX21zPSIxNTIyNzEiIGRvd25sb2FkZWQ9IjE3Njg1NTY0OCIgdG90YWw9IjE3Njg1NTY0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjI2MTAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1884
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 2200
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6628 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1220 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:gEKvbdFkIN8oAkwQpMuoQ-FcKzu54brxHWXv5H_Sti24Ffk3VGeR4_k3c_a3u5hjWaAzTvFh5Sm7gspmYkpr0gz0PhYCtAYAB8ln5dMgDQkYSXjQCIvFxIufk0Jz-uZ8cQpjK2yQkDHHaG15xPgUXKH5m-zWnZBjBmkvQhNAAY3mIco9pqtYBCN8nBI0Pl2LtbrWPgrJME2U2q-ago-5KT3afUVg_omG_F0M_CcGT7I+launchtime:1734084025643+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1734083505820001%26placeId%3D7772810845%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3De6c3ee31-93db-485c-a91a-ea687bb120da%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1734083505820001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6FC8AFBE-5FFE-45FC-BCD8-4A7961ED0EDA}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6FC8AFBE-5FFE-45FC-BCD8-4A7961ED0EDA}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{68647684-29A4-4C10-90B9-CA3E02532FAA}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Njg2NDc2ODQtMjlBNC00QzEwLTkwQjktQ0EzRTAyNTMyRkFBfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDMDM1NDFDQi1DN0ZELTRGOUQtODIxNS0wRjFDMzRDQTI0QUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2MTA4Mjk2ODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTYxMDkyOTgzNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzMjEzOTMzNjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDY4ODc2MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CNFo2ODlCdDFZSHRaTjA0dGM4OWVUVVA4WHJlbjR3aFBwJTJmM1BIWUhIdSUyYndzQ2tXUW9udGUybnhWclF1RUF2WVcwNzlGUCUyZmtqR1lnZFp0ZTJESnNHdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzIxMzkzMzY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNDY4ODc2MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CNFo2ODlCdDFZSHRaTjA0dGM4OWVUVVA4WHJlbjR3aFBwJTJmM1BIWUhIdSUyYndzQ2tXUW9udGUybnhWclF1RUF2WVcwNzlGUCUyZmtqR1lnZFp0ZTJESnNHdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NTMzMjgiIHRvdGFsPSIxNjUzMzI4IiBkb3dubG9hZF90aW1lX21zPSI3MDgwNyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDMyMTM5MzM2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDMyNjU0OTYwMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzg1NTcwNjU5MTU5MjAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjk5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7RDExQTQxQTctQjQ1Mi00MDI5LUE2NkUtMDVFODNGNUZGODBFfSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU200F.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{68647684-29A4-4C10-90B9-CA3E02532FAA}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Njg2NDc2ODQtMjlBNC00QzEwLTkwQjktQ0EzRTAyNTMyRkFBfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NUZFRTREMzQtMjg1OC00OUQzLTg0OTEtMjIzMzc5RDQwRUIzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzQwODM2MjciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzM5Njg3MDI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,10081594775049154799,10023169246641358837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9953bcc40,0x7ff9953bcc4c,0x7ff9953bcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1676,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1300
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4780,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3444,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3432,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5168,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:JmzEm7ZT3Rtq-bl400KLWy2TDrMNvdbM7HQPqW0JwbIVXOPNS5Ie27-BCWZXfr90uQUdQu9Po9a7GAKS3YuO-ygTSGMppDP4Xri2Ga8El4gowDoT0ENvdwSr3v-9hBNb7zAQcg84Ck32-Pj6DIhZzI1T6gWI7cY1hp1oHtkDf4x_p4RpdiK-TsDJ-m6BIEjsrTV2amaf5xr9TSgeTyRbGs5qNXSVfFsJsEfCBevvNXQ+launchtime:1734084316970+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1734084165728004%26placeId%3D7848359510%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3D7c6e30a7-c2f8-48f4-96a4-975137809bf3%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1734084165728004+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEE0RTg2Q0EtRTgxRS00QUM0LTkxOEItMjg3NEYxQjFEMDdBfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjM1MjQ3QzAtNDFDMi00NTY1LTgxMjMtOTQ3OUE4Q0I3MERBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7Y0JZRVlYODcxdHNHdUtKYW82M1hqVXQ1dkpFOVh4Q1RuRTdIMFBnVWpLRT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjY2IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMDMzNjgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM3Mjc3NjE0MjUxMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzg1OTE4Mzg2MSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5052,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5188,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5200,i,10559602967565047165,7121356085862568384,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a8e43cb8,0x7ff9a8e43cc8,0x7ff9a8e43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2632 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\MicrosoftEdge_X64_131.0.2903.86.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\MicrosoftEdge_X64_131.0.2903.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff72d342918,0x7ff72d342924,0x7ff72d342930
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCBD1299-3C63-43BF-98E3-EADB140C6AEF}\EDGEMITMP_C7029.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff72d342918,0x7ff72d342924,0x7ff72d342930
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff746902918,0x7ff746902924,0x7ff746902930
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.109 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.86\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.86 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff746902918,0x7ff746902924,0x7ff746902930
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEE0RTg2Q0EtRTgxRS00QUM0LTkxOEItMjg3NEYxQjFEMDdBfSIgdXNlcmlkPSJ7QzJBMjk2RkItOTc1MC00RDFGLUFBMjctRDQwQjJGOUI2MTcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1QTdBQ0JERS1GODhGLTRFNjAtQTA5RS1GQ0REN0ZFNEE3MzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzMuMC4yOTcwLjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuNzUiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1NTYiIHBpbmdfZnJlc2huZXNzPSJ7MDdFQjZGMUMtRUY0RC00QzdBLUIzQjAtQkU3OEM2MDRFM0IwfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuODYiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc4NTU3MDY1OTE1OTIwMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM4Nzc2ODI2NTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM4Nzc5OTUwMjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDU4Njg3NTg3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDk3MDVlYjItMWNmNC00NmJmLWJkMTItODEwOWIzMGMzMjI3P1AxPTE3MzQ2ODkxODkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9alllS1N2Rm40RWg1VzBzd0hUUUtPVUU1bzlyVGJHMjVVS082empmQVNkM05sMERsMHBnYVZ3cUlnYmdRN2NuOFVQTjRzc1l3NUIyR0M1T3NMOFphUUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQ1ODcyNzc2NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDk3MDVlYjItMWNmNC00NmJmLWJkMTItODEwOWIzMGMzMjI3P1AxPTE3MzQ2ODkxODkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9alllS1N2Rm40RWg1VzBzd0hUUUtPVUU1bzlyVGJHMjVVS082empmQVNkM05sMERsMHBnYVZ3cUlnYmdRN2NuOFVQTjRzc1l3NUIyR0M1T3NMOFphUUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY2NzY0MDgiIHRvdGFsPSIxNzY2NzY0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjUwMjgzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDU4ODY3Nzk0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDc3OTE3NTUyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTEzMDQ2MjcwNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjExMTYiIGRvd25sb2FkX3RpbWVfbXM9IjU4MDM5IiBkb3dubG9hZGVkPSIxNzY2NzY0MDgiIHRvdGFsPSIxNzY2NzY0MDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY1MjQ0Ii8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjU1NiIgcmQ9IjY1NTYiIHBpbmdfZnJlc2huZXNzPSJ7OTM2RjNEOTEtMkIwMy00N0U2LUE3NEMtQTVBMDVGNDQxMUE0fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjk5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC40NSIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2NTU2IiBwaW5nX2ZyZXNobmVzcz0ie0NBMTYzMkY2LUFENDktNDI5MS1CNDU1LTMwNTVBMkQ2QTc4RH0iLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2616,8687575300318103742,582213086225505785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6664 /prefetch:2
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.txt
C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
"C:\Users\Admin\Downloads\Ransomware.Petya\26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| US | 95.100.195.157:443 | www.bing.com | tcp |
| GB | 128.116.119.4:80 | auth.roblox.com | tcp |
| GB | 128.116.119.4:80 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 27.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| NL | 13.227.219.33:443 | apis.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 95.100.195.156:443 | th.bing.com | tcp |
| GB | 2.18.66.162:443 | r.bing.com | tcp |
| GB | 2.18.66.162:443 | r.bing.com | tcp |
| US | 95.100.195.156:443 | th.bing.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 18.239.18.127:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:50523 | tcp | |
| N/A | 127.0.0.1:50527 | tcp | |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:50542 | tcp | |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 4.151.228.221:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 2.21.244.153:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| GB | 104.86.110.99:443 | www.bing.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:50979 | tcp | |
| N/A | 127.0.0.1:50982 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| NL | 18.239.18.53:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 53.18.239.18.in-addr.arpa | udp |
