Malware Analysis Report

2025-08-05 23:18

Sample ID 250115-2f2ehaxpby
Target Bootstrapper.zip
SHA256 a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a
Tags
adware discovery evasion persistence phishing privilege_escalation stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a

Threat Level: Likely malicious

The file Bootstrapper.zip was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence phishing privilege_escalation stealer trojan

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks computer location settings

A potential corporate email address has been identified in the URL: [email protected]

Loads dropped DLL

Installs/modifies Browser Helper Object

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Network Share Discovery

Checks whether UAC is enabled

Checks system information in the registry

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Suspicious use of SendNotifyMessage

Modifies system certificate store

System policy modification

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies Internet Explorer Phishing Filter

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-15 22:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-15 22:32

Reported

2025-01-15 22:39

Platform

win10ltsc2021-20250113-en

Max time kernel

407s

Max time network

404s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\MicrosoftEdge_X64_131.0.2903.146.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\psuser_arm64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\dxcompiler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\notification_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_iw.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Mu\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Locales\gd.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Trust Protection Lists\Mu\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\psmachine_64.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Locales\pt-BR.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_bn-IN.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Sigma\Staging C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ca.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_kok.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\learning_tools.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\identity_proxy\win10\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Locales\or.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\sr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ca-Es-VALENCIA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\dxil.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Sigma\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\tt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\wdag.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_lv.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Locales\fr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_kk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedge_200_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-mr.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_480476407\protocols.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_205396244\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1286514587\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-ml.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-be.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1230928300\crs.pb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1286514587\Part-IT C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-hi.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-kn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-nn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_914808931\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-es.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-et.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-ga.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_914808931\keys.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-eu.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-en-us.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-gl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-mn-cyrl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-or.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1230928300\kp_pinslist.pb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1286514587\Filtering Rules-AA C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-lt.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-tk.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_527643304\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1286514587\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-it.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_480476407\manifest.json C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-bn.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-nb.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-uk.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-as.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-bg.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-nl.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-sq.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_126066024\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1230928300\manifest.fingerprint C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1286514587\adblock_snippet.js C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-pt.hyb C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 3365940bb865db01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1212871809" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c086703d9e67db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff86000000000200000000001066000000010000200000005af378eb7ec97f00613425f265bf775b2c8e4c3b9efbf2596dbd5e755602d11f000000000e8000000002000020000000fc455091e908de4cc80d0ee0e865f6bf8af6af30cd29bd889c210361e279517320000000dd806aeeded91c82bbe8fabdfca1bcc23088357af95a7456ee1225ddc85aede7400000009fbc1339ae80cd3db6edbd8318199737812a91a7f4f4e10aebb28578b64081654646420e2bea0a2a75da41d51b51b987eb20d10bb056ffe50b41649b23499f3f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff8600000000020000000000106600000001000020000000d40855c6324749430f948444edb149215cd7293cbb979e82bd52cf2b0e5b72fb000000000e8000000002000020000000c1a85437fc939ca4f5cba58f4aac849c1ae3475d2ffd58dff24af31bbf51780520000000d4dacb6283f71c5a6e5200ffa9aa3ae8f938853751f56738e10db928c8fb9cec4000000024bcfbddd3f24eadd854e6e399fc1223e208acfd829c41504fb717397b43d4344b8c6b91ed353ba16546403eb1ffd7371677e486cbb3ea6df199faa68c088506 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff86000000000200000000001066000000010000200000007d0e2026356914748214418cf2c1a2490d2f1d9c5b12a9524120e3c46d177414000000000e800000000200002000000021e991cfc765be5a8ec0d393b653f7d5e5fdfb3306c8f5abe4103da0fc68a7e42000000090ae2903c4b6036b203d90ea4662284d91c5475a68dbba07838f8ac0f8533a3840000000e195989096be1a4f165c37e4b13cf8a4c6a3b3741a0271a417cbab9470d1255983e3d091ff074a280a8dedae6cd01aeac7628ed8192ca460d29954a98b26ae34 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31156126" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff8600000000020000000000106600000001000020000000af8a415e0934c1a9e51f9861f34ef9f32f16e0c86ca01b94988609d78c616172000000000e8000000002000020000000dc6bf978b43287ea522b4e1b5b205ca52670a0a0c9049244f269bcd021b30d45200000006efc65acc7593a98f46fc42db50bf7ae7ec381dd71dbb5c7682d76eb26850462400000004c5af3be51903a1aba007f29b431953c668e33562ba63542ed6f98ed5a0f8cc417ccab8e6cc880cfb581b54ba65209fb409383543c84c4d939cc49b350dde849 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31156126" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff8600000000020000000000106600000001000020000000d84221e0a3515abf4cfaef0b4cf1b25b59e4dcd9d51dec3719a2312026d2c4c0000000000e8000000002000020000000a8fef6c3a4ab3185eebc3cc1a09e4b5252e97290623160b41c07629f9ec1cbdc20000000361022d3e04c32f95e25b5dd4f456eb70c325c257375f7a0bf0f7fd89c77fc7f400000006ada706879be7cf5827bfa9f36790c0d522c11c90e5ac3f5243b2b8ae16a3f1e887c659a1332e2f8275cdcbf739e579bdc1b492b632ca1ccda26be08dc59c32d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff31ec61432f7a41bd8a8a4775deff86000000000200000000001066000000010000200000000c75beee1d293bd20c419123b2a75439e2b9e05ffc06518008d732ce7eb5f4ae000000000e800000000200002000000051e4e7153020c33411ea926798d1bd407908b3f98dd436839c35448f53fede0400010000c36bfc2fb2f66bd16fdf9a4f619b405105e16f395067509490a0b102e051a562e4b4d4de8ddfa886f89ac9b3f2c65cd51d94fc6c12e3b2eaabffb9866211f5f16a505ab3651017934e227a4b0d730fcd97aa6bb66fa2357931a5c8803d88b5602bfcd192f6e2b11032a03c98947cf3469ef29e897be32692943381138e6d5244868e19610e46347d9331be1248d62c75de4cee08af1f1a93cdfbb442e4bd0d2a3a71832cc63b76d37cae960997cd1ffcb2433f9320ec325e7c7dc5239884e71386c6c6e4e020d4730a6ad958ded03a765ca473da54111ab2d9a2b8397fec0a9ec8fe669190361743a89c1cf57bd340eaddb589a6a1c930a9abc481a5cc9064dc40000000441b7d566cae36563a12607d6d65b73e6f1efea7e4a6441d457f881ab547de91195452917538107a8276cb46f11dc0ab801d15b84b5f20a5e3010a9aa712bb3b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b744399e67db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\RepId C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01aab4b9e67db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "54" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "54" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0df53459e67db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d051f0469e67db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133814540958702860" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\elevation_service.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41E1FADF-C62D-4DF4-A0A2-A3BEB272D8AF}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2920 wrote to memory of 4696 N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe C:\Users\Admin\Desktop\Luna\luna\Luna.exe
PID 2920 wrote to memory of 4696 N/A C:\Users\Admin\Desktop\Luna\Bootstrapper.exe C:\Users\Admin\Desktop\Luna\luna\Luna.exe
PID 4696 wrote to memory of 2352 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Users\Admin\Desktop\Luna\luna\Luna.exe
PID 4696 wrote to memory of 2352 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Users\Admin\Desktop\Luna\luna\Luna.exe
PID 2352 wrote to memory of 648 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 2352 wrote to memory of 648 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 2352 wrote to memory of 648 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 648 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe
PID 648 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe
PID 648 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 3564 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 4380 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4380 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4380 wrote to memory of 460 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4380 wrote to memory of 460 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4380 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 4380 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1456 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1456 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe
PID 2688 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe
PID 4572 wrote to memory of 740 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe
PID 4572 wrote to memory of 740 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe
PID 740 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe
PID 740 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe
PID 2688 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2688 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2352 wrote to memory of 4268 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 2352 wrote to memory of 4268 N/A C:\Users\Admin\Desktop\Luna\luna\Luna.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
PID 4268 wrote to memory of 1152 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Luna\Bootstrapper.exe

"C:\Users\Admin\Desktop\Luna\Bootstrapper.exe"

C:\Users\Admin\Desktop\Luna\luna\Luna.exe

luna\Luna.exe

C:\Users\Admin\Desktop\Luna\luna\Luna.exe

C:\Users\Admin\Desktop\Luna\luna\Luna.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODgxQTNCNkUtNUIyNS00NENGLThEOEEtQkNCRDQxQzg4QzFCfSIgdXNlcmlkPSJ7NTU2ODdERkItOEQ4NC00ODhELTk4NDUtRkE0MjQ2MDEyM0M5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezBBNjE4RkIzLUVCNUUtNDNFQi1BMkE1LTlBNEU2NTJDRTY3QX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDQuNDUyOSIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEyNSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODY4MDcxMTg1IiBpbnN0YWxsX3RpbWVfbXM9IjY1NyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{881A3B6E-5B25-44CF-8D8A-BCBD41C88C1B}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODgxQTNCNkUtNUIyNS00NENGLThEOEEtQkNCRDQxQzg4QzFCfSIgdXNlcmlkPSJ7NTU2ODdERkItOEQ4NC00ODhELTk4NDUtRkE0MjQ2MDEyM0M5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RUVFOEMwRDQtNTUwNC00N0VGLUFGRUEtQzNBRTEyNjZBRjE5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM2Nzc2NTUwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODEyNDkxNDI2MzEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg3MzY5NjA1MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9D1FC544-C4E1-4EB3-B925-EBA7139F2FD5}\EDGEMITMP_0F223.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x180,0x1a4,0x248,0x194,0x24c,0x7ff7ac282918,0x7ff7ac282924,0x7ff7ac282930

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODgxQTNCNkUtNUIyNS00NENGLThEOEEtQkNCRDQxQzg4QzFCfSIgdXNlcmlkPSJ7NTU2ODdERkItOEQ4NC00ODhELTk4NDUtRkE0MjQ2MDEyM0M5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFERUYyN0U4LTZCNzktNDFCQS05NzhGLTE0NUU4Rjk0NTFGOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDQuNDUyOSIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEyNSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xNDYiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4ODQwMDg1MDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODg0MTY0ODI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTIwMzYxNjgyMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvOGY4ZWY2NzYtYWNiMy00ZjE1LWE4NTQtMTYzNDRjYTAzZTkwP1AxPTE3Mzc1ODUxOTcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bTREOUdPUk5JSlVpdk1aSXBjd1l4STRmZUh3TnJYOTVHRTJlQU9ySXMybmtiaEFyU2NyalFUaXdvTndsN2FXcnVpT0NRcSUyZjhEd1ZWbDRqOUVhUyUyYmpRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NzU0MjU2IiB0b3RhbD0iMTc2NzU0MjU2IiBkb3dubG9hZF90aW1lX21zPSIyNTMwMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMDM2MTY4MjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjE3OTkyMDE1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODI4MDU3NzQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIyIiBkb3dubG9hZF90aW1lX21zPSIzMTkyOSIgZG93bmxvYWRlZD0iMTc2NzU0MjU2IiB0b3RhbD0iMTc2NzU0MjU2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTAwNiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=2352.4188.14003858868973300028

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.146 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ff87ce56070,0x7ff87ce5607c,0x7ff87ce56088

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1848,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1916,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2396,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3568,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cec78bdb-b72f-4b3c-be14-7701a035887e} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {231baff5-7449-4eee-9372-f2996d030934} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1be548a8-d6bb-407b-aa2f-dc96f9ea7c08} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3500 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f8bbed-b904-4e2a-9bee-eab845232b27} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4632 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69087af3-b8a6-4ad4-b107-d76786e3db2a} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4e41de3-3699-4091-9421-0ead6734e182} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5156 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49179b01-4a66-452e-97a5-57ba3c548400} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3fcc90-00ea-4bc9-8ec4-69abd15ae57a} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 6 -isForBrowser -prefsHandle 6308 -prefMapHandle 6304 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e3f0b96-938a-4d6d-904f-d7ab7506d786} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 27956 -prefMapSize 244937 -appDir "C:\Program Files\Mozilla Firefox\browser" - {309b7717-b1a5-4a8f-afcd-8931c815a3c8} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 27992 -prefMapSize 244937 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5db327a-8e9f-48b7-80a5-1c25bab5d4bb} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2848 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3144 -prefsLen 28133 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4299f3f0-4ff9-41cb-a837-ba3be44c5b21} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -childID 2 -isForBrowser -prefsHandle 3960 -prefMapHandle 3948 -prefsLen 33366 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a10578a-e904-4c91-a761-9ab460f6fe15} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4776 -prefsLen 33366 -prefMapSize 244937 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2217d20-921e-4846-9c7d-342745f517ff} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5272 -prefsLen 27498 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cc09522-8699-4481-b1cc-f081ce5dd75f} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5400 -prefsLen 27498 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b363ca23-7177-465e-bc68-a71df9f22928} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5592 -prefsLen 27498 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37939a8f-5854-43ce-aed1-eb0957492043} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 6 -isForBrowser -prefsHandle 5996 -prefMapHandle 5992 -prefsLen 27498 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e88fa14d-65be-4d55-beaa-27985d39b37c} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 7 -isForBrowser -prefsHandle 6252 -prefMapHandle 6256 -prefsLen 27498 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56229d1-0768-48ea-a11d-931601815265} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4328,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1060 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5020,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2176,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5036,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5116,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -childID 8 -isForBrowser -prefsHandle 6500 -prefMapHandle 6504 -prefsLen 27660 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36c6446c-b52a-46f2-9839-f209ba1fcb55} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5008,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4848,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4916,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5060,i,7838573651448510969,13661404379558071848,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6000 -childID 9 -isForBrowser -prefsHandle 5972 -prefMapHandle 6016 -prefsLen 27782 -prefMapSize 244937 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11b5277e-c978-4d7f-afc4-fbb85500bfbb} 6032 "\\.\pipe\gecko-crash-server-pipe.6032" tab

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\MicrosoftEdge_X64_131.0.2903.146.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6d3cf2918,0x7ff6d3cf2924,0x7ff6d3cf2930

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6d3cf2918,0x7ff6d3cf2924,0x7ff6d3cf2930

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\MergeMount.xhtml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5700 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff650ae2918,0x7ff650ae2924,0x7ff650ae2930

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff650ae2918,0x7ff650ae2924,0x7ff650ae2930

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff650ae2918,0x7ff650ae2924,0x7ff650ae2930