| NL | 18.239.94.108:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:50986 | tcp | |
| N/A | 127.0.0.1:50989 | tcp | |
| N/A | 127.0.0.1:51008 | tcp | |
| US | 8.8.8.8:53 | static.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| NL | 88.221.25.161:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 84.53.175.19:443 | static.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| NL | 13.227.219.81:443 | apis.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| N/A | 127.0.0.1:51252 | tcp | |
| NL | 18.239.50.13:443 | arkoselabs.roblox.com | tcp |
| NL | 88.221.25.161:443 | css.rbxcdn.com | tcp |
| NL | 23.209.125.139:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| US | 8.8.8.8:53 | sc0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | 139.125.209.23.in-addr.arpa | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 151.101.193.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 23.56.238.97:443 | sc0ak.rbxcdn.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 2.19.117.104:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 104.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| NL | 23.209.125.135:443 | sc0.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| NL | 104.110.191.162:443 | aefd.nelreports.net | udp |
| GB | 2.18.66.168:443 | www.bing.com | tcp |
| GB | 2.19.117.41:443 | setup.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| NL | 18.239.18.53:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:52404 | tcp | |
| N/A | 127.0.0.1:52407 | tcp | |
| N/A | 127.0.0.1:52426 | tcp | |
| GB | 2.19.117.41:443 | setup.rbxcdn.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| FR | 142.250.179.78:443 | chrome.google.com | tcp |
| FR | 172.217.20.206:443 | clients2.google.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 23.209.125.150:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| NL | 13.227.219.33:443 | apis.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| N/A | 127.0.0.1:52960 | tcp | |
| NL | 18.239.50.110:443 | arkoselabs.roblox.com | tcp |
| NL | 18.239.50.110:443 | arkoselabs.roblox.com | udp |
| DE | 142.250.185.227:443 | beacons.gcp.gvt2.com | tcp |
| DE | 142.250.185.227:443 | beacons.gcp.gvt2.com | udp |
| GB | 2.22.144.95:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| GB | 23.56.238.104:443 | sc0.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 2.19.117.104:443 | tr.rbxcdn.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| NL | 18.239.83.18:443 | sc0aws.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.66.162:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 104.86.110.91:443 | www.bing.com | tcp |
| GB | 104.86.110.91:443 | www.bing.com | tcp |
| US | 13.107.21.200:443 | bing.com | tcp |
| US | 216.198.53.1:443 | en.help.roblox.com | tcp |
| US | 216.198.53.1:443 | en.help.roblox.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 216.198.54.3:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | 3.54.198.216.in-addr.arpa | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 216.198.54.1:443 | en.help.roblox.com | tcp |
| GB | 184.50.113.211:443 | c.evidon.com | tcp |
| GB | 184.50.113.211:443 | c.evidon.com | tcp |
| GB | 184.50.113.211:443 | c.evidon.com | tcp |
| GB | 184.50.113.211:443 | c.evidon.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 211.113.50.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 52.7.27.64:443 | l.evidon.com | tcp |
| US | 52.7.27.64:443 | l.evidon.com | tcp |
| US | 52.7.27.64:443 | l.evidon.com | tcp |
| US | 52.7.27.64:443 | l.evidon.com | tcp |
| US | 52.7.27.64:443 | l.evidon.com | tcp |
| US | 150.171.28.10:443 | bat.bing.com | tcp |
| US | 50.31.176.119:443 | reviewed.app | tcp |
| US | 50.31.176.119:443 | reviewed.app | tcp |
| US | 50.31.176.119:443 | reviewed.app | udp |
| FR | 142.250.178.130:443 | googleads.g.doubleclick.net | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 203.247.17.104.in-addr.arpa | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 50.31.176.119:443 | reviewed.app | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 2.18.66.57:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 2.21.244.148:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 051a939f60dced99602add88b5b71f58 |
| SHA1 | a71acd61be911ff6ff7e5a9e5965597c8c7c0765 |
| SHA256 | 2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10 |
| SHA512 | a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f |
\??\pipe\LOCAL\crashpad_1616_TPKMCONVGMAZDXVW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 003b92b33b2eb97e6c1a0929121829b8 |
| SHA1 | 6f18e96c7a2e07fb5a80acb3c9916748fd48827a |
| SHA256 | 8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54 |
| SHA512 | 18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff606edadbdf0f5c1054fa3f7a5cc1c7 |
| SHA1 | acb088059a067fe319e2c6ac5c1c43aa404d4ad4 |
| SHA256 | 06736688521a158b524c8fea54dc175b83e93fd3adef734fc8547b1e62523691 |
| SHA512 | cf21a28466551c87d6090ba56acdafb28aa5fc7d477d0589b6197ccbe7af1380fd648bbd034258875f654bdff9a562b19df3fda20352a84fee487456109a1670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 250891169a9b1f69922f822de5e55345 |
| SHA1 | 703150d402a07cff294553438ed2e7be8bfffc61 |
| SHA256 | 9226d2c530abf15b4b955a76a462b6881038832fc7baeaf8578ce31922ad1a7e |
| SHA512 | cfe54d189042e64414d396dec2a8596c4c9c0269a97dadf60a3d1c906b37484422de3a802dca38afc27dfb8605bc296ada0cb3295614416d313f5db16c540a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa761ba8-dcbc-4d53-931a-a92fd10c1402.tmp
| MD5 | 5a2d84e07c53ccb106305cb6710fa03e |
| SHA1 | efe031259d4ac45bb4d37f8375217465ff1627de |
| SHA256 | 8c3abb705d6519df494f173d1c6180994dbf4e4eaa1413f9dd3d80f64c5b0496 |
| SHA512 | 6d650e4bdbeaffee4c527434306878d77f795db4955ecb0895e30be408b6f7bd16b91afd44d6239633bbca4f6149dfeb9e7e016943714037fd232845d2a059ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa447ca0932e95abcf60ecb6745e7fa7 |
| SHA1 | c402de25f3a7fa6f04aec139c40bc3ff37f39cfe |
| SHA256 | 0cbda9985d9fe34243d2491f545e9c61a7adc3e00ef2788c985e561a7758fbe4 |
| SHA512 | edf63f97f0f3268c7cdf02860d8dff345a22f60d4bf0c3d2647ae1b24e4362c89d618633ee07b3be5c2218b9d88d4b1c339992f3f5f997ad6e3abed24626c97f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5c2b33d5a8e7d73932a5873b0c67761 |
| SHA1 | c14325aac5914b2291f8eae30cc26e317a98c0d8 |
| SHA256 | 384c466d475761864c5e1d4da90131551f268cb6864db415f48dedba41ea8af7 |
| SHA512 | 62045127e8908525313b91c051a1ca92565400fdcd6e19f2e751282b7acc3188a1da3b0105839dcb156e9567a7f4b1c8f86f5bd887f496cebf7310407130aead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585dab.TMP
| MD5 | 6cd4850a6f9ab65b5de9def8417c5230 |
| SHA1 | e7e3b0658d2b3053c77bee5e5ddceaa408605f74 |
| SHA256 | 89f1eb045c5d2d4c578f774f3cdd962e83747fa2c1411a1f13c13bb24e8c33a9 |
| SHA512 | be5c3b207475c7d9a72d6b071a68733b6fa8837fc3059bbd57aa6acf05e72cfe68768184f50e1a1a755a9f4256015a818bd9fb7fa8a9667c0b6d51443ae22590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 80a1bd8afc534e32113cc43c95ba75c8 |
| SHA1 | 904b4aa7d3c4afe47b6f5f069ebf3cc14b1ba9c3 |
| SHA256 | cd7404d55a91061feb7ae3c95ddd206d0c4e6c10187d8cc2cfd19c19557e729d |
| SHA512 | 066b328b3cb3682ae84642cdc8e15038e8fc0af39c5dd65047a1eab39f3b10731dd4517c03774a6b2fb2bfce7de258957cf3413b989524307940ac97fe8f362a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f779eb40deb777f865f15e366e40699 |
| SHA1 | b020dbf6f5001a4f7dfe258a02899702d1d9fa44 |
| SHA256 | d65a57a9ae03247f156e4534d9ea799a62711759b695ea3cdfa94f9495e563ae |
| SHA512 | 8c7ae89148303db008e53971a471c6b02861b513ebd30bdcc785e0e51c415e72063f5ad8a4f9fa8f1f1332a8fba39c990d8cc33bcc7016163d40bed335bb7906 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d26282cf6ba01de48471eae200eaf24a |
| SHA1 | f7737b27e6449b1ab414e45253a277c6d23ad11f |
| SHA256 | e9d879285e1f5f8259aaa26d2a9415bcdef23ed5fd8125d7d1bae67ab7a5aca3 |
| SHA512 | 8691e141ec9829e91a1d33d8502d7be8d9d679078aa748a65e5e59a9de80f35949460f834288184b871965ba617cdda6cc1f2209ae3e9c3dedaa203b8574a618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a7d7d2f5277408b0e0d7b8699aab415d |
| SHA1 | dcef8a5c3cda1543331be2ed64fe4b322b117dc0 |
| SHA256 | 2c40f388d5d6a89b28e1df30a4eaa1d8d107bc1641c10cab0fd79b1df988fc28 |
| SHA512 | 3ea535c80215d08de2c660664877252a3d7f318f9926b6598e5093354061583e27823d82ce2676d71bc8fc6721eaf34e407258bb0a35fd21eb4c9b3bd3d060e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 77bb72b440007e99c4e667755369035c |
| SHA1 | 65d9c684641f7cd4010feee16863f4fd18506af1 |
| SHA256 | cc21ee6de884b2027b39ed7c40d58c5de8a7bd41e0ddae984fe9aa9f95f03c39 |
| SHA512 | 83d769727d0112b3e3f343dfd4c688b3be22e3c9d97d0379560c94428a4cc95b11e9506fe5a0ff3548b0f8acbc18854ba365737114c63868b4cc51a97b503dff |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 991a6118851175c42c371fef7dbf6b59 |
| SHA1 | 8e1dc1998388066a555283dc2c42fd171f322d8b |
| SHA256 | ea4e3b3339a614061d6178fd54eb997c8af732cfedbf78bb1292489a69279f0e |
| SHA512 | 7e61eb699a3cd117f96236d55ca18a9d25e31c18afd275c9942981b6230ea2926c6d5a5cc9f8800d441050cade9b530d8e5f439783fa53bc940fcc9e1f406f53 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | a1c0810b143c7d1197657b43f600ba6b |
| SHA1 | b4aa66f5cdd4efc83d0478022d4454084d4bab1d |
| SHA256 | 30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae |
| SHA512 | 8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 86d2fa521584538a1a96ef3dc9088578 |
| SHA1 | 488c46a1e042c85d8d1080a9e6877986e918f5a5 |
| SHA256 | 3e75a4342c855f0f60c60a29762e90a4ed74fda2b8f5ab278c9fb593e460a721 |
| SHA512 | 38deffcb88ad015255c25b091bd5b47ab544e6ae95dcbb3395d47aa712dac848969b1db541987063521b1374c0a9a76ffea2c4704ce5a2926efd770d63ac1b3c |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | f7f075d6cca390dbb3195330dced1bfc |
| SHA1 | 2a6624ae08c077034b3b41dca1376287f7e0cb43 |
| SHA256 | 97c03bfa6193f0d5f897eb78b1867c17790b085fe610d0e1130e9a80e36d5577 |
| SHA512 | bbb4389ef71eda38ca80a999b5a6616484547b72974b906a7b26939eb5b5d911dc68d046a371a3791e8b2c7557b987e94a52fdc9cd7cc9e6996e3ca5371004f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7e22379dca1202d0ebd2f597b56b03d2 |
| SHA1 | 76242363b376a5fcb28a2ccffbfd3c64bec33e3d |
| SHA256 | 380d3472593d9b275eb4376a48e05aeafa115bed01ba167c729281f2ccb09dd5 |
| SHA512 | 39ae48934d1db297527fc6b62d160877be3b89ddf66f730b135f1146abcbe2b0174bbe5509ec2ccba799a80d6cca10f53f795acb07c8ed273f4507d01dfa2aa5 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0589302f91aa343fbe0005be96fccbe2
| MD5 | 0589302f91aa343fbe0005be96fccbe2 |
| SHA1 | e522005b2f17a5e1686ec12c78c59f9ea97bf3a2 |
| SHA256 | 24a86d06e182f61060442200d2e197a3bf1ae0757ccb60ba65137b66e63fe236 |
| SHA512 | 63e5f206365b59426f9bd66bbed78ad0e74018f5d9485f69793fa1fbb78beb8baf3f182814c4938a123a6ea993b91f39a3d070e676bf146e622e99a4e2874279 |
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5C2.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 6393f6d6f62ce141323f673f49b2b43a |
| SHA1 | 6b8ed821f68e4b0c662f95e3478e440b630aa831 |
| SHA256 | d6cdec1dd3e16a243e7db2aa6289d56cf31e77e8f3accf67c7aec1fd55d6f548 |
| SHA512 | 70a62199104a44d523696301740588556b46ae9c6688f33ae6727cee84807b6f30e5b9a9d1eb56c1c093266b0210034720ef03600031153ad08d5bf17e911568 |
memory/2280-981-0x0000000000D90000-0x0000000000DC5000-memory.dmp
memory/2280-982-0x0000000073760000-0x0000000073970000-memory.dmp
memory/2280-990-0x0000000073760000-0x0000000073970000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 42f978106f5682c5436916a87b9ff369 |
| SHA1 | e8b17cae78c5e9fbe8caadc5c3835dba51fbb223 |
| SHA256 | 07ed14d83b14e5c664c7ad3dcf899bbd3d7e0aec1ff4665a67b7327fa4e8672b |
| SHA512 | df360a127269781dc13a3790a3a3737e2017b806f554235dce1cd38665e3f1dd0a2facbb529fe7866e1bf56a87b79bfd6452d4d26225564195e543cd0df2ca92 |
memory/2280-1022-0x0000000073760000-0x0000000073970000-memory.dmp
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | e83b00e799d1f5e9d91a5188ddd0d996 |
| SHA1 | 2a62b4a884abddd88d134201f15862d7c7034b39 |
| SHA256 | 2c5911efccfb6820d35a8859cc0368f52409fbce2ad080b6f36d96215b4ac3aa |
| SHA512 | aabd8d3e6db561804e24a575951a466c6ebcdaaf4c3207c86ce5c000b127872e7ed66b07eff7d3a812a5155f9a47f2f05c74c33e1a78544d8f2c6907582aa83b |
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Installer\setup.exe
| MD5 | f6ef6691c60c40c1b64c857aa7140f65 |
| SHA1 | 0a18181edb6539ace366e7d804e37ec558c52b79 |
| SHA256 | df10339c63d2f24162ffa7d61c797f46a4ec4d91f1f74c3290646a232c7e9c56 |
| SHA512 | bf2829c18f109ee181518b7819a23782fdee4f81644a9d062e060ccac7a2df27d2f49cb3c26d63e6c9e2aed6ff166f2af596c0365284ef1dc0a70363ea8fd404 |
memory/2280-1074-0x0000000000D90000-0x0000000000DC5000-memory.dmp
memory/4644-1080-0x00007FF9B7AC0000-0x00007FF9B7AD0000-memory.dmp
memory/4644-1082-0x00007FF9B7B10000-0x00007FF9B7B40000-memory.dmp
memory/4644-1086-0x00007FF9B7BA0000-0x00007FF9B7BA9000-memory.dmp
memory/4644-1085-0x00007FF9B7B10000-0x00007FF9B7B40000-memory.dmp
memory/4644-1084-0x00007FF9B7B10000-0x00007FF9B7B40000-memory.dmp
memory/4644-1083-0x00007FF9B7B10000-0x00007FF9B7B40000-memory.dmp
memory/4644-1096-0x00007FF9B6570000-0x00007FF9B657C000-memory.dmp
memory/4644-1097-0x00007FF9B54C0000-0x00007FF9B54D0000-memory.dmp
memory/4644-1095-0x00007FF9B6480000-0x00007FF9B64A0000-memory.dmp
memory/4644-1094-0x00007FF9B6480000-0x00007FF9B64A0000-memory.dmp
memory/4644-1093-0x00007FF9B6480000-0x00007FF9B64A0000-memory.dmp
memory/4644-1092-0x00007FF9B6480000-0x00007FF9B64A0000-memory.dmp
memory/4644-1091-0x00007FF9B6480000-0x00007FF9B64A0000-memory.dmp
memory/4644-1090-0x00007FF9B6460000-0x00007FF9B6470000-memory.dmp
memory/4644-1089-0x00007FF9B6460000-0x00007FF9B6470000-memory.dmp
memory/4644-1088-0x00007FF9B63D0000-0x00007FF9B63E0000-memory.dmp
memory/4644-1087-0x00007FF9B63D0000-0x00007FF9B63E0000-memory.dmp
memory/4644-1081-0x00007FF9B7B10000-0x00007FF9B7B40000-memory.dmp
memory/4644-1079-0x00007FF9B7AC0000-0x00007FF9B7AD0000-memory.dmp
memory/4644-1078-0x00007FF9B79A0000-0x00007FF9B79B0000-memory.dmp
memory/4644-1077-0x00007FF9B79A0000-0x00007FF9B79B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 8dff9fa1c024d95a15d60ab639395548 |
| SHA1 | 9a2eb2a8704f481004cfc0e16885a70036d846d0 |
| SHA256 | bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb |
| SHA512 | 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c63be36faaaa54344e3ba43801f961ce |
| SHA1 | 4b72b5ecf4dc2c8a160e71b82bdd125ab9e54d2e |
| SHA256 | 4468224800516a41d86b599eb5e2fefa31ab729d1a9bb05af94f8e4f79669378 |
| SHA512 | dac33c9f185fe6db856bf717f7cec23e7c515cc029e450c15c108c60946ee5568193cb590a354aae8ec9cbe94ba25ef33ce4347faa70f6505b63629e9833ea1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6eff677f936620c38f402b82f66100e7 |
| SHA1 | 0f8fe5b863ad6f90fd7e5bfa53d4deaff2b570b9 |
| SHA256 | d167b4f9c40051b209b4300a6ec93538fb33eeec29127f927deb2306e95df9d6 |
| SHA512 | f923bc3c6bbdd296eec18b3381afa2d28f899aeacdc7c55bc52d33be78d002fe8d44aca5f0feac392e72b2d788e7c80ac007be618f33e0f21b185174344b1013 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b82dfdb1119f181389c54cdb4f4d89ff |
| SHA1 | bc959e68daf60959e4938a24eaa2eebce7628f5f |
| SHA256 | 663c66164d8b3fc412d0c07e9511e49f013115343fbb27c5e47ec6860f2b3146 |
| SHA512 | c230f790b6d891e9c8a846acaa74965590f4ea310c853034ea2765eecbdea3c0128f685394ea7201ff2d9e1014fd62207ec7e5b2516e62aa941db020fb34d506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db5787dc930ffdd58346a6eada930e41 |
| SHA1 | 4dcee2134077719a0ca9f4958bb3e58e2a9dc9d4 |
| SHA256 | c0d0697fc0910c347ab6a4640558f252c360f12ea60a796993ca882c88ea7b97 |
| SHA512 | 72a8c8cbe100fb46651403894e9000aa09a31e7190b8f89fb75106b6ec0c184476cf53c834cdbeeb1d42f6d8b0e56613b223aff1ab30658f5f3608aa5ae01133 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88e16a29a6205e39627e78fd8048139e |
| SHA1 | 2d84d5d34d6972c577b36b33c48e32c7ca40625b |
| SHA256 | 0ff5a81ab6aa4ac1628d353be29be3c1868b5838e85a0e37b5535f8b9409227a |
| SHA512 | 1f7237b05b1dcdee370d101e8444ea26044d2cff6db34441c053ff4f42be318c10565a078bead56b62d3346a0b8b34d8ac19429e04de7109214d76239c48ae5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f52d4ccbc9e39e227ec2e92e7d1fabbd |
| SHA1 | b200fc804b4bbe32a5f6d00990490a84eb602f8e |
| SHA256 | dedf533c1393f270d94aee51743ac2f743a2f2a3be81503aaa5f4df0127b06f1 |
| SHA512 | 531a6b28b5cd540671a5abeae7b36ed84c4cea8f96e64d9eeb9bd6c69c1ee38d6baa38b28396d49fc3bd82672236f45059335ccfa571e6017543fe5da6fa71ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 06bd3af68c2d0d0f0dfeb5a3299219ae |
| SHA1 | 0cfd86b32f32677531399521f6ef94577ada4bfd |
| SHA256 | 3c9bb442c1eb45f818cf1a2c741834ba8ca3529a5ea7c47105a13486d2509891 |
| SHA512 | 26037db4a2387873485ab965dfbcafa19bf79b2f942a0163205065bf2a587b841d9df1cd4fc0b7586b33198fc466cf5cf6339e86ae0060e8353d9479ab76e8cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2658900450a0a772aabd9d82455d89c7 |
| SHA1 | e60a431cffcc8eee6f11c5eebbd7a185aa4e22bb |
| SHA256 | 03ba1f4019034faac774280e64243b6ee8aaa7dff38e68e261a6e4a8e1432dfc |
| SHA512 | 47fccdc80502697292544bbf0961679101b9de6d4f9eefa6832a569a337f89ff4966952685f848545653a316ac5116d150cbb12fce6167f9e312e08b06fdf807 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 25c6727da13a3c54156fa150ed152b7c |
| SHA1 | 1987e9176079863e43063eb29d6b7c74593c15ba |
| SHA256 | cca61cb3765156412f4fac6eff150524d833f66c7a0deca39b6ab6e2eb9c7d85 |
| SHA512 | bb03195363b5638839880811f5262cc9f19d5a1543aa3c575d3683e9641db9cdc28f39e780b76cb27056d21b26f43f95a5769ba047e1a1573d79754467f8bdcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b662c5d31138422f48534b393b5fa0ff |
| SHA1 | e109a2340b31dc527072e57f08c062d309f499ae |
| SHA256 | 9026e8a5528301460665b7bf1795f141eb46c6c583000e4f5678a2c1e7487b78 |
| SHA512 | c8c9be9f4e278982867f2ec4ac41ca7233aa1af5d52d097cbdc583d7be61749fcfa4757223a996e1f25cb3b8a2008b1a65d115687e37024435ea515b6654e8cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26a0ea7323548c23ece9cadc41139ac4 |
| SHA1 | 84b151e30582af27da11532f9803756d569c616a |
| SHA256 | 543f636baeeb35fd99676d3fa725b1158f43e2503cc6c7549ce19071ef515357 |
| SHA512 | 70a99ef73e26ec03f2b7a0e29a4100c757d4df69e386faba5a7b65ab7276cfd908f7f9e5927720fb676f7607ee34b8d061dd4da9aafedc0308bc266a92d645ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f28fe97f686845eef231ffd7a5bd597a |
| SHA1 | 708b3901984629baf0b1c7cf2b467c22cc72b089 |
| SHA256 | eaed3bc4b8661383862501c258ce06aeb17a5ca0064fcfaf7ac4e0ecf9007617 |
| SHA512 | 63eece0d18587a3abefc210eb87071a05d1a5f5f9d8fd898d7b66543b562743cfb47c8bdc9c2ac2e87dca632e98d7ad863dc556a8aaf4f44aff231f73ffd2e84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5ff601.TMP
| MD5 | f1f9c098570b5f73b527d91825940ee0 |
| SHA1 | 9146f9fe3c85a47527ad30317e752419064df4bb |
| SHA256 | 5d06937769f47746af39e33beb606e66e5773d59004b94924ab363d7e7780dc6 |
| SHA512 | 02a151c8efbc7bb344bbda3b8b00ad9329137ac03d97d2701030c334afaf0962bc90a0fae83d74ea7a9f9bbbf9468a64e51a54709e8d5a5a80f4226f4ffddf8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 9d6c4d47bdd430d39be0b1c0ec397603 |
| SHA1 | c47092a66884d7244b54803f476c675a024336c1 |
| SHA256 | 12aa0f10d2b8711a6f060bfb9d5a0211589ddffce69df914e3bd9eb40ce474ca |
| SHA512 | 48911982066ccabed98df2cd316345867de88e6981a7c708ef65fdcff803ca5b053120a2a0d382befb3c9f60fe5f333a27bf157555a795baeaaa85722afa253a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb30bd44d91e64ad4218b9e1f4d9dece |
| SHA1 | 3740a48a5786a6d9b1ba97649fc8f7319ec92df4 |
| SHA256 | 62cb769d308838e578e5066ad819958475c6886971332edc413891d63f592d2a |
| SHA512 | eb222f311c9641be2c142817969d09aa902b073b9222d6bc5c17c4ae5df172919fd521e2df50455c6917745f81cde25223fb9691db5c639c1489b230d6c9ae33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 703476588b5143edcde22a68b0945e32 |
| SHA1 | 5eb223b54821810db4a9cf1878887f7e357f465a |
| SHA256 | 545abdccd558fec2253ec602adae2605391a38569afffb0966b6fff25ca0a9a3 |