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTZDRUUwOEYtN0Q4OC00OUQzLUJEMTQtNUNDNTlBRDgwMzk5fSIgdXNlcmlkPSJ7NTU2ODdERkItOEQ4NC00ODhELTk4NDUtRkE0MjQ2MDEyM0M5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxQzgzRTFEQS0zMjJCLTQyNEQtQUE1NC00OUNBN0EwQUY3NDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjM4Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjE0NiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDAyNjg0MDUxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMDI2ODQwNTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAzMjk3NDQ4NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDQ3NjIzNzA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NTgxNzM4MTgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTIwIiBkb3dubG9hZGVkPSIxNzY3NTQyNTYiIHRvdGFsPSIxNzY3NTQyNTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUzNDExIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuMTQ2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTg3IiBjb2hvcnQ9InJyZkAwLjYwIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODE0NTQwOTEzMDI2MzYwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins4RjgxQUMyNS03Q0MzLTRDNzItQUJEMS05QzZENjYyQTRGRTZ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 2.20.12.84:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 84.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 0.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 113.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 2.20.12.74:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 74.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.12.20.2.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
N/A 127.0.0.1:50226 tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 151.101.195.19:443 www.mozilla.org tcp
US 151.101.195.19:443 www.mozilla.org tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 19.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.129.233.44.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
N/A 127.0.0.1:50235 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50947 tcp
N/A 127.0.0.1:50954 tcp
US 8.8.8.8:53 www.mozilla.org udp
US 151.101.3.19:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 151.101.3.19:443 www-mozilla.fastly-edge.com tcp
US 8.8.8.8:53 19.3.101.151.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:443 dns.google udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 151.101.1.91:443 services.addons.mozilla.org tcp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 151.101.129.91:443 addons.mozilla.org tcp
US 151.101.129.91:443 addons.mozilla.org tcp
US 151.101.129.91:443 addons.mozilla.org tcp
US 151.101.129.91:443 addons.mozilla.org tcp
US 151.101.129.91:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 151.101.129.91:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 204.79.197.239:443 tcp
US 151.101.65.91:443 addons.mozilla.org tcp
US 151.101.65.91:443 addons.mozilla.org tcp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 172.169.87.222:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 222.87.169.172.in-addr.arpa udp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:443 api.bing.com tcp
US 13.107.5.80:443 api.bing.com tcp
GB 95.101.143.183:443 www.bing.com tcp
GB 95.101.143.183:443 www.bing.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.211:443 th.bing.com tcp
GB 95.101.143.211:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
GB 95.101.143.202:443 th.bing.com tcp
US 8.8.8.8:53 183.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 211.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.74:443 login.microsoftonline.com tcp
NL 40.126.32.74:443 login.microsoftonline.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 108.138.7.95:443 static.rbxcdn.com tcp
DE 108.138.7.95:443 static.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 128.116.13.3:443 roblox.com tcp
US 128.116.13.3:443 roblox.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
DE 18.66.112.38:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 38.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 95.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 145.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.13.116.128.in-addr.arpa udp
US 8.8.8.8:53 71.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 41.38.245.18.in-addr.arpa udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 edgecdn-embza6g8cacagcbn.z01.azurefd.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 13.107.246.64:443 edgecdn-embza6g8cacagcbn.z01.azurefd.net tcp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 2.20.12.84:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
GB 2.20.12.84:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 reviewed.app udp
US 50.31.176.119:443 reviewed.app tcp
US 50.31.176.119:443 reviewed.app tcp
US 8.8.8.8:53 119.176.31.50.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\Luna\Bootstrapper.exe

MD5 f2a6133b7f38fc49f792ae799d1b4750
SHA1 6bef46ddde325f45a0e9ff123112c96bbd47c795
SHA256 37bde6655e1272e159b9c2e3a7eee3f4e9a837c0f04240645d3991d112287f8d
SHA512 f9611bed83b4bce1841868880a42dacb6b8f7e8859be1d85b3c8d3a365a0244566cbfb12294c7b2c82b15d6c0e47095d8246a95d522c3a064a0d8511b2411254

C:\Users\Admin\Desktop\Luna\luna\Luna.exe

MD5 b34433e0242e73a5d54e99bd64916b74
SHA1 f73f6f352f53b468932d807779541dfc3e1fb8fc
SHA256 03e8f920206376d4db73f84105d0a2f1e6e38c3f5be7b0773d1b3b6323b4db73
SHA512 a7d4f74284c51ef9cc3523657cea9a26cd7b1becaa74e7bdf74404cbe9c4c5a33ce82bbc9da415fd846386a42b5e8446531f7585adbde64a75dac6fa5b6b3652

C:\Users\Admin\Desktop\Luna\luna\Luna.dll

MD5 12ec737f9177589848de53c3ed9d21ac
SHA1 61f6fce19b45868b911f3380aa4d3ad71103bc83
SHA256 463502ccfad087fbdd28cc8509c5e0dac834d5c60f8cbcdb3f7b8132f789c8bc
SHA512 df8695f12e22223b4e3f7792cc439faa5867724ce77ef5acc0d7de0a411b9690b9381a0dcd01165660d26652a451fc7009b1aae451b5c37285d5d4a0cef113f9

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 b49d269a231bcf719d6de10f6dcf0692
SHA1 5de6eb9c7091df08529692650224d89cae8695c3
SHA256 bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e
SHA512 8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdate.exe

MD5 70cc35c7fb88d650902e7a5611219931
SHA1 85a28c8f49e36583a2fa9969e616ec85da1345b8
SHA256 7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1
SHA512 3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdate.dll

MD5 40cd707dd3011a9845ff9c42256ea7e3
SHA1 4045ae709979f75b1cf32142c1137b4be2ab9908
SHA256 9f4c7072716e0be1be08207a7024a5e41162e288e677d805be8e5469a8bd4909
SHA512 bf1ada8a0d9c3d9f39fb739d05fc4a61f0a7e0e1bb5eb44e6f0f5f58381ee6d80aad89dbc3211b70a6294fc69d5820c70fa8488ef2f793a3710ecff5ee90422e

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_en.dll

MD5 cfb71031c56d9e8b9490d01fbe86302c
SHA1 9e11ecf5efc88e0beee1db46620bebc73f86dd21
SHA256 b18e14d0e24546193822b83996c5b311500ca213beb4d497cbd1dda9dac9db2f
SHA512 9cf993ea53673e416eead78d45a6d700b74001b69b1b987d479e77348ea8dc151f4ba6d6b1220db21ce792f9da51b9c83f33663621f9350b848a766ceae92370

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 714c34fe6098b45a3303c611c4323eae
SHA1 9dc52906814314cad35d3408427c28801b816203
SHA256 fbf495968c4a385ff0790e6b65d26610ef917a2b36a5387eff7ae79d7a980ac5
SHA512 68a65496275a1511b2d3bd98ac5592cb1c1eb9df0448471a8985cb2f458c66163e6d55545940de72dea80118ff8ec7ba0ad3276f51095f55c1243fb9f3311345

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c8b26176e536e1bce918ae8b1af951a2
SHA1 7d31be0c3398d3bad91d2b7c9bc410f4e45f37be
SHA256 be6ab7dd506e44a0a9eb0dd531929bd8aa0796d85a0353e6944bc6bf1630b717
SHA512 5a362cbabebbffbb0797646576b65e2934a3b0a30306d74078ef2448fea3940df14f0b8f149691a100cc170bd548c9b420dcc8aa41eb1ea0700c9f155626c565

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_am.dll

MD5 bd175cb3dfc1d43944223bd5d7177539
SHA1 193623dc372937f31a545344d340360665b8d69a
SHA256 bf0d65cebe0c29f15a616a0dda2f1a414e3f96fe7a28ff7876e811855be6621b
SHA512 f5742352852837ce16f3cf1655e4d41e301f0351b68c7346457978aa310b95b69b1070741fc2ab8be5ff449f6fd44660df3b15811630efc1420ced1455fcaf5f

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_af.dll

MD5 e91e279752e741b25cf473338d5aac88
SHA1 2b8ea61868a26408cd1dd351cca5139a046bbb7b
SHA256 5635ecedd84330f070a9d6f4cea8b8b81e9dad8592d336ebfd236b7d67e58acc
SHA512 7404cdb82309351a21415b045fc7165137492aa262d00fd0f74bad4262ce10e86c3bde1718c38757b7133e41d044035e731c52cccea285d659c4a570776ae535

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 8f7c44e937ecc243d05eab5bb218440b
SHA1 57cd89be48efe4cad975044315916cf5060bc096
SHA256 bc3cdd57a892ce1841787061e23e526ad46575460cd66c1dc6dcf0f811563d59
SHA512 9f0020b81d1945fea12efe1a0a5e59caae4a01432429e065e35c73b15db873253094b2ff1f8903a348446dfc9c9fb658f8bfed8c25bc56e8b546c16304a385a3

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ar.dll

MD5 42015aafd53012b9c8afa009ee501fa0
SHA1 c1fc049feab4fb4b87faf96c31b3d1160f1c1d39
SHA256 86858a1807e6cf0b91565ed7a5a15db24720b0a7f60ae41e67dbf9faeb6ef2fa
SHA512 9ce323da000b51480ee35973872fc7d181e1f69e820ac737c62c36eaa81eb99965bae39fdd394459adfaf8f746f5dc3b768015e01d8724e2d0718f5286c29389

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_bg.dll

MD5 5887cd452245dc7bd0389a0ad5db98e0
SHA1 6486d0ae59ba338e8bce87b438f86691e955840d
SHA256 922a102cae4e74bfc0b402bbb136116eddc71a8adcf7f1268d48006c858d1d60
SHA512 0720aaebca04e84d8af2d7b153b0fc51e5651cf664051b8c4b44159ed4c6328eb237ba4f4c97bebedbb1a45ca5c1d0f249cdccac76c6d5619e0e761d12aaaba1

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_bn.dll

MD5 abc20df0545611a835dcd895d2832cca
SHA1 39e90363156c461e5aef64a714ba43cc61617ee5
SHA256 75d8c2e259b4d113c0967615af61e8f54eafb49c498767291627faae9fcf504b
SHA512 732f31d175f08c5c69b9cf540e2b0e72b8986b44d1ebfdf0e56eb56b68bea64e6446932a546f1fc30dbbbad4ccaf6bc935177a6348c5280ef786d6d8dfa7b325

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_es.dll

MD5 6c3d219e2169f5566a8bed031b21bdc4
SHA1 073a61c02b87e37e87fd3c8e609a56828ec49a47
SHA256 3a841555813f21928fdd45003a3f694a87074869b001b3e063eb97ad35d8fe17
SHA512 2b57d8325ada86a1ea01df0c7d0122875450f913bc8c21d8a7dd44ac7037a170e2f4fc92c13c58980aa9371a7bdfdfee34b9e188e16ad0b89181f7f901467152

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_es-419.dll

MD5 b25a10d8b739ac2eac10b7b7fc7a61d5
SHA1 ec993d8113e4c0a4a1b36920a8991521e4f7eb57
SHA256 cad0cef66ad1097dc11e6396d0a0fb11ec1734acfde15e9eae402ba0d068615f
SHA512 315971e819d2c3dc5fc30ffe2275c3608125f1e4f14dbeb39aa0fd014291dec0c5efb3e02628bf345c92ea0faaa38e30d4ed5c3793995afff9cb9c933f234513

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_en-GB.dll

MD5 5d4f7ab307f71d761a7f0e193f4b2ca1
SHA1 a3580268a98ad5242c7c56fa759f39276b6149de
SHA256 e2f0a11b5269b08261397e2ba8e2a5e44d5bf2e042a1cb91ad395d7c274b44d8
SHA512 307c489db833e4f2c74ab5201909ad2c53c691e0409f5abc29540a84d1c5ae146a072fecaa0ac886c83e4521fecc58ae5b0ff4331f3b37f39114d1fdea731021

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_el.dll

MD5 85dadb4cac0d76fd821346c411d5c3d0
SHA1 999dc0bd7250f71465f5098dde263a7a82ba7b3c
SHA256 1392f864c486e4b4b6859d900b12182f5ad5ec90e183808ab7ed0049aedd807d
SHA512 649833bf473139db879c2c7218567c49ad6436e3af1efdc7d9e9d48b8d3347e2bfacd6140a59d7973fa9df9cc9cab0e042bdaa7dbf32846bdf6b812b7ecaef07

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_de.dll

MD5 d9eb30f1811161a6903901f1ff316ebd
SHA1 7ce5e34af30e821a0bbb7074da57636c1be15d6f
SHA256 73b4fab09f7f224b2527dffdb617b7f852c78eca8989d493ba2fa2201b1becf3
SHA512 9d2e2a44fd027c30836254de1ec99fdff4bad2d3488f25d88a9f80f5f994dd5c660903dd3586dca85fa9e1a269ac8c51b5a060156fa65dc1df0d8137bf878c82

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_da.dll

MD5 7f0ce1bf90bc88d5fb4d32d359063868
SHA1 59d8ba8397c325ed7b2dcd6a262906795549af6c
SHA256 1147a2cac674209b9087f7c81c09000a2177bb7d42d0d518e3c93d8a9ee2d7fb
SHA512 5cd723cad43388c7e2db4452caa20c07e73a676c82bfaca27a293ab70acdbb115fd82c7a65dee3e6c6d8969c4b99e90ce832760b6f7ab47e9a4f631ce53813d7

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_et.dll

MD5 27d45a84e2b94a60d5a821597fdad6dc
SHA1 2125fe5fbaa2db280a859ef3a7d27ba21efec036
SHA256 65f3cd75a7121dc3d417a9c3180bb52b485b5e7d0ac3b483fa355d13515f970a
SHA512 eddccfeee69b7a53adf32e72724ec8ba1668d1927322ce61429a4c663cf3d17e3f6f59fe1930b96f78faa70d30edfd7845ba53cc161f06a4e67ad43d11cd576e

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_cy.dll

MD5 3206ad1fbe5c53d278607da7767b1996
SHA1 6964da8787c299e71f8428b22ed8ff6909912034
SHA256 9ea2727ca92f74c7c35ea22287f13ef262241a905567b908e2860f19e044a848
SHA512 38281ab3590a2e6210d1d9c0d1f5a4a3ef19772065f87d94570bb448fb83ea0579aa8bac9e94b05ba2b6bb2bb882f1be6d45c921c52ca2f0608056512fb3338c

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_cs.dll

MD5 c5681c3b4a8145d3b6cbf51e3f0b12fb
SHA1 908a0546ce091906aa5e7728660b838bf1e619e4
SHA256 2b47a6c19ec492149eca6afb03ca82ac1418a727f35cb641bce9f22136dd3459
SHA512 06c850119b5199bfcec41abe2b5e6929e0a960b69337c6048e0dbdd37ca56401885785de96cec235093a4d6536d9de55178a4c739a6ebd5e34514e12635b6d31