| SHA512 | 2d2cb4e3c0330bbcc4c655824858eb0727d10fdc9c578cb7fcec9ff496233a550a3308eeea670f02fbb94dbda0ffa1d8af2ff69c4d6e38db713e72bda9bca80a |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
| MD5 | 2516fc0d4a197f047e76f210da921f98 |
| SHA1 | 2a929920af93024e8541e9f345d623373618b249 |
| SHA256 | fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c |
| SHA512 | 1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff6ab8445ee199ec2dfb60d4933d80d1 |
| SHA1 | 71bfa1b15f3ec65932834eb1a5f36bbd1bf25bf9 |
| SHA256 | 161e08d33465b467f94e6ec66ba3cb9fc2ee23ea446ef03487f52833e1d690b4 |
| SHA512 | b0d7070064ee2109106336ff10ee1f4a90cf84ff04d830d540f3552d07cea1ae3448d0ca24e6d9344c1e60f20f4ad16113ff41a12813c1178f0c3257deb9edc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 186959fefd3173a9ed9f962762b0abe2 |
| SHA1 | aa13f7a67e16722ab6cd702e002accd4d59a0f50 |
| SHA256 | fce2b35bdb4a4d876d4065da5a29ea28c8af5118da4568867a6a259c33f23842 |
| SHA512 | cfadf3a2b892369c0e57f732afd474f3098a5a05025def9f6c5e071f92ddf47d475b7c35c5a22f5ea525db1f480e36768af8872b3f720c97f2ac846819917e1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3d228da834d55d9b94ee4c01a2db598 |
| SHA1 | c848434775c489a14ad4b1d048efa5a24966b363 |
| SHA256 | d98b3e68b3ea88b046f4102eaf348a7afaba331b639e70bb83932e6f9e3888d1 |
| SHA512 | 5202762882982474b1404a7073d17df500539bdf87782fa02bc7127b616785f22f0376f50c10fbac167920ef5438ac969ecf8f83acd76f3187a64930da4777c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b51a4c72da907e0135779070c11628a |
| SHA1 | 8a0f606ccf72dd66163c0eac2e10eb42b26e5d39 |
| SHA256 | 28d4c3b3b7347109585ab684adac6c4b52f1cd36d0298ee0437ca9cdf92a4f87 |
| SHA512 | 07b04ce11c43f7959022d5063f351fbc3587788aa0ccfa941e674f4472324da7ae13fee0056cc0f40583d23b00f4a94337df4f6468138c4f252aba2f78357c9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12250391dd71ddb94bf363c8ee1ed81d |
| SHA1 | db91a1669fbf79b98ed7d0f701d20b379044d3d6 |
| SHA256 | 424cb5552268eb3f397099f39d6243a29dd95cc3871e017710598e9f1dfe846b |
| SHA512 | bc484aaf35f8c6f063c4d5e76b3ba41eb7b83a45b3d06d61b2d1f537626c098e35bcbf85542cdff9a2b66b91790ce8f83fd9d8b6d214dfacc103d7901d377e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d1e5b954884cacf013dae304560eb05 |
| SHA1 | e86862ea81737aa533428c644c8c0127f28a65dd |
| SHA256 | 3756c04360933f249bdcfae38bf6c5e62662fd4f9ca83b7cd75b17c8d497a29f |
| SHA512 | fe8242283b30688935476fd447c82147ce9029d3f8140fa123548d2301e26f3f63ce0d387235f32485953f7d8bd68e221d533fb87e8b8230784cbcc1fd52921e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1ac407206e8d0dc883a664f81ec1a039 |
| SHA1 | b649748ab33b250d9a6e7401c3cf68c47c80637d |
| SHA256 | d2b91c42a9d9ea70262d3a7160b937a87db097946564f428791e889e06ff79a6 |
| SHA512 | 57e447c1cc6cc6a6cf0cc214ae77910c8fc3ab65d2d2484309f1d914ea1e10a3b8a90d406694e54f8f5e8fa6ca3c358c3abb8f2e71b3ad49345ebade6edf5217 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 82ebff609cc287b16c1bdc15872b2112 |
| SHA1 | ec93abef439502ebaa25e067cc0516b84ddd430f |
| SHA256 | e66c7891659afe2a10b1a8ff31429dacd49e70c375446d1e757e9b6173f39ba9 |
| SHA512 | 8213327caaee2c9cf576dca81f0f1434033eb04638f8f3ff8b865d16eb4bddba4bc74b873666556b5c308d27c9c0af8b48b7b20b5da48c76032d8dec64e9e386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d74ba38438ee3be4c76d513c99948f1 |
| SHA1 | 041dc1d62f120018c00a47590000cc5000a6a9cb |
| SHA256 | 933bfad209d5b3c5230ee4846c8a6966ea9f341be4e7537159d5832cbd92875f |
| SHA512 | 38477749aab28a035167698d53350297183e14625c7817fd3adccc46b4dc6e30189d69286a58eda1926391c7122df95a1cfbe864c4c710c6452924f15313d7b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9c4594b33a29ed830f6f3962ab55524 |
| SHA1 | 8633a2f2d47b74095bfb001e7578eef41a19a970 |
| SHA256 | d8813fb08cb479ee7c73dab3c2b916ef0c3cc1c437d9176bdc7685f761900a70 |
| SHA512 | 2afc8860609edd3a75c2cf6c6c3b8dc1e83fab39ae93d75e6962f38975c58e70352f62baeed85041363fed48d6cab8a96e80fe8067cb4705375907056fabf5ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e14b28a1c65dabbeccefc47d3608ac6f |
| SHA1 | 95d820fc2f748c883d85cebe423c70f6568a96e7 |
| SHA256 | b28cc9b0be2e057501a0e84f186a543ab6c6e0d70d22fe22d4a059dd6d918c90 |
| SHA512 | 20f07ad6e90660bd7b5c35ed86f69631a7028a19a7788f50e8d444168916dd04124bd93cb57a64132f329b3404e96160120a8bf4df23ef4ecd1d608c91a9e967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb1535470997081dfcc4ca14c1383387 |
| SHA1 | 662ed69c86686c0be82f0189c5bbb4288ab341c3 |
| SHA256 | fce93619507fc770d10ddc86ba5aea4a0205c9261cab1cf5a6e3c5e485e4539a |
| SHA512 | 7f7fa26362585a258b69719cbbc5857b0bc1bcef31076454aeea3070f5782b77ce8b08d71856fa210ded59c30d83f841d2e6fa90052924b31ab44622023aa4ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd1bee5d013107751878420501b02a2e |
| SHA1 | 8e407fa8b38418fa334deedf3d7c29ac4362d61c |
| SHA256 | 0431fd5aadc0aa3646e4a2b70334a57d4d5a68889beac8e8a34a6ba8f770ff78 |
| SHA512 | f2459422f412c8764a81ec51716128032c0836901211992f0c0b5ebcc549407aa6bbf390528ffa12e1fe8e6bcd9dfccd36af0ca7a6593b2f22aca398b525391a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34080b6071eab716dfc7e99744818974 |
| SHA1 | 28eaa97113e84f85ad20553ba7c7107808be97c5 |
| SHA256 | 1e88cda19aed089e03f493e742824e5baf98d6865c099f4ad2e848f381285837 |
| SHA512 | 541beb087601881a94551975e55595c8da6d50b6f33299aea8ddf6648bde1e720700c3314270d6140f3cb742ea06cf942e4e4cac5f9b3ba13d6acee5e7f26083 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 615b2e7df9738c0711dd43ec511b196c |
| SHA1 | 751f1a9b3ce750f2d74430c5cdbb88165d6366ab |
| SHA256 | 63a6809dcb9bbdf3493d2e7676b7535f030f8ca649fb1896bd12b98abbffb1f4 |
| SHA512 | 980b396807cfc4474849320814fb94699daecf6b0e0d339590083c4f957091acc82d85177e0aa6675c78011f59bcf3f3261b78620c47b8c8db07bbfeb9b2df5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3677f7d5ebcb3d188e557e8721f90548 |
| SHA1 | 2d91b9cd28073968842afe27116a6451f0c397f9 |
| SHA256 | 5ea1f0ac376ebd5911dba9b777fd4e779961f7f9f261fb78502f8373278030af |
| SHA512 | 243801344785dde21f1f4c7834d4cb04a5624569c1c2b26567c57fe05fcc51e1ceab66d94d19327896ad6eeccd79b2a3332faa2dfcfe99f2a69bbf04f60150e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4781f18f0f24896d0838f3a74d7489c2 |
| SHA1 | e0f4911e6a3b851cd96a1a6b98d66f15ee40dcba |
| SHA256 | 5a2806932da950ec26161a9d68f74a7e7f0f6e3c222c6c4c0bcc8214f6d12c68 |
| SHA512 | f50529717d758e6959e695c9d8f0ec66d00a54ffc3299cc85286ba58d142140980c62b75eb44ea5a60a317fc5c3715d44d25ff7430ff3c0e7f86c3c5e8af46d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | e1f6e032096b2924e561c3928b9dc73d |
| SHA1 | f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad |
| SHA256 | fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8 |
| SHA512 | b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | cc7ad65e0558327d8fbe8ade40ab94e8 |
| SHA1 | 6c153e9bf971f196db25cb2cb3b62f77f0a1299a |
| SHA256 | 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30 |
| SHA512 | 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 60df02cbc9b6a531c2d3cf32025a4dc8 |
| SHA1 | 71ce31d6e0f59f98855a01b3eb9a37a86352189f |
| SHA256 | 2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d |
| SHA512 | cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | f1cad4800853bba09a023250de102801 |
| SHA1 | 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6 |
| SHA256 | e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b |
| SHA512 | 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 31d4e713ead43eb25da2aea42b6e36e9 |
| SHA1 | f30ca6f9b4b5f3bbbf27bce20d88dc155f924057 |
| SHA256 | 410f12a76d6da2005dedb821a310d072c07c988f736c20a4b3bfe7791c3530b6 |
| SHA512 | 3700c090ba16c21f155c49e49399471cb019beb9a5f7bc7f0da9b5a975009d5499bccfd4da7887ecb8a123d7c3b1e0d1800b9412233e245e09aa7cd318629916 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 1c0855f1be21f499eb7a4027e5dd1d86 |
| SHA1 | e6ed4d7fe3cd0a8ab318139e185bb3dd8230bbe1 |
| SHA256 | 22e535eaaf874306552b8ec2683073504976ab14ecbc9939fca4ac53e60066c7 |
| SHA512 | e8307c98600bf5817163ee91895cae89bff946c2c151645969f469262d90385e5556f3b6da0c24dfdc4b64a07e84e0a9418b259afd821b142c6bd8f95546d685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 0eb85925bd5a3e685d5cdfc482fad198 |
| SHA1 | c00b9cba0d988f4a66b71166f55f1924265e6425 |
| SHA256 | b8d6db24cd3d57746bfd5965eec1f25c4732f0db83104134832bf1618210f658 |
| SHA512 | 633b18af25ff914c7eb346eae4b43f4cca3f41487b114ce47bf053c72aa4e598e7f59f4ac8614cdba07593cf43027cbe32142b5bf28c0e7abfe7c390afdfd6e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 319095e8b40952b12b266eb47a2b2c40 |
| SHA1 | 1ac8f74ec55f61066a241e5e4e7fb063ff0239e4 |
| SHA256 | a8de00bf5dc0b0f5c64627adcb24e8a39c938aad90a37e7108dc8bd2c773ab24 |
| SHA512 | 20c72b91e7ff900a4ddcd93ff306b32778dbbf065bb67b3e4b4141a144612e4abc1f30936fa38362db484155a0fd9a87e5e5cb2ab0fbbba5823bbb40d397da1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 782b7fc18a24ee997efd9a7f02fa4bf9 |
| SHA1 | db1f15bf56aa30ec79bb6a9d2632fe2a12de099b |
| SHA256 | c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e |
| SHA512 | c08790580afe4c89fd3e6cf9dbb4b26548b4a686b1e9bcc3a9dbc6fdcad49e84a0a5ec2ea7f3935308ac059af040af3879e29f3c0e2150d7687bd02fe5f4daf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 78413c0d5e05d6c36720ecc0c3013cbc |
| SHA1 | 4ea7f7a04d11a77a9aff562788ac57374607c329 |
| SHA256 | 4238a86271d25bf5f8f4ae9e2e911200e54618164a67e1b624ee497563af74ee |
| SHA512 | 0835b56d178ca0b3fe555b43e3e265c2f847da9fbb6167b52385085a1bde981000153f65f2026d45352b783d155f3d3edce5ab9576b9333e1c31d8f7afa4bcde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 820da0e97c5b725313877863020d4e3b |
| SHA1 | 6631e0515ce53d76048ed4ca7bb9386a57224bfd |
| SHA256 | 79896ac91c4d46d2095c365ae44e687516c867580a860b7b00568b04b6d34ebb |
| SHA512 | b922ef4acf1197f0a001c7782ebb9b22cdb60cbe74b9486b3397f7ef9ce49036bc88d40bb3df89dc19ffda90f30473ec52f0cf2df792a6d130b577c6fa91d9cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f0a9269b18989012f90c1ace6b71c85 |
| SHA1 | 92d24cfb06d949f5cd0a83f834db3dd7fe0d87ea |
| SHA256 | f5cca780dcab8c18bfc9348c54c0f5c3463fd0fa1601fdc7ce51f0acc4ef2a6f |
| SHA512 | a6df529b4bc8863f74f7e15e5dda7f8add655f678919db184a2bcaca6052c3a90ecc34088410bc822cd22f9e16f28ba3ac2b28ffff4326e70416b2ae5f5d9293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5dbfc7c72dec0fbc685fecc301b35b30 |
| SHA1 | bb1bc402a096672f4dba8eabc005a7e13231f200 |
| SHA256 | 588ceebc031887de3065339fe6a40f1a944266d07ce76ec40b4ae686f5218183 |
| SHA512 | 123bffa9381ae3b5fe4630ec95fa3d8bc467ee71ee0f78958177d3c6540035498956d56e92f4ba5a46ccc13ad8315e152d54be024e4c0c1ca5b7160f7f01c5f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a839ddd98fe33a18c491641175fb51b6 |
| SHA1 | 663175158c1dcc8115f68d053f7d20d9b74bb8ba |
| SHA256 | 2138876a439c1e7f24230640bd62a6aa9b6ac4631b4ba987b042af89ff899adb |
| SHA512 | 3d87408d2bbc711f227c67ab8458f7a5358adda300dd25bf9d8ae5092c3b954d71732b458abe1cdff3bc9f206d854658366a0a10b355429bc7f48fc7dfba1501 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e7510a573670aeb4684adca9f2872f6 |
| SHA1 | 0906e6468f9444fd925cf45b83ad965e3f102d47 |
| SHA256 | e0843d16272c0a9f0537a32037f48ae94180b0b1ab837900036dfc59ff966ef6 |
| SHA512 | 469d2a88a83d9fd7c1bbc71bd7a6660f0b22cae07deabd638576c8777ef0c67e47cc792380b268a5848366e11ae926a051a3fedf7dcac18d628c843a981e9b72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f97100e97befe1367243247b615f344e |
| SHA1 | db943630df0c058b61bfe148dcd0d63985c3533e |
| SHA256 | 4ecdd46414b8ef6b7a06b9781e6361db39fd72363accbf4cbd8be7a4100d45c7 |
| SHA512 | f2c0d8bbaafde9abeaba433175b81584de9b402ccb4dc89f1f1a1a1b74bd1b3817111d6dc3d2380eb4abb7619a9bf5040c05e260bac5129e068837709563f79c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50df758d118818f1ebe7f78ca4990e0e |
| SHA1 | 9d3dd3e94a1f69e2d9a5c39dcab9357e962346f8 |
| SHA256 | 2f543f4cf9cff032ed99e7ade1169d7fef31c47458ae229b7772e2ceda0dd5ca |
| SHA512 | 77e2a712ee97e0e71d8da1b8964d660b9fa2174b177ef2f9091fb40583927e2b90080e513131840dafaa4a0d5f7b6bcc26a299a407c83cc07eaa42e4e2a48eed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f6973d25da7fb7df373ba0f941baef61 |
| SHA1 | 2f3acbc918f6d878d4d55be047bb6becbbec9fe0 |
| SHA256 | 0e64544cb0d96fc02cd146c9ffb103817ee9fe8993d12106a700edb1ce271e2b |
| SHA512 | 8eb217567cafe82d5d350ca4e0d010def62fc8fa3cc996c9ed0158e577263f4274efbe6768510625aa317d28fe2d13be0b62f2958230e47e13861598fd2654ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 83731280b35f8aef8333dd4fbbdb37cd |
| SHA1 | a12c484daba7be6a76945ea33d0b3b048a957ded |
| SHA256 | 81c7a92ddf5439ce31bc847db52eb7967754f18d45bbb75764390d24099a5f77 |
| SHA512 | 573cb793f1f284af2ebc0872ac7ef9f0c6f8ae8922523906ed0a6c023b8795acec141c94625e9280913799792108b4fdd71a95e99cdd393f8a1e4f87891585fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fbca1720a58a9c55bbb81232f67589a9 |
| SHA1 | a667ffb48172acc9ecfb5958c9c7459af721910a |
| SHA256 | 845b6ed4918812e7ad5b6f881e524b9fa7fb7c2903d07626b7cca81efb28dda4 |
| SHA512 | 76c7ab671caaf937db381e5031f4e25686747b5fff82361097b50134ba571f6dcc1db24e551e41cc78e0689c0483aa9f877e158624300a791c5b5f44038b38f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b6b2cd887fd8869fb4c0e80db5b6339 |
| SHA1 | c4c63984848dd19c9df7c25d0691235b6c56e988 |
| SHA256 | 03a0aabdc97839e5e9ce0478904b17326e62aa7a7d7117afc2744a7434f0830e |
| SHA512 | 184f68686a721a884c488e60b410c5c8aa3ba204f7a0a160ccb51301978f2803c8a77ef911899b63d50068ab81966426e3d3910f240b999b6cb42a1a2463402b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 77b73be88dae31415a1345aba365b884 |
| SHA1 | 2582cc3180cb08451709894b6b907e4f861399bc |
| SHA256 | a4a256468857ca802b7e622215e322c14e0cc3bd07a0666f5ff1a58216896e97 |
| SHA512 | 12008e0b98ffd2af6ac3796cc91a10e993bfe68b3ffe042ec5b90345a5b4fd855f24e66f4ad25a6baf945e55ac27f75e29a0be0559a111adffc300528b79ff74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27cb4ae78821ff5ae784421996243179 |
| SHA1 | cbf9f4e66ec1016373f08570379ef92c1c03e076 |
| SHA256 | aa8b557f6cc08ac3aa8b687425f6436fa1c16aa8c9340e1fb4df1a402e0e5cc0 |
| SHA512 | 98827d17d9a7df8101b1a1ce16f594104aa41658fec3bf67a46e2deefa20465f98aca009d693e2dcf913535a1c9ec9c8446a46f2f710857429b3658a38ed999e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93961959bf9bc1b591033b1536acaa67 |
| SHA1 | 02e1411e99b79a820d9329985efcbfaf7866aaae |
| SHA256 | b8725cc942e7646e7f917fcf0da6f03a42b9cf1fea2185853d7ed6202bb76052 |
| SHA512 | 807d4714b008fc6d115d7d34ad2411d75c6c985ec094a68dc26707a003ddb82b782aaf981ab29030e3df9c0518d779e2b7d5df9778b0f2e16cbb0ff7e3de7670 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36fabbc3bb9bf0b8d4305d5000c2b33c |
| SHA1 | b2ca22e9e7654dd8dbf87ea0b4bfae00e0812a8b |
| SHA256 | 8a9a77fd6d94b949cafcd39f8f792af778096d08fae6f94918900d312193ce68 |
| SHA512 | 247aac276194a917c1e7e53b34d824bff237abc42f90f1bc46c5478c7646eadc5e840704d9062fce1b633242ea5d72b2a8bd66f36e59d60da248ef68f55f070b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d86a31eb2d4163cbedaa90ce4f40ec49 |
| SHA1 | 98c6b669f52b950256c21390c6c777f5916dee25 |
| SHA256 | a3aaeaeeddf88fcef1e34e3a1ece28b6df1c740e03249970e6d4fc8d15fa40f9 |
| SHA512 | 95887da1db6b30c2f62cea5cdb4f7e6e5eaf81ba3de17f3dd63c84f2a9cbac40ff855c9e090cbed6c6036fb889b735b3c220eed5305702b6d46054e22d55a496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 06fc77b8dcdc7fbd01f04325dc6d7908 |
| SHA1 | edb3cf1a58eabf2072e40db532751eeebce35af4 |
| SHA256 | a2422a1c49f5bed48494787975d673a5a27d4db02bd09be80e4e6c063cee8632 |
| SHA512 | 529508ce9e82723f3c5c213ffd31cd9e904ee50177f9130338ec150764de4402723d890258dd22ad6ff9283748026355d73c7b28f24bbfe6bd93908e87bd8922 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4026a80b49fd0ba1d2d5bf30b5d90fd |
| SHA1 | 08fa9584a4bc196ebb76440ead02c4444e39181c |
| SHA256 | f97ed5b95b6f237c33366f0bc9bcf5f0d06827008c034910c1f5160a2b6c0734 |
| SHA512 | 5298624154e91098a5fb817776b3fcea4f1b559892fabd15b23283041f8e75c3b46100cb8e0378e5323f56df01c10f6936ada2af86382dd996a7a992d8b55c6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ddbb3762e4e9932d8601cfb16c54f861 |
| SHA1 | de441182693da5a19b2869cb158d0cf785305874 |
| SHA256 | 740c68b7739329c036568f5d18e46d439ffcda202d62d7bfe610fdfda5b23ca3 |
| SHA512 | 589054f4805fcc8881e49d2551a26722c80e0f9631a226e75ad3e6f5bcf6945230a7e2bed0a4557c519c8ec06f22448f1d2e39ab9e5782101b1bd4e6601835f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c3cdadb2b941029da480def6adb69a69 |
| SHA1 | cf049eb41f5dc52f13af7398adab4bd16442906b |
| SHA256 | 65fe892dc754c249eea96248df8a70819ec41a748178b42d01ddefe5c9319893 |
| SHA512 | 21f3f36dc5990489aff86ab87682989437e8a26fdcc1e0295b0e659628a5f9c2d8360a9780c20aed6b31fb7976705398532e4273bbd4f06029dcfe6cc9cd68c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ba7e4ba1cc2a29cac281a9a05309e5bb |
| SHA1 | efd947ee03d88fc7a275c257a43833bd5bf24828 |
| SHA256 | b59b37ad65091c5ff6a3fa6e07b2dd52c71acee6b3a53e00a368d657647b9638 |
| SHA512 | 7fc3fe73e9cbb5304e1bb7f43af3ba34fe47c47fe405d10ea6e93d5e1b4e05e7f7859fcfe9deef3a0ba9e9d712cf5a3703b9689cdb3861e866af02d360c35a33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20b9b0b667fa9d4010494bfeeb9894c8 |
| SHA1 | fc5a52fbcc5c532c2fd194b8bf0f6157907b97ca |
| SHA256 | 9a48b87ef79b6f07c773be5bcbdaf7d0425843c65490607d8a70bfecb8c123f4 |
| SHA512 | b385c95c629d8a04b8f9c02d1acd18204f1ff769faa044904484b14332ee2f56530cbaba00dcecb4f66bdc35c6741b6d75e4e1c94cbe2675cff4cce3e5924561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b7f12e7532d3f92a1e35ff5669b86b0 |
| SHA1 | 14466df4776f783d00c3756dff5ff64d0579456d |
| SHA256 | 4a03600dd40d996613bec2e9578bdfd95667a8dd7c4ab931ce3c6c4cf343dd0a |
| SHA512 | 2d7e2f8e2f470ffca0afb277f14265fce9647510ab26eceb4fce11ec13bf0a6985ec6c7de5c534fe944f3a0f01920050ec5e949c7184a659a1aad4bd851e4029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6798e2c0f11379cd804aff387c276e5 |
| SHA1 | 6db0000b65ceb407c15777913d68b790530aba93 |
| SHA256 | 5b3aa41f0bdfafb4bb034c016fce985dcfd59b635a67e85ad2bc0c2c7e10c23e |
| SHA512 | e46225b40afd46716e3a295c02dbea3d32b4c3008c250c6309573c94a019d558327f095513d6e9f711a45a2357a75677c672ef5dd9c33a68b3ec9130c220ea09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d9a2cb2e6cd25955bbb972f23091747 |
| SHA1 | 50d4ac4a00cab8e1992abe257baad8addb78e3a9 |
| SHA256 | 5bdb1d4b3248671f2a76ca14b8a3e0420efa6a76d35f2c41d78f34fa30ae109d |
| SHA512 | 1c31afbcf08df7c8b9e03b2e88ea22d05896eda8b28e9d819b27d5a1b5086efe6e685984338235cb2a27c2fb114faf953494ac92cb91017815c5e1a3b0b01b67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 957a2b092abd449c3795480071ed5bdf |
| SHA1 | 4631266d3c51c979fdc3e4c17cc72dd724ad7e7f |
| SHA256 | 8a1173c9fed5d1cb1b3b14af770d04b6c4c0daf9e6fd66d823ca317aaaff5789 |
| SHA512 | bc36f935ad057f9c0ef6df6f3fd7cb81062ce0e15162b570ab3f3ac53ba53e6da687a699ad74967db6365f0cdb8ff06f95b3687414474ce7eb57cee5171db29b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 872863adbcefd1bfbd2fc8ae3d7681b1 |
| SHA1 | 074981d95eb4bef0ef26928bbced7ee33696e83e |
| SHA256 | 94daa404da38772e0180f874eb0c09c074a252f4e49cb811920439d60c29882a |
| SHA512 | 820fbcd14c57ce3e585bcca770ffe370668326ccd7663c4f79eed72fae43ae9af7dbebfe8025e0b92ec93ebd231294d0fc31311ba9ece9b70395c085dd5a5228 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7fe9aa5733a60c529621855ea27286f1 |
| SHA1 | cc760e7e7eecc80e6493d38e7f92138782f01e9f |
| SHA256 | 5581f96b0bc590f27ffecaa7307227a33a013f385690ded46ed6b5232dc51aae |
| SHA512 | ac1699336e582840a9f0e4563b8710db2548ef1d5ebee97758a0096be5d90284605ccb35dbdd2d5605e621e6e84e3cef54566d67872d104fb2c4e050e85cf643 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9175cf07a58423dbd792b05906127ac4 |
| SHA1 | b1516e0d038fcb4db34843ae5e627d3aaa31d3ee |
| SHA256 | 1fdfec0b4c1233bb2fa3c6273188724ca51bb6da1ef7351d7a2a620064add812 |