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_eu.dll

MD5 d8323f3db20d104441f548decfd022ba
SHA1 de7f58b9ee7cbcad73433a17ff55385fd7e91035
SHA256 d07d8eb066e953af02a6e3a160232a73c1b66bb54d93d6b2ebc1557d1d322358
SHA512 7de3a803131086c3368d4acada0b6a29ef4ed4102a151eb000056c233da4853c97e394c98d6fd856714758ee17a0cc4c3df061a1b5d2b2b3e3bf95447bb729a5

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_fil.dll

MD5 1223e486deb013055cb0b7729681b9ed
SHA1 b5b43fa89f066a9b6ceb47389c05b69ea6a784ba
SHA256 fae283a78757cdc548c728a38cb041db4ffe538c5ee7d2aa2f55e3469f95fa25
SHA512 8862d2f4778bfd0659dcf9dfb992072767af30dea46b34d626580ab8183a765d0c0f95a7070f0aa36e694d9e559f843672000aeaa4d8abdca60ff83da5a2b857

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_fr.dll

MD5 498dddf273f0f2973b1c4581e820f10c
SHA1 aa048015a3ed6ebf9b4848a9cc54beb5e39eedd7
SHA256 9ec8cec72404794a2b2a738502c7f531d976d8c99a57d2b5d2f0f2e818e35e04
SHA512 3596b20469daece28496a13b02ae0c1cd9265fc0046e1fffc384b8a16a4869402831386679c3e9cdfe03903df0b191d2fdc04cc531104c9c0d84bef24eb4d60e

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ga.dll

MD5 81d35302b31bef2a99e154eb64abbaa0
SHA1 ea72f2aa526ea299d5515921fa0ac8f502ce3cde
SHA256 0133af05b669f957174a22b0b568a17a9bef1e387f52ae157766fae42d4e647d
SHA512 4d1df9684e7247ec0d8fbfdcfdb6ac5b2811de649c5b7ee4a20e5733307cdf5855ff767ebcb12ba15b33be58d82bacf9a02522126d927304e11f8e64261b46bc

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_gu.dll

MD5 571b69e1a8f9cac5eca53ba624aae924
SHA1 89798cdf858a4ee42ab4ffc01055c0463b6c4c0a
SHA256 37e67d7511d261ba1e022c9019d1b223d6d092260f97b471fbe2259ac5af6d3b
SHA512 961834f77c2683332b7a650360c09fb08e7efedf4249e48662b9a4fb9534bdba687eb9320da1a3aafe6a9c30d624c4bb94b55e1bf086a970354df61f2065e181

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_hr.dll

MD5 54df61c0431c61851d8b61427f2cd68e
SHA1 84c99b724a2a5f321fd161d3beceb894e377a121
SHA256 6e96de38195de0095c6ab16696ccde2577a65e8c23d07f31e9f3c9f52d76c7ab
SHA512 46bea4f17fb327bce8bc6cb5329b7086a772a6eae07a8f2f34309a42acbb9f3dadd675d9c8d9f9e72c85149b48419fb5807acebbcee5bee150c754f94e98d7c4

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_is.dll

MD5 625060f019c3bb8f1d49a9b128e1e4e6
SHA1 0e22bd7e23fed0e856a09bfaf5ee105a3dd27edd
SHA256 6117fb49f06f4d8e7268de9e41862a940fd36600e23f670f3c77ec0adb27257b
SHA512 962910c5a438b0289eea0402a262b8b7920255a1dabafdcc477cbebcc36a1c31b69784947c794bf720e16c0798cd958616a763e67c42327a94f7e66daa63a07c

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ka.dll

MD5 3cba4b52b099039d2fbed395a3bc7568
SHA1 1a5204510d2c02d02ce361c7a3295498a60efabe
SHA256 79d4684d4d365b2c89f16fa0522f66031a1037cb4ad2a33050ed97a1df825990
SHA512 6ea41e61e4fa8cbd73e693db860a84bb4c6389b0aa5aace965a9567f6c16ae23fd51c018c6d96a1c08500a3cfe6327cc4c9ca9aa6bf9ad0b2f0d0c71e8922e05

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_kn.dll

MD5 cd6084bee91407a5bb932cad81ca0636
SHA1 c9e56e6d15b413a8061ba38d05ff402b30688684
SHA256 01551c5de82d4d9b262735ecdc39fd6c4ea5a94acb9cb1dc4cea0e3bcfe7ee9f
SHA512 4d1cfa478050c87ff0c7d0b17ab7c23fc6bc400214b121bc86fc217b7b8b764c8109bdb15a3790822295556a7d8706aaeb8ff642b24d2fbd582b2ede61a76a7f

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_kk.dll

MD5 6543ba7290488f5e3f68675a598255fb
SHA1 7359895f909776c5f14f6e5ed0fa11cd50853cd5
SHA256 df016969fc3ae57abbe8fa9f811364cd84612af0e819284b4d1acce981f6c21e
SHA512 90f376c59d67d89bcd646895209c0fca92866f9866e1cee7a51745077ad05f730cea2624837baf1e5ba92365ff46955ece98938849b87ed7f89a92897949d0f1

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ja.dll

MD5 dd5aa26cf2d67f50540da8e552f792a7
SHA1 0b14b06a2beb63fde2c1bc86c49a5117287de2c7
SHA256 b11af70867ab588c412cb5d5cc36ec888e74a50f508eb31a28db559aa00f8a35
SHA512 9bc1d7965a66ddbe7dc3fefbf2eb445a0857f83a28b2b3e120de80b03b51e87e6acd20569f2b002bb7adc41cbfe147572306094d83c8ffceb44f7a8417d89e0b

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_iw.dll

MD5 973e14a5557248bdc2cd3a5fa3540a77
SHA1 66818135e202fc53711053ceba04ecc8b9b28506
SHA256 0af05d8af74609c9436ed0dcd3df52f7ef3dea8b786c85376c57c0cf128b3045
SHA512 e8c271f52fee4f249c27c4c344b5ecbab796227aabeb36b0b7a7d82d5463bcaa707b1f8ea47b863f2d87b35fe9b361ae2e2b7d1c16a4eed0ce0d530e1e34b26a

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_it.dll

MD5 258b52e60a1e353b6117917154c7b24d
SHA1 c109ef8d1382991b02fe953679bf3fed063e9e82
SHA256 2362d8f1e8f2c92e43659d73052f2a43dabf95121f852d6d04471710f2c7109c
SHA512 fdaf605922e728f87d7d916f75a83f78f4549dbb35f9d2e7717d369cd658075655a1b903e705b5cb609880033c080e4b3135902fcaba7a8a96c2904f05d53164

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_id.dll

MD5 17162657113e9d8d7c1763bfc0ec991d
SHA1 f2507d9d1516bbcfbe408186894474c592f141a3
SHA256 60d759405a83ec4bb64144ed61b0e9a704bfb3b74e8f956277df71a38b19fc9e
SHA512 450e90b4c8ee384994cd6f56677dcacff258eb12442af3fea3a977d7d00b943a1b1f6b12769d4a02aeadc4f4c3b82a06cf8a667ce6691ace5d479d1261a1a629