| SHA512 | 4ab06d2f53468fb4b666e0ad7aa49c40f87a8e2c93848d9eac2464dd1642078f7010280315dbfbc6c6b85de39af685e339ca12d1f4424065eb4bf28d14b15ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d73043b6f72a903c4053d11813f0bc6 |
| SHA1 | ca838a4feaeffc4fd2ebba6eaf821ad3b1170af5 |
| SHA256 | c55c7f83f02f0d58de7873f391ae63b42656974d8f17a605f52fd59e97ea86cc |
| SHA512 | 163d87805f2c949e598766cea79e2f7606b24026b5a34e3d6840ee469b02678d733ce313bb00b1a5b38f612ad884aa7f9aaa441abde90ce66fbfaeeb43603422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 705ad8575b4bd09abd2f423d6281148b |
| SHA1 | 15fe978a1f2297833ffad86396d7deb833e7d729 |
| SHA256 | c413d88a6d0f51e385d916cded8f3a0d823e10c67f1fc33a0d1ae8eab783b19a |
| SHA512 | 4f92d7f7d9f9dd724b7b5c9135a8f37749f25c6742b73f7be652e4590e09e1e26fd174cc4bf3546ed6c9b29f56adf582d7374729a7dd71cc4ad92025aeee09ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7d7676e3649925e891104af6b51c8cf |
| SHA1 | 075fae2add21b5c4aa5431ea50a12f410ce819de |
| SHA256 | df1bdb6071229be36d0f767cda9de4dec99d667ebe42226fcd80941817c6de98 |
| SHA512 | 6d258c10312d4d6ef6e3352d94c523237112f3bea5969f1654caca69aa9f014d8d0d9ffd451711ceb844013f79652faf31d4a1c65afa64ac788598c1427315b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 649f92a6dd1f99bea383f40932f7021a |
| SHA1 | f34bc4da445848ff6100db749f12211680f47fa7 |
| SHA256 | ce75f62a6abe01f9f0f2a554426958644f7841db97c04997cb7665c93ea3430a |
| SHA512 | e861f36146b5856d014851bc6ad32a0b654cf411e8caf698c16c64334961cb76f03e788db79b3f56c17e1d1590ebe93e6cf53bf29946b15f520e85d6556348d7 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61a0b34d1c56ea41e558fa6984a212ba |
| SHA1 | 300fccf4053400201f31a888c58d2887f93a7759 |
| SHA256 | a7fc46396a1c9b80ecc3c81ecca613842381b97da228b65f92352c03a5aab74b |
| SHA512 | d262bc8bf7bf5370fdfe8f62a75cce408bfc331ad38448bc11b20774b6254f25ee948919c14ae61c48de2cad7f8a2b1e193fe51be10d670f454f61d96ec99968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0fad7add6f1ccfa5e1940d38d301ccbb |
| SHA1 | 77585243838eecb0c7cacf5221d30a86fd99245f |
| SHA256 | 82dfe734ec00bcb2b6d8047d9574ed7c91d9ed35c0b26918f685e56cd9a22941 |
| SHA512 | 62e52c1acce7eb06a4f0bc7a4e075b721680b83d592c6223a6df81614ca7214292ee2719d6a0335d892a0a6fad8b52fc531c3036edc8a298e6cf9055a875099d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d9bf18798bce1baf3195963eb970f810 |
| SHA1 | 983109ff54fef56a49b95bd7e68f35c2655c79a7 |
| SHA256 | 6cbdc080d0511f78b1d11c2187710be03f13b256370d9d67d9d0b5e7f01c24ef |
| SHA512 | 1022f7f4b0702e3596140d2257ee2457f050f4980390714c021272986742a49e77a04e87c3d5d11183a0a510d74fbaefc90fb8779debebc5e1b5653e84f3e968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab14fb88f913a7b747ecfde190812b88 |
| SHA1 | 7cf0cb10e7dd831a2f8960beb4ab63b42a50642e |
| SHA256 | f71b8ce695b27fb9f59d7b7b2023ab3f672418391c7cf04e8f79b41abaca3e32 |
| SHA512 | bcf4ecaaa453492a0a6d5b517a7031b6711b1f05e602793016d4659b85f9650607873182094115c7ead36d7858a085377e78a3407e00ab5f7e20d499b79a85b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 2adb1ab9d5b6bae01884973fddbea416 |
| SHA1 | 6cd9d9de46f610f7f617b356c41c2bd8cc7302a3 |
| SHA256 | f1ad587ad83989ab718166a9cd3cae5db760ce13227b81417378c0008c140694 |
| SHA512 | 5230ca29247ba1d77f00711f80d7beb2309df2aee73233261d332df85efc42b00092fe76bdce4f3e2d60d40b4ce6e950457f37107541945da001f516330909e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe641fcd.TMP
| MD5 | a4660ebc615e3883e90168f161665747 |
| SHA1 | 8adaca263f29eae60950f18417f1cdb774d50f38 |
| SHA256 | 5c1331fe43710fe0f6bbb495c1d97ab5184db4e06fb3478d162e383066082646 |
| SHA512 | a46d0db4d5ead97898b071627c6899355d71639851f55a0e7865bb92be2dcd576c0527e7830f4899192b859b122888e9c547c6903ab91051bc853f17a115ee54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 215a6fbbcda2ce8db0be987b3151c547 |
| SHA1 | 7de271d94f97b0dec3e4b1272e9b955a138eec3b |
| SHA256 | 4af03f4663b43c21a0e4995884ee42db60f46096e733420864f95955cfe9da2a |
| SHA512 | 76d1877253b0e3281160166af8372d4c528584665f10f434e7a1d9aea10f3d088fa3aba130d33f63761a01bce270d3fdbccdc6fd0f127ac28d6f432e57b5c93d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4c773d51a704462f84fdc5573cb5072f |
| SHA1 | d0cce49f972ac4e5a5daf259039da75708305363 |
| SHA256 | 4de0592cbf7ec3637d0c79e19c5ee5142ab70d9927c1e22572576415c7e5aeae |
| SHA512 | 88870d2d0a3eae22b507bb6bf2062dd8f30ac076a4015e248af608fb47e84cf9dea9af7176449cb4e5b142171eed1dd2918f0a69a6bfccfbbb1578c117921579 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97022ba50af556871a815a134e6fbf3a |
| SHA1 | 7daf5765a8b906a9af994d2002063c95a88e32c4 |
| SHA256 | dae6ea92976941fd67131b47b2fdd0f8dc6a9b5001db9ceb3bb62c9441a89a7b |
| SHA512 | 17f5424032e5ae1105aeaa380abfe7b9c0dbd561505efc5a548d3bc13fe243b336479f189c2b6208e0c72857325f0d5c28ad5387effa70442ce090327f6b4f0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 23ab9f9c6c88c7855ba6af5ea72d912f |
| SHA1 | 2eef6d4475ad17aa21804eee9ccb514a1a78b145 |
| SHA256 | e2b0d6c8c693e0518a085cee64399a530100932792aa27336eab168d6176af68 |
| SHA512 | c6ccc24fd8601b23bc8178f8ecade28ba9153b434af8a1f914f6c7aee69f67120f09309d970449280a3a5db15e8d23ed2cb1e12e2c6480624acde98c38b12bb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d5be5b276745397df5cc086e88555e8 |
| SHA1 | 1352f80b20047c1cf13968397ea958b749385739 |
| SHA256 | e7a0c59e7c05092ccc15658c5918747071282c4f083593ab3255c9fcc51786a0 |
| SHA512 | 4afa9fc0b7cf99e2973073b4a5f43c4e7ab6ba8d7f3db180bf30deaf1bbe5f908d7a74e11764ca27d74ff22c84b9a624dcc360c2e47c692f8ec9fc550bfee0bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | c3c61fa378ef58428b89beeb13776479 |
| SHA1 | a1e3b78330c59b3745c3091c97e9eb46f1190eed |
| SHA256 | 54189a8762d432c57b0f4b821176d3ae8f3b667f5c523e7a37ff341e81c50278 |
| SHA512 | 4d59d7354d0d2f1cbe8cda3101c52b4f4e588f6f5aa0f0219b69bb69f52eb6610b0eb29142c61683c61b8ba6ac407a7a11d793a303d6b678e37b0c8cefe8306b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27f385b4e180ec53787e01e929b8aa70 |
| SHA1 | 91e65be489e1815b1b31bf020f969ab4209b3e8e |
| SHA256 | 4566184c363d84bca3ff1612cecb20f62cfaa536711b49a6bbd12191da06da64 |
| SHA512 | a7d045eb34ae68f4b44fe5b7714e38ff12c714f10b35f73aa76de3f95b3ac2758561f063ec438c320444d600409d2b10f41acc65fdb308a72e826bf03be719d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 372c8ff7da723abe1c7ffbef1ce5d6c3 |
| SHA1 | 7321f56fd7864c622322e5b7d1f52348205cf7c2 |
| SHA256 | 38a170af8ea267bc6d6ed0248188e78cf99f2bcb196c8e4eff30169b0520b0cd |
| SHA512 | 4a191fdb60056977106e2faf0b102f763d72f92076ad2ec1361e1417cb9ec52fd23ac441cfdb918e13c79bae6fd2dbff796e94893391b7e0edee176aaa0c89d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a07231bc9ff030f6c3c93e3070864ae4 |
| SHA1 | c710d68f643c7b453e2480dfe7aac17d0ead1103 |
| SHA256 | 661e8f01bea0bfd67614bac36ba132aed7eb6d7ad1290f3235607e3d43cc1039 |
| SHA512 | a4a1c4895c8070a591b8b5467afb3f5aa3dbbc21e1ba5fecc54901a399a552981fcfa06c07cba12fec62f14b27e99e6538575c9c0a39839375af3f31ef28bfcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2374ee0f8905c4cd8c3d4d82bfd95df |
| SHA1 | 11a90ccd545d50999ee1ca872d64225aed819ab1 |
| SHA256 | d389a3c4dad68d50bd6e873b89d360d6f5f9cec204eaec8e7fb0c1908dbed14b |
| SHA512 | 65c6ff1e2eb68252d2e23d612e4e84b466e960d53e6f21b92a11a5304ac2a2cf1158c21005b109c017d43e961362583a03147a741a95e293b0c675949c35e5ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd0a9d6234d9df2bcb3f547c1096d26b |
| SHA1 | b8553de3bff80f76669fbe526e811db54d4d80bf |
| SHA256 | 0ac002ea9f87097d5d41433721776351e31efa66b6dc85263a943f34063f0cb0 |
| SHA512 | 7f140b44b24a9a57ded7ea7a4790cddc2becda257afcf281ea3befeed557d146c75e691b1a978b7a81e3ba9bcf4ef4bf909e04294df7676df5920344733b0544 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 612f6b27e698e25d49788af1572bcbce |
| SHA1 | 40785efd89951428c33f813cc048af989bd37f3e |
| SHA256 | b0f907ab47d1f9faeb89284c12c32c016aafada079cf39fb5f27194704e7ed6b |
| SHA512 | 2d6d3a8931e096c48bf3bdb29fa80c2f682e668886caee3c4ae5a3f8a815a43e47ea367ba64ce068c198a31038c26fa94d71e3c581d10a9e1cacecff584ea843 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d52af055b60898861cb7d7eb691cee1c |
| SHA1 | d887063dee8d4c015ea5b0c69962fbed31bb40db |
| SHA256 | b1da3ec2fa69f3d62800a3e414e11b356668adf8878f8364bdd00d64be1f477f |
| SHA512 | 9b4183fc769b90009863a292cb2897c1cc3ced83ee35bf65f4bb525198dd5703f15ba8f3c870620966beab8675da807b1199a50d4d7cc665ecd1352773db2161 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4fa95e745fdf5cf47621831e47b2955b |
| SHA1 | bf762a869bc719e7ee2dfd5c46b2c3639125be85 |
| SHA256 | c5f7e8937984fddc02bfd030ad40f948a7d58a49d8457fc8700b49379e4f5f8d |
| SHA512 | 3f3dd4094a299ce9053730e41f94033b75c333eb124e3b8b32e91aa4b0dd3feaf77f3603b91166e41c89e13ad69dbac530f5f4d670de634e290832ece3e4e6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e972d4d03699bcc15d82fb6c1256825 |
| SHA1 | 6134c261b7004c06313b13a4d911f402b4a094da |
| SHA256 | 98ed9edf36436feada76b94394975d0f742ed5e97a217e5a6665c8bd23ae4941 |
| SHA512 | d50baedd8b60487b3db71b209408034eff50a21fdee64a4b2cf236da8733f436c1fd295dec08c9a256cb983f2dab4fafe9df421738c239c300ec04dac9b1267a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 90511e5be3291c0450b0d6717cd507b4 |
| SHA1 | d55e624daa2df115d31cf87ecc33294840b19e25 |
| SHA256 | e9ab4cabcfa1efd6e1b140a25c2011dfebea35fa8bd3f19c435b3017c222756f |
| SHA512 | cbbc1730050a3bcbd1b0ec690f5cbf7a9770d0f96bd936f3e8adcf83b5efdece59cae005cfc7c3d70e914c05d8e2616975505f3cf35d1a3549399385edb9d6c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12ed400898fb4c1989fbec5cbbe3a7ac |
| SHA1 | 0658aabff909ce5793b7ef8d687f951c00154d73 |
| SHA256 | 9c983231b88981c0fcb53c79edbdd4878277540dc62fa9be3e4aa69bd20f9c99 |
| SHA512 | 97d14fe4e3ea60100012bd98431a222922c4f3e6c043e036e6f222c7807b29c432b833fdd275a3babda4ea775c4d4ce6cda47a78c95d4ef07234caa30cfa8d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 138d3863beedf488e6130e392a0ac6aa |
| SHA1 | 23b7a3635c1c0199eef5152d0e13abb044f39f33 |
| SHA256 | d8e3a6d21f65fdb2312658a832e6967c4ab929a1f5337ca7a934d10ed4b2ca67 |
| SHA512 | b715d0a407b154ee89f888ce78944080da9be1cba57db35458ed20630420e3b775be92ab7c44b73eab6a1811758f85f68e5eadda998a83bdf1c309bda7f6124c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05a5ce180e558445f3cca331410e52bd |
| SHA1 | 55dfa8e8a6f11818177bcd1aae6f6d6ca410f562 |
| SHA256 | 7a1ddfa62668bce24520d3942768b2f5d28058f78c6b25c752bdec1dc021e599 |
| SHA512 | 3d9dad87b90ad980a466cdababc7afb5bcbf72100b86bc7c19ab53625e41a40b76532995f2b65aa7d594c3a47752792d8d18c9fee69cbe096cd6615e769e3a56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 829d661d7342388528a9ebabcd62511e |
| SHA1 | 0fccc26b31d8d1bce8077e9150764d7ba8a29370 |
| SHA256 | b02d56dc26f3b85a5d4ecefe9d953f53d8578a6576e6b88af0126a84200764cd |
| SHA512 | 54b2faaaeb0a073e9a1d3bc14b164bf618359e5031a41bd67b7f098b9c375f49d592a0712d924689533ed1b1e1153ea1f2ef1f3781f5e31f720628d138de0a85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7a9242c0f9cc761f8251d93986af3479 |
| SHA1 | 239861a01ab33f096176bd80582a813198bf1f71 |
| SHA256 | adb9fd8b3c67a3b80859d22feb3ed075ce9121ead284db8f183ad47ffc30e560 |
| SHA512 | cef505ba9e556c98de6a4de6df35874166e138baaaf03af0f08f4ef84918029ea349d31b7453a12f99c0e36d41341850df72ded498daeef4d00cfe4b678b7ad3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f93877560c0342bc710a6c0c3ddf6bc3 |
| SHA1 | 41a61b533eebe1fcb7b3c24337a128bfea7da9d7 |
| SHA256 | 19108efd49a1a721132502328bb217bced34097312f83a744a3e2d1b64c9049b |
| SHA512 | e15cd7376f3687c89d802a365b0bfe2830f2a7e6d194d5228870e71e38d264d19449099c21e0becb09f1b0a3445860241a1a0e3c8cd453ed539f8a075a8579ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6df9cf86dc3a99de26489252d34f8ee4 |
| SHA1 | 5a143bd351c0505f1f9a8c27d92cf7416a08370e |
| SHA256 | 015b82cb3ed8a27b0a49b09258ebc4f09aaef954214e58b3e14b618a95275da5 |
| SHA512 | be12114ef22e81908534e4aefb9b6bc9363ead818cb9c2926829cca2c08ba31f64939f38b3a82d96425e47a72edbd18ef8c92222339580d9121802378e78a2de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e6919d4ad86c9f556d31ba3ad3eeafc |
| SHA1 | b2491d3b95ed7e8d7574e6fe5632646968d5a28b |
| SHA256 | a3eb4eca62d65b30964b57e3001b0c9cbf686469e84f55a94407ebb70ba8f3fe |
| SHA512 | 3311d1e300e50c8f70899848bf9d575694b75b32b5a74d54fba387abab813e786ddc01bbbe4497b17c2c5a0bd9e43a5a0a1d79b5ec20bd9d747a6994ec3f2e7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6c078ce8a1d2e09e58cfce72f544290 |
| SHA1 | d062c6f2757e29a0639b006e1633a8ffbfeb323b |
| SHA256 | e3651ad0e8f3f961fe8119102dbdd5bdbc379531c98c31f3ae29b8a511ed8ab4 |
| SHA512 | 382e26a3f040466c01c53e62823c3222a6e71a6f27b33d72f1b82bade515c458e83e5db76415b7ce82fc980122a95e2871de96e2e42d3dfde408bf137d231ba9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25e97d6dde16bc47c22151ab3cdb2240 |
| SHA1 | 68974c9382c7152d2f82ee9db34b96bb9b5dbd64 |
| SHA256 | 490599c38086ae1facdfe830582e2e40c7a055e3645af19419c525c7e39a5b2f |
| SHA512 | 026296a8eccfd50bfb0990e00e7871bbd39427b11d306ab17dcee67769eb2043700575fdd9510ee609f0f5d00e9b5cec2639a33a30fe21fed6deefea75078741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f05e0c08f5197d744cd31b63c8c839a8 |
| SHA1 | 591987c64f2c887b14f16b01fe5c90e454f181ef |
| SHA256 | 9fb6567e5a85e74eb9c673e644ff48d029891f2c50e1754a3c222b70398df32b |
| SHA512 | 71cac89390344b1c1e7af2dcc26cc9c7f3150dae8ab157fa44077eaad43f1f86f6f8c89223713b55c3676b943220de6981e81f51f75493ab2e50b213bc066098 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89d83af2efa7378712f21ca04785b300 |
| SHA1 | d7527c71b7bffcaf4b1dd37cd12914843d8bbedd |
| SHA256 | fde1559542144b97793d412d1fe4beee852712707a27672b586b12351fe9b1a6 |
| SHA512 | f49b0c9c5ba68a8194870742aa9b5c3899208a635c12415d96a9d2fab7cbb4a5c768c2cf23f6d3f729a2c44735f1ba97c5044a6a5431cf544ac48087a3b14497 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 420c9a1241c308aa904cdcb01c40893d |
| SHA1 | 382df4e0bc5f24995113b700064723964ec8fc2d |
| SHA256 | 6158f5adfbfe9817def829a3208e198139b0685988586e2b8b01ae2f7ea2764f |
| SHA512 | 79413960d4a3c79192cfe79dac9648c107118f06fdad620d05f50f07db76502b83b09c0ace008c705fe1dfcb2405b438af180cbbe4d1f466e03a81fc0e906f3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e2e60af6060a338ae320555fc1ef793 |
| SHA1 | 5c231d33d3b57657e55bb558c779158c5ddaec4e |
| SHA256 | 4ada15ddeb2c8942aeb5b5a889671a86c58247542b8c429e45f12c2115e89d83 |
| SHA512 | aa4e571cbf2df74aeee8e9b2459306ef5a5d02b8192de06bba13fda075df401209bf9af8906a6c82a2651e47c4f06f7ba384e9162ca38af26e4d8e0d932574fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2597f8d2babc989f7b639d54fe8cf0d9 |
| SHA1 | 5864c84dc57e59b1dbd68b7113c31a5648f1c1c0 |
| SHA256 | 8d20c84e6f2d35aefd2b63f9229ffc2c9f3a3afbef8b70c91915f1b2d538f827 |
| SHA512 | bf888e7578ef7cf717da7d70b07465a8447bfb13cbbc02f3353ab1035979f7c61d7c9c66020e7f6624e520ac9c3510b4b97b255db123505edbdd7ead9283bcf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6111611ba4932aa0c4582239a997b2e6 |
| SHA1 | 6369f122c332783314fa95724c5cfa1d078f301b |
| SHA256 | 2a6f3c416236dc23115e4e698282099bacbf9ed0b4f140ea7c99084dbd69edcf |
| SHA512 | 396c2edece96939c66816d56b1cb760d9528d3dbe9d828496711b096e2186d497f24431d17a24ac320e1d2ad514542a923c506af1c7b2dc6ca5f3ea6cbffba3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fd2897dbc558f28fdf6691aa07b1ef02 |
| SHA1 | c6985220bfcf8011fae67692e50a8e59b4632e10 |
| SHA256 | a10b9324d247734745eefe2510f2b4852b396116b716a00e33c8d8bab2ddc461 |
| SHA512 | e3c5cc8510eba98943c81bf6b63f3df6757184074aa423d69da3fc038bc99095e41bfe46d4acc8ae437be2423b5b3d10ab0737a1e1ad6bf7e451d8b955a9ebcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 564e950daaf35c31c4aac05c4a0e3264 |
| SHA1 | 71166a16975c80f12f7de3a935c96dccd42bed7e |
| SHA256 | d744726316a617febe44aabaf9fdc50e4dcf9ee8f23ac56ff38fa089de6ae861 |
| SHA512 | 067e3b14a3ac0b303c07d076d6d5f544a422e5a77f1c70584a6bf2dcd8eb44bad44942d4f9dc37a24e096dfbb4af940f4678a4a0343da48dcdc057a1ec1c9f52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bc3d91c67dcd45c1f5b05bdc5c4013e2 |
| SHA1 | 3988cbcc8d85aabb65266a918fb3d2ba7f4ff25d |
| SHA256 | a7cd4056f49b679ba2422dc584702fd02534406235640e43118031a1d7686543 |
| SHA512 | 3d5940efb8072a53a1563800ef6740c64175cfb9804625443cddfc03aec52146fc6c198462dc3eef41ea5c6d840edd646a6ce5560485321a7451d4587375abe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ed6c2e44dd05cabff7c2dbd934938272 |
| SHA1 | cdb388c1d4436e34d95ab7e629007c2a3f8b28ed |
| SHA256 | 80de83910e599ba4cc97b7b3562c14f2baa68234aa06eb38a3a5e3096a1217ea |
| SHA512 | 997b6469fbe321bfc6458de897e50d2d721bd4c9ffdf53fd3ffa05a1061fe67fcdecf1afd3f0a774527d64d53b48a802a9865c6f5d205047bf338a2e3b58780d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 708a24b013d7eee0c711bff08d4ca4cb |
| SHA1 | efebb178feb0fb9e3081daf9daa065a6d3ac777b |
| SHA256 | 589850d15e7b572d501564b2e2d2a877bd14577bf34f7ed20756a0cc2661349c |
| SHA512 | aea8376624be7d22cf7c873b612809697e54b70ed5df94a3bd0b9e525da5e69f6cb6b796e1a52e300f2764ab908496948a30c8db0789b971aaa23ed7aec057b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5fe6807eac10520502c5e4b07f1035c5 |
| SHA1 | d92c703cd8a3a7e552a75acf9301eab239a53e24 |
| SHA256 | 605dd76f53ee5f6b672856937cb0834ea7d95607bdfaa723b296792293c16811 |
| SHA512 | 74312995e6b51cfc75ecdcfa128f2acf190f0ed3e53df632076bc77246f812d00489e78f34d5a20b41aba865a35f84fcbe7ab48d461a78dbdeb7b863abcc7868 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010b
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7e1b7ff45d531a2931ee35615849f064 |
| SHA1 | c5d42c355799573903848cac495a4c6d1ee259bc |
| SHA256 | b8e81c6731f805815e4a3e2a552608437546db93b55a507eb096dff25bfa69d0 |
| SHA512 | 500841f6e7bd9777c94ed1067b6df5b248a0a1050c1bf2729a3796c851178504579330bcf185c60041c8f2b490a89a53e2572f7f9af8365d1bda2bf0eed1e31e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c1f9fb27787d6144b883e3d169fc948 |
| SHA1 | 18f5f65d0c4f02cdffa78b6db43f08905fa1bfaf |
| SHA256 | d5783a52669eb27b2f0262e82332562cdbbf01e36181d82169d67f47b024180f |
| SHA512 | 4e6223810888c27c5394ace8eea91227bd2cb74b70ef9c356a4285af987bd8b9e986cd5f67d4722fc40c10f7aa915a4aa0aa80343253b0e09685a714875e481c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 582a6adcd746179259aa2ff6f82b987a |
| SHA1 | 625f0e04ddd0715fb1c82bd5245156ac7d0cf135 |
| SHA256 | 1db27399a207f1bb20bf8fc320d7811826e7537b24c7fdb5c8b3a8f943aceb49 |
| SHA512 | a4c1d6853cd74f5ea0e49dd9f4d70a0355d57d1304f74f990efb9e854c90fca6e5d42866b8715a6637b26fd95d881faa733992a6741990b641a21faf0f2deaca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a73cf5f-55f6-4d1c-be42-e6e3ddedfef1.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 118daee20b705d5437292836806dc617 |
| SHA1 | ece4b130a7113bdebbb7995e72b35f56a26dee93 |
| SHA256 | 7d978297ee6f218bd7727e87a017386b00f95dd1f2ee803c4ddcce2920c348b8 |
| SHA512 | 510050b5762b9a5928b1eb3258a327a300ad7970b09d8ac9e44aa385b402fc240da2f193ac57878747b5c8b88007cf073c8bf07b1f8a1767767123d65ab1e3eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bdd06a51a828a40fb347e385f52236dd |
| SHA1 | 2988812eb3e5b91f2e49993ca5cbc4d61ad89e5c |
| SHA256 | 5c4bab226f99be8a4a3306ecd657bfa87de88e96e8f51c375361ccac23203bd2 |
| SHA512 | 9584d617e0f6dc9afcf1e150289538bc39ccac63c0d75965046390d2bd72da9d068acb2723e796c86feb5990f66f510978efd97f25dcd9845c4f6be286563ae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1587a2af3d4254b83a278bbad735bf3d |
| SHA1 | aa4289995f9f75668ee0169af5dc7d7db81fadce |
| SHA256 | 3e0fe04de3293dfcf831f143de07bca2b720b0492ea6e9e6dfd4d2768950d825 |
| SHA512 | ee5349d05542f864f458bf1ef83b1ef8e7f6f463f79b1c9efcfe6d4f62c9e4c5592137111e0a68c805115f54f5c7e0b307c6a3656e6f47f8abfb8f9ff413644a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f8bf3a7a6fe0cd374f3bb7107777e6c |
| SHA1 | ac8a435ad721440c0c17d2d2da43eb8cf19073f6 |
| SHA256 | 9fd48413a4921daec7cf82d7461d09593e95d2c7cb9b5a77fd721f391ed1b122 |
| SHA512 | 8ce25f592eebbc869fc985fe9f2abe54626698e463bb21c9b76a8e182c4f9b6f9ace98781adc989f85b0c0f1496d216a7b9a83557993941cf9b8245e8e802c6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a1fb2ff4572a225a1cf923553157ba5 |