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_hu.dll

MD5 6b201af2eae546c9b638e38cabd9676d
SHA1 626b2029d573f371dbeb7b7878779383adc6253d
SHA256 c849d765c73a969ac10acff6195edd9339054b93a15152e5d1eb1fd1b5017b06
SHA512 1c35c169cf16a37a5537d0911af7da64ce9a0f999e76464f3410ebb224b9e65bc71deaa253e549b196c52409127b55cbb2e4a39bf9731b3ee76dae560b74fc2c

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_km.dll

MD5 4d101ce3ce6be285845e8f8bae548097
SHA1 195f314bcbee9cc373136334b5089e855e71286c
SHA256 3f11a2020839f5993e6e3cb9b5e7c5c659753cfa49257d3ebc015da6a8ead94a
SHA512 c31214e9aacfe7056be1f7ca6399270e644acef060d208d805b59bc6635772592ae166b06d038e2eb74218c451ef0fdbb09dc7e2ef6d23b751cbd6ae935cdf6d

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_kok.dll

MD5 735d775e6772b5072227a3efc91d6f5d
SHA1 b302aecc725b87d3b0402be8d5b30c35084f2d81
SHA256 11c257e800ef3021c2d6147999f5192b28e48a0ff9d486be5e47c181744c15a1
SHA512 8dcd0e07b90ceb6d6f39af9077bd85eba46506791491eda63b05471a7f984c2d1b67cc1335f788682ade2124b32e8b5b436bf717f6b5e2de8276dddbdab3fd34

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ko.dll

MD5 e73046fc5427ed78ca02c7f50136efdc
SHA1 df58d20768edc25637ad8fa38f71d25a86633725
SHA256 49e0f43057c404a4ff5a2bc306f70c3728412b887e07870cdfd1f6eb3836ee88
SHA512 fce94d5a6b8f99a5af8f30314a0a7a5a3a557fefc630b907e5266c9f397bf6dd1a8211fa9d6535f75a0db7016ae20a3b295c4780383516d7a234225b798be584

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_hi.dll

MD5 4e8b170283c3f3d182eca7ce97e71a08
SHA1 93d86d961014b12c1a376effb3c568318db1ecc6
SHA256 0eb7739ad2863ccc13fa5cdb805189634728a7613918cd54bfe53a06d9c26cf9
SHA512 76a384ede88986c03e659c61e5409446bb472fa50c2e2e6f6e907f74e675ef0c5e932d950733ee6dc0c167881bc948d7ba9771bb77f31db3fb540277afb829fc

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_gl.dll

MD5 2dcb17e8da6ed1a62a53029940592cbc
SHA1 b12941091cd1a554cd23d38dffbf75ec8ff57848
SHA256 a6770040c2f93ffc5c542dcdb1e7ea529d6036920957a9709153d80d360b178d
SHA512 0c82b39c7128d81739f64346948784c60d2cc409b637d5ca79825ef12766c10861ac3c119a5f232b12f52e50d3ba6818532968c75fbf455e75bd3be83c931f10

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_gd.dll

MD5 2e88f4aec46a293b3ec9bca2d7d2fe73
SHA1 ba34b9635832b2704942d7cd8578c8d70f0ffd2e
SHA256 f7278ba46204bfa387eff0e72fb2a8dd32ccea154fb268a8c39b03ad5334cf38
SHA512 b7f655cdaa3a34a8e0e00186cc49986cf283785a133af87ae47c3a3614f0d15d5b51b4091ff33bd0fc445815665edd37d378a9665d3831d2281b0bf6cc933c87

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_fr-CA.dll

MD5 9fea64a22d045d8edc38a9b8480a9c12
SHA1 e3342e26166a43a21729b8aadeca653c03dc0528
SHA256 2f324851f0ccd101884b78fe1eb07c2da2932a68015eb8cfb4c801e288c8771b
SHA512 a3601640cf961c88efa476125a71786a109d23355922eda45b5be8824ccce650d703546c5c8c281308dce208edabbeea5cbc3b44ed678d9d36970c4e5f236c0f

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_fa.dll

MD5 6ba182cbb744541288629a2464ba99e6
SHA1 366751e425128654514dc82112238a7d6f4c9908
SHA256 cca362dd297b8d8e20893cf4da8cf9efc9848f97a04a9d69cabff67ae947607d
SHA512 ab3da91d7ab7150100b580d7b25a5fe9cea67affb1c4ac9e479b70e2d17ebb14a0745bf62ffb3792b8ce4cbea130cbd0012053a5dba7930252e2c09b763ea658

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_fi.dll

MD5 e7a774a7b404ab800efbdf7ea52e7ead
SHA1 3f0476821281614b9ee32faa5c534de5f6dc21f9
SHA256 1e1f09beed91a6a84535a1cf2b4df5e416cbbf785546f798d736009e31f95691
SHA512 85091f8bf809e88e248f4a899682f15586a083d1bb94cb5674da0e463716fa927ebef578519b653ac4ced381f98c4cf7a409c1ed52927dcf7fce4813008ce900

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 e0d2675c6de1b8d4e5e463246529a304
SHA1 132dace535b9cdc7a4e5f6137407d5becb23c4c6
SHA256 4af082aa0193b9b15622eba1f6165d0b6032b4dab17ba16a8a9affb267ebec34
SHA512 afafc1ca5abc636066ee98a6c68356d68f506fe3734a4b3e68073eed1f2ddc51840464e91d3cd3b28648fcc26b9457ef6484100f9543739220ad75a9eecb1e90

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_ca.dll

MD5 bfac1c3869df5375aedb24458cf321b7
SHA1 848232c155c7dca65f6cb22d27a72f2c78e964d8
SHA256 a9f5cf25b9512e1d30ecb769a5eeb694888b72b7f05b78c417814802c5aedbd7
SHA512 732270e8e8036f8ec59c214ca3804c6c67420bcf5fd633347c764f90b06b25fd73a0c7aa75ec42461ae3d3570fbfec5c5a7eee10e8d494b805b7c7e0d4aa227e

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_bs.dll

MD5 327e92c7a55ec996ce09dfcf8c89e753
SHA1 2a51c99519257ddebf0d8280d46e0c0fd416e7a5
SHA256 2b61608a7aca43b7ea4374b79acc6e15deb382eef0fa8751c8e57e03e061cab0
SHA512 ac3ca0f66b899759f0d23ba64ff291486edb1e1d3bb626ad3efe3e3a6fd2aa4081411546e4849ff1645dcd26161f35defbd8442278e6d6f66311780c60474296

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_bn-IN.dll

MD5 6aab6d42c7b7a90523a3272ad3916096
SHA1 cc638bd6ec6478734b243de2daa4a80f03f37564
SHA256 67180722f255985e849ec3ab313dcdc0bf2834bad7b6163a0b14587fdf4b4c66
SHA512 ebc17e0ef86b8e5bb938040ad78b299e33d1228c730666526aab27e464626b71ea900cb6dbe074bda5e42e77cd569b083637e233d757b8b0bdee2df2e0c509f2

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_az.dll

MD5 e47db9afb646fb31cc8650837f487134
SHA1 f304204c908ea1fe2bcaf76040d5d1f13f1e99e0
SHA256 4e03ed7a538793fdcd4c646c62ddd278c46911099e6485bb2644a17ad3a8ecf6
SHA512 b2b01c86c78ec3450635c0fdef9666ce302600956e8def3bb02d205ba2a11b3d422520a64361c6f666998bd82b5557ec96cbcaba9e1b712c756e75128c8f9bc0