| SHA1 | d147f737e0179b527d13ee71c5c1fff2a383f291 |
| SHA256 | 2ec43da9c6c3cbbd1173c59eab7ccd4bdd5de93e8fcdab5d13002e59bfa9c5cb |
| SHA512 | cf118908e089bab6fd0c43eeccecb4ec6a4008904acdcd52e857342dfa626c2251d1b2a3d674d4955398618c40a8fd61e2021ae983f157cc26b9c49804ffdf4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89cc6bb0c27a689901c7a5ba7775ccf3 |
| SHA1 | e019ebd60572f29325c51276cec383a0a13abe10 |
| SHA256 | 66b88e78b11b31eedab966b495b38e26ec64f15f72f2ee0554571372045d32e5 |
| SHA512 | 4056a1ac9ea400a12ce94a84227cfdc84955aedff243abef32a2d0db2a0786e4bd95adea36867dedea4bb89d20cb6f365846f5b265b49c71891ef93acf69eafb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 03033414a79f1ddbb6e456372a744aab |
| SHA1 | 37455f52946e4df17d481a8de3a8497176c4bc82 |
| SHA256 | cbf3d87d8869a65cc7d2dfe6672ec778438881a73bc9d784dca5eed8126a5500 |
| SHA512 | ce88f8da99ab854b6940e46b5f3d1ef01b0308188dc36fdf71e9d40d4fd08242c44d59e25325ba4fc55c98cd6e57d959b64b96291eaf8ff4234e2ab1fd4fed2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1bfe244b5713b2e64775f9d33017ba2 |
| SHA1 | ce8a301afc3e552da9d77b9c39ef046f6eea76fc |
| SHA256 | 1e14c2557c062afec52b04a426b7af21600a31bf8205b57690229ebbe58aa877 |
| SHA512 | af13c9cc689ca7288629100fa1b2fe02d9f605a3c26d4031724db49e3b41adaf490dca7fb482247ddde3b4c4561fc5595ec43ed8c8d72b81047de8cd4d542ebb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dc4de25be66ea4098943aec6fa30d25 |
| SHA1 | 48c69d2b16104b6bb49d205d0b2a8560ee33123d |
| SHA256 | 5e6c9caeff598cb54afd17dd0d18abd9fcdd4220a570641530fabb7b0a4021ea |
| SHA512 | 1950b3be463ce61bf6816665b9bbe5afca6d864ff6819dd85d6392bacedb469258898a1c55facaa73a3886bdd6f00232413daf4e2c9225c2a0266558a71decd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d4c4148e0cfa2e224065bc7417b1679 |
| SHA1 | 4b9358f92bc1b754643211a321f29bd850c18676 |
| SHA256 | 3477ffc0ecc11cc42b05e22bc499c242f7ceff5260a23a485da01ce632823ae6 |
| SHA512 | 5f471aae2dad5e359373147ad3965e03b5d3672afc1d2923d7c47088cc712b974be06ee95687887e058a8076a98b79c07bd1f7f3d961a8e396f7da1d48cfe583 |
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.86\Installer\setup.exe
| MD5 | 69221ee7ef83d7eb340857b5833eea14 |
| SHA1 | d7f27c64b62eefe2c204a323cc812fa56f58ce1e |
| SHA256 | ad14d7268ee8a9c3c89e7cf62a8a9b713c9f37069fe85b3f8fe525dcda8cdfc9 |
| SHA512 | 8df73f03d7438082b9e8793f5346a7385c91139d879703dd8c32acfdacb200c18231a5a9cedd7836c892ebb7a8888857c68653728b9027ca1f483a1751fbe2e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e49c7b96c1dc68e4d4716d2c72f2a172 |
| SHA1 | 8a1eb2f2adbc0dde92cd45475af31ed6206cdba0 |
| SHA256 | eb4d6e46bd92f58f69fe91a2ef7e1bfc0b7aee1258e5d9ad955ed8fa7a653aa7 |
| SHA512 | 416c207817ca0bf08c68ab476f2119e2bd5728a3aec8891e20c282a7a840e10b0f1edef857323ce5007c26d6e7831a965e930a1b405966cf812c1e9014a4eb15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22977f517d30e91815944d95958ea96b |
| SHA1 | 0aa3e261e9187e38a9a2c482fd17d691870366c7 |
| SHA256 | 75e3bfa6f0f351e439aef152479a109a668379f22cec5a3504be9c9234b9c7e0 |
| SHA512 | 9f3681eaf9daed3364f0e889d2f822b62b3685da7bb37fe13333e689ed8663cb777e6a37ee69747a02e9c0d5f12862ce4d373325ba75541203f42362d26ee0ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b51d322f11e3f41825b908a0746e64c3 |
| SHA1 | b1f30d192612a9f93ca3a331027ef4ab8f219e80 |
| SHA256 | c442f269a7385ceff990b798331854aa6632fe4e83705c21d62bc07ff9184130 |
| SHA512 | a68866443d186de83efd6ff22fd8ccf96b2dc05b92930433fff8f5bf8df465f3b1aa58f72c4d12488989dcfd653873261e7f1628cf49f85e08ad149eb2590e3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 705bef73bf26082a2baef7e0071f409a |
| SHA1 | f57ffaca7c33d58fe6be5943f50770e33f4e55b3 |
| SHA256 | afc0549343620d0f811e068006390c4ef78065ae83fdb84a91bc8d2629d3c4dc |
| SHA512 | 8ecaba765d877d6ff72a3ffbab31bfe68fba05b45c9d48d065fc8f6559315ec650c4c68501d14dee4144c19177ddf21d6a00e2e1c9bbe7d222235709e010e496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f48ec4427904519897ed2909b0fbb32 |
| SHA1 | 8953698d09b653d8b88c09ed618630e042276968 |
| SHA256 | 03210ebc52f5e5446f08a72dea97214c1296dbbc0e221ae8d763edc170569532 |
| SHA512 | d134b8016d1c6db2f1fda59d286c041aa294df9507f7bfec57938ecf79ef6cf2c856c979583d7c15740313a045d21fde6f0803a4a911ebf9086456091b7dfb3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 2f32d5cbfa5993737c4b079580a903e3 |
| SHA1 | 58fdc6adae4ee9b2c212365607238acd9ce29301 |
| SHA256 | 2c37ce8a8f71236d2e1e548d36a92e4a218c34f0f22ef10e2138de39d887ea55 |
| SHA512 | 280f63ed022d92a2a263840bc37de01ea85345b87acf6962dffd6e9ebae200002b98217c49b3015b05cf1e3c607405b8fbeeee32f80f54d9d4c8ae5449e29023 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7a8c3c0a03958d95940e445a87e7dfc5 |
| SHA1 | a2837df583ce9da09af867d7e3f9a61a5fc8ac95 |
| SHA256 | 16b5c966658eee097b515e586e354d4ae1abda483ca629e60d8f5c641a3a82ed |
| SHA512 | f7c2437850ba008cfdc2b8a3d7fc80178db1003f1137d8def5e88fa89acc8639fe2cf48b3dfd87e0fa81f54cbb100e2aae72a38fb362c28adeff18bccc9cc158 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aee0331e6df097e8e0d9357d962775f6 |
| SHA1 | 21b48c7ac8036b4fe09100b031bcd0a3d32b2e90 |
| SHA256 | b822ae6813826c3fc50e1f7bf4139ed3819803d7a37c561c402e756c980de5b3 |
| SHA512 | 8a95f1871ccd752cfc54d7668b39d3f4b49936aaf604d9765e105f3d85fbe34e244168f52f890c7dbcd61798b61e65a82624c2373f50f894940c113536a972ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 120febc798f7d1bc40a168a79cb721ab |
| SHA1 | da9dbc0fd3b934cf63f2dfb06552b0b6552f162c |
| SHA256 | ccf2eea76dd1ee311a7c2b1fb7ff9b55196f99ef5eb8fbc2b6810ebacceaa979 |
| SHA512 | e184e0b0d53cd965d2b29eb1a1c01c7a246690cb70b63dfb65261e82ad7ad5cadc59eaab0776b80d465ee34d150d8b673003f52c06db785a7e1c9a7e97574754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83f37b19bff075fc44b44a7bf4ef78ea |
| SHA1 | ee7693cc20acb5a242e768d855fada3574fb08d4 |
| SHA256 | e63b6f1952f8bf391de05c10e5e57f848269302ae3cefe72d5aa750908a9cfa4 |
| SHA512 | 0df8762bbbc25a8e13c4038c43d2c305fe836298e2e52d5a02d994e11a2823cb11bf0abdaf0a9ac62a3aa22e4cc519b5b9d10df407a41c5c0445a5a94c6b6eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83fb13d483e81e38a75ca4c0b4d3b747 |
| SHA1 | 65f5f51540ae37c037f768c061359417876f6893 |
| SHA256 | f3eff86439d72494146e01cacacdae7b4f2ba321f79beb257c44e03355c8d3b4 |
| SHA512 | 54c2e52c6d98969dd376f45deb3ea9273e845d075502d9750329997be11917ce7420d960c14d6bced9a3234ac1205f0793e80587e712eb142be032090fc0fa41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b56ac54f0269b123046e91abd3fcb915 |
| SHA1 | 5e311384b928b7712014a7d09067445ce4775b18 |
| SHA256 | fd42dbfbad40427f076627f0343668162cb14b14ed63cc57a271de15e114719c |
| SHA512 | b2cb4e353534e2f4b8f3a796a4fa6e555ca18249dd6294e5d2da181ad831ccfd432438f49fc81ed3dca647eb3f7a4141290f2b7ed108e40a8b1553e2d62753f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b38ff90d74349dd985ffaef57a21f07c |
| SHA1 | ac403548ad66532d2285904988f5782cba48900e |
| SHA256 | c58e376105ce0d1a4a768d09e81da85eecdc069f2a16dcd43a555f4608c3cc7e |
| SHA512 | f9ee442c1560911868811df8d6f5b670798adef84048f403f6acce30633d6b2202c6e51623f07152660d78ed2c1eef11990312414c793ca77279603acd655275 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48aea0de9e8babcb70f27af7d9603245 |
| SHA1 | 3f68426ea5ddb0325e183667c91d48159be25906 |
| SHA256 | 47857e968afd2ea8e88c5a509c96a1e9ada5d14b6ded28e369502c85c0123032 |
| SHA512 | 41f489bd245ceb32abf9924c4b7788f781e73d6cd5b53ad8b95e54d4224af5b534242a94acc547ec29ac8fa808137c27cd010dc52d4d9524660b2b3177ae4ec8 |
C:\Users\Admin\Downloads\Ransomware.Petya.zip
| MD5 | e8fb95ebb7e0db4c68a32947a74b5ff9 |
| SHA1 | 6f93f85342aa3ea7dcbe69cfb55d48e5027b296c |
| SHA256 | 33ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9 |
| SHA512 | a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd90ac27254e7835cc3fe369d5afec28 |
| SHA1 | ae806c5efe865cb6b4ef7d7483828664e7424a65 |
| SHA256 | 05010531789c3c77576008aed004d16143f1738732368ab8b9411a88fa38a743 |
| SHA512 | 506005ff48039333134446678163beef6aca25b76d44ad3d87a43178c3564f9abf93498e6c54d55e981c8bd4f18e02a560bcb36eb52768e7021c68d12a627050 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f87ba80d65f692dd092679a010a99dc8 |
| SHA1 | 627e7d61f9759a7e7acf3829e3e94d220db41a21 |
| SHA256 | d0cf8ba01d05fc94b0dbd6c94e5802848daa43c2a6800af52f574756c916d14e |
| SHA512 | bad41fc1b925011fb9b2609a5d206f5d1f41af7ddf97e1793b4500380866402d8808ff8f74fc39fc0eb7c64e7bf1df8581f676c3cfe4666f956bd96d5109c7f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e9d7af6888a4584c6cb3d58083729111 |
| SHA1 | 6dbb5e6c587d7dd5e562c54ccee416f2d8318219 |
| SHA256 | c90ea49d98d19ed8bca63073de351e800e4d431bba4bcd02310bb7968ab975a6 |
| SHA512 | 011301c1001ea6a47cf9b89866ec70c491bd6572ac11001a5978fc0c39c3faea0b923000ea3f1a2db2c935b0e0869177b18ee66b2f203231304081c277b51b77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d3188194b26a51fbc5cd083e40e561d |
| SHA1 | e91238a05465e11714e9aff4ef6121ea9a6b4add |
| SHA256 | 05a6c40f491d75c1b405545c10eea5da9a2c43785165fcf11ec27d786338e0d1 |
| SHA512 | 2fa4f5d07cdccc9bc5fcff7271eaa951374b63443c2e773e55402296f9fa17831bbda7f5c1242c34baaa4b5a24a516f382c33eba1ba8d41ef3d6cfd4f7ed818e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a9b24195643f9c8b8498634250857a2 |
| SHA1 | 08c338cc210637807cf5280c1114502b8f2e7599 |
| SHA256 | b5290cc6229b899939c3508ebddbcbdc4de326667ef0a45c0ae7598926c9d80c |
| SHA512 | 039db707ce70a701efb6689908ea21f43d8f3bad1f51a41b90b0b778bff7fdc949b369aa32ac7f19fb3f309be8c578b8c3f18a88c04c3f161d6bb9182584f874 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6888fa72ee381293962b0e548aa05a15 |
| SHA1 | e0621eb3bb43ac8e5504338cc4f2b903cc5a246d |
| SHA256 | cf1b5c78f49f72fd3ee4dc75fcd9d2f851c58d2fe04791d96980183627b56b6d |
| SHA512 | 35c56abcbd3d412ed91276e804464da00465795bf34ab44f84464cff6787d4dc71dc74fd34314e0344455458c6014ed27534e5bf811fed7f10e85016ad6b7e27 |