C:\Program Files (x86)\Microsoft\Temp\EUBA57.tmp\msedgeupdateres_as.dll

MD5 8a54873d54a41442b62f9fea9492d3a6
SHA1 fb19af151b15f4bdb7a555924f1835b0337ff1d7
SHA256 af9bdd050b27b8883f72e3596179fe244a6a2e3545950c82889aac7198cf3c32
SHA512 7cc0a578586853afd027264c3898cb1460b23a47eab9c79e064b9f327fbdee6e3f9bc7043a5a76a710ada05edae4ac0b47529be3ae67ca9b5afaaa16151797c7

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 ffe7d7106035f3ff5e940035452c89ee
SHA1 6923f8b97735f4f53c7e17d4642ed9aebd8de085
SHA256 ee8fbe2038000e77c569a71be5fdb9e3fec9ac4369d9c68fee1cdbe23a7e7783
SHA512 325c87a937441410a39982d0ffc842210484222d1f06ee5e803b9c3c354973ccac8cec4e6d251beb1558ba6351e34c3aae2cdf717257ec3398cd58d91ddead4c

memory/1456-187-0x0000000000810000-0x0000000000845000-memory.dmp

memory/1456-188-0x0000000074E80000-0x00000000750A6000-memory.dmp

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 4822d9b82349a92e8bbae52c587f6d12
SHA1 a7a99066464f366a807dcd288e7135b8976af748
SHA256 96ba538904ccc845c165f184d044b4ae145d5e41bfcce347899ee08e853e7c0f
SHA512 3e039c3e4b23b04eb1b2d3a313b963979c680336918a8448fb08197fc3d6b554dc752ced8484f3eca264397058a12abbad4374f36cd1b2b40a80c2da80e0d6d6

memory/1456-215-0x0000000074E80000-0x00000000750A6000-memory.dmp

memory/1456-241-0x0000000000810000-0x0000000000845000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State~RFe593bb7.TMP

MD5 67dd3515572fecd27bc15e1c04d457c5
SHA1 ef36051d3ef4c65f02244114566845134f48f048
SHA256 daa49431fed6654dcbe05a9ec8d3dd9df63d4036f77552c0357d515909b9c887
SHA512 5ceef8d689eed926b8d613a5dc6ff69156e65ef43c8c81d431b3aab1e3bb1ed120345b38e7f19510bcbcb6375a1853ded3f981af4d6036eeb1cffb1a0a40fe62

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 1408b444919cad2656365a310b5db454
SHA1 f7439e18f01cd779c45ced687ff4f5d914d95309
SHA256 1bba37d35122e172f6e5125882628273268ab7294c9b577e619f7eb5d60beda9
SHA512 42bbdd3390e98318471a93632feef3ba0ca89248f54187d91541d5e0d6ff20419d330c17e3dd0c00aacf31d0c0a6a4a1014d7003e7a856b12691db3bfdc3004c

memory/1152-261-0x00007FF89B380000-0x00007FF89B381000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 bc2ba8229f1bff81fd3d8ede658af2ba
SHA1 2fefb356daef8d43e2aefadfea8a42a7201b97ff
SHA256 58e96596ade3c1066df714f38274626996f99d4eaf8d481e9b07a5f69a8d9268
SHA512 d36de013d9cdb1cfa689e7fd12957e3a548ff906f9aea776e00b5658e6cb42919150ea649f3d6e3a2b5d697beaef6c5e43ec5960de85a56e275a9a3eb2b0c7e1

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad\settings.dat

MD5 e316e98261745d363bcd7d42fa4a4aca
SHA1 973edc3b738603fa304d11684ca92476d471fc9c
SHA256 b49da8d0ea991f7e52a0f52cc5a9e342f5de1b0cd7a9d094ef286d71843a1f5c
SHA512 cf0bbea1e37d24e079b7ee41273cd08ec4b62b67b7a4baec6a1feada06f9037a34dc36a40530df36c1b6628f038622a5dc341036d1dd9083fb4114007ee8dc47

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 f17272e43795b206b146ea85fcfd98d3
SHA1 75cd2e0831faa62cf91103930d765b9403f27769
SHA256 6fcb3b9ae6680c593ad9b9ae36bd437e898d6a52ead701aa6bf6f7a604734847
SHA512 1803a822ed55f25bd5c5c1aa1b572fdf021715bda677e79a29665f76df5919a0c55199e7d0c853fd2fbd3a838853c1ac46a52fed0d7dc4340a72f80f8366db08

memory/4664-320-0x00007FF89AD40000-0x00007FF89AD41000-memory.dmp

memory/4664-319-0x00007FF89B6A0000-0x00007FF89B6A1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/4560-321-0x00007FF89B380000-0x00007FF89B381000-memory.dmp

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json.tmp

MD5 68799524a2f65a2645953fc116c735ec
SHA1 211d002c3eb4c7a5dbe096b626c3abfdabc242c6
SHA256 49eb4071eb2c4b7dd68be35af748466a520ddf1fa2fac49057034a9fe77ad0b0
SHA512 7a5e85f97abb3d34d839a4dbf01ffd54c2ead794debcbd723610ca759c25c2bab72fcd711f80ee6d3b4a46bc93e975b034bed79f038b5f42d817cec2ef67ea1e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\eb527089-1804-484b-b6c5-5e026af16e8d

MD5 f88af21cfd0d6cef715c44a03412a790
SHA1 29528d2fcee54dd1601909a5d7400a127c7366b6
SHA256 ddd9a574739017618cb8051ce184b45fff5b5b9009ce941f76e76b484db01778
SHA512 aa9254c65c89f055cb811df1f226ba7ba73b81f13a5716536edc69465545578a8dd8e26cca4de8d10d1f136baa123501ad32b3fc880599902ccf93614aff059d

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 dddcb3ba1058078e969b4e90922e0763
SHA1 d4f9d02eea6f5e87224092822b01696f7f42abf7
SHA256 1b11e25f18703bcdefa01c6f5df5fcbc421a06309f056a8565a01e077f5eee8e
SHA512 872de62e4ea2327d710a7246c4cff0d3faba6db5fac162e869e61925809b51482e443e362845cd7a87bb6647e141b625b794b5efab0071658d4ebd8593aec4bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\991fa7ee-53f2-4c0c-b74e-bb29a0c55acc

MD5 a66938697c5024211faf0b76502f5edc
SHA1 64d30246bed24a4523cc2910633546b48a9fc32b
SHA256 f3cdb682b64349acddc6747b8c43d61f7e6c47426238e0519ce2b5ed3e5d97e1
SHA512 a3d38c3c13ab08d3a600a99b84e2366eced8a4c29faaf03870732ff1cfbda2ab020c22589f2a21868acefcffba7911de215ffa0ef3f5ea9dbd58de6f6eafa381

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\ddbf9061-f95d-4110-bdaa-ad778ebf22b3

MD5 54a508868b2817a00b66c65d87f83091
SHA1 113d695a8a27c2662f0b773d1c1eb71b441ddb19
SHA256 d2abf8881675f027225fe9b1364c63f8fef347ebff019d00c8c6ef3d3628cf72
SHA512 0fe8008f593c1d06e45629e8547e336e6c26110ceb70daca3434e7afeb5c8efbbbce3fcf8ec81c6efdeb1be4707f539493a9f6b39b03e2723fd8f8054c88ee98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 fb628c2c4bbbf146a411a9ef8bc030c8
SHA1 dc673fdcf214ce42926710ef9ff4fa844324841b
SHA256 a02aa5e486bab8a2e3601192e98c034372b7cbf63a4502690155e466730cb32b
SHA512 ae04a301a1e562328c71d23373e629f83045f5ba35de48249be981977d8caf2b231f2336925eb416fc987789b03c4f0b6c01d857c2aa3b7e054378a84304f47c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs.js

MD5 89337885e74bcff703c5311e57574221
SHA1 19868586f6c9f3f6b6f6d9f0a41b9ce96e7ad734
SHA256 091d307c24daf557969d8d2da13da195c6f0b1bae56d6aef3d4f546b93751784
SHA512 28951422cb19d879e15218f10b8972930d6f67053818666bfe035016efc2176de5a56fe48ea9c71b4eb2428435d03c7e00378cecae8928c78a3292cf999af591

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 13b0f01341cc6005617718b908ba71fc
SHA1 67a643d5f5310e7841ca1a15eb6f2bff076b2a81
SHA256 2058558aa43d949e2647c3c79dd6bee6ede95f1a93f9b6ea42d49243158c5ce8
SHA512 ae37aef5eefbd4622089e7f9d3ca5d7475152b26e83fb68ea64292b2dd5eb41781d793233defa6e90dc30d1dace17c7300bc17ed88b151cfa6356541c0063821

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

MD5 4a9ff69436947848d46eafb560b15b56
SHA1 dfc9b3dd9d34ed3d7e916b737f267679641a8c16
SHA256 bcb5b754f91724f5b901a546e95e25488b269bb98dc4673039f1fd7a23a926a7
SHA512 c5434e48911ce75d8583f2303b48ceac7c08410821d3c5da657b60a3609c47cb6400d6dc9a2252910326ee76ba71cec8fdb8474ab6e4326b70e9c9f4e0c09d10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

MD5 3d7fbaaf0786bc47cd352449e240f3ae
SHA1 7ea207afea05d4d619b4dfd8938fb69378dd291e
SHA256 07a020c8e803a9c561625453678347e185d7c21cec7cf04b685ce4a4a4b6435a
SHA512 054ab355966727dd5ccf3c3778133d7a3bd4e1e1e15d99b552e4cf4475efabc59d3677abda465cd618d8789b062cb9a3cf43a82f8c043b3b6d696457655998c8

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 bc74aef72dc1c97c6397a6e2981d6e44
SHA1 bc0fee72bc91a5f95e8523927f03a98087860530
SHA256 b56affcd5823c84a4c742e398990ab94877d431fbdcae35121a2ba40093e9b11
SHA512 2ab2f92cfd93a9641bf0d742142dc989899e36f11c3f78d7abaa21cd46aa5386f5b846c1cb83fd3ee8aa7e939c10ed6aabc7a62072b3475d9d9a7f0167615304

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\2f463bda-36a4-4f0a-9328-c7f8e87d9be0.tmp

MD5 08fc6a5586fa8cd1da07fc37a910dd4b
SHA1 5176bd37dba0b5512ba99ff9722a04cc2a90e690
SHA256 27b97e5b342e74d2d3f2eb16391133a5ea9e13623baf2b6c8216dcae18feb59c
SHA512 446b25da69e0c68130ecba65f1bda9a34c1969a536871ce15dba757a11a5722b00401203660eebe636c9bb2ff0d7e1565ac7754007c12214683f94965eb667fc

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 02b7851a09e8fad5c096512aadb99343
SHA1 a7652471fdab0a616860688ce3e82e74058347c3
SHA256 6ed3a84d42589292ebe271819c229b9e56a7d13a628953258f96a718d857d718
SHA512 9f47ddf8e35a79b56a29da06476b5ac26b196edee505f29976a9d3977324eeb9098603d0f7b9c6d5c21c418d3504382368794d6526f16917888cadd28321eaef

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe59a31c.TMP

MD5 6228300a1c1e7b0a2bc7f8c82e8d94c4
SHA1 8ce317cb57df8ebcc2281d163ffa90a8e9b0cd3e
SHA256 6c9b5e32a0cb7325b7420e5015bd9e4c74ec285e759f2e9e47b10b460912d99e
SHA512 76ea32245a3c23c9583a7fa756cc80ce162ef2ed5abdf9d407a5c012bddf4cc4c0e924367563743ce15fb6cb662f61dd4f6e636d85e29be0b93c23427e68cb57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 8e0693716dbf79be9c89179e165d78d3
SHA1 d1359866966f8620ee05cbdfbc054920b327f567
SHA256 4e6a89449a1d8da9aff53c601b9850387b8059171472cf12cf5f1628a183d240
SHA512 98064e72c6cd9f343ab853eb50f11749312104a0fb76176ca063a406169636e09a8d46298974dc75e30d61f3476471585604633b519cfa8deda207ba75c69b90

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\BC3B0B6320041CD98FA853BE18DE4077F7EB3B67

MD5 e366a9b18c13f5f0ab423296bc2c8ba8
SHA1 54722508f0677dfd4fab1fd859c8ebbd5906bc4c
SHA256 d8ae970beedef2eb6564225f30da93097990b18676415bcdde9479437f058fe1
SHA512 0309fe6b3a8be95e4ea264e30f99caebbbbde74a9db243034d47b17803d0c702202dffc63f56940eb8a64d273e18bed539bb0c34c2a92287a56d5c4e13f8def4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 e8d323d4cfa2255e2e60f7cb95f67f29
SHA1 d65e910dfa83dce20287c0e490e4fe9de0395a22
SHA256 2bcf060b98e66c822db05b01d00d72d4ec2f050e3f491e2a741f620f89780104
SHA512 3abf3147968d7e6bb8a07b0abd34abe4b16cd38213b76b32c9e14d43c91fc47377987386e8a7b80ffebbc1635ad32091d701c386dbc0ab9dd9a7ed2fb7ca9905

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

MD5 d4c005b66c3c3ebd815dc88e12871ab1
SHA1 66508bedf1b1bdd1796b2e73b1c9f7c75eefc248
SHA256 0fd51348efb30cff158a9c5daccf59f17890cf7c67c8064b49603b1c28cf1a49
SHA512 e286d7dc40cba7927d795169c5f2564c94a998cfb3fbd05bd0277cee0e48408b82ebb3abc16e66b97119bf2e9ac7344206b27d7b3cbbeaf1bec3f9aca7b6c9c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\3681DE6CF4C74C0B0E917662C23300D474070D04

MD5 34d2c32079d95477b902022d20144a00
SHA1 2e80386bb79f840b41ed2d47f3da2e77361a7dcf
SHA256 4ef74407d84bc69685df29ae07fb755453c952d52ac2b24cc4ed6dc9effbc5d3
SHA512 8e7c394497cb3f8404d8c106e849c065f790aab24a73da2530ab413a484540b4aae1f62185d054563f2a965067fef59be375e79abd989dd2a2ea895234b73e1a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

MD5 844d82156fe15417ee4472fa7cd090c4
SHA1 0b7c5d7404de50edc0396eef786d0f738c6f7493
SHA256 bbc90deac82cb5baa38e8421c20b8076be6747e03ca4ecb4e15aeee42df04945
SHA512 ded8ff629586f51d0b6d4cf85e30f73757a404b85ce84d8e0a5a30c80876fd450740b97e429eb36624fa4f4797cbfb33378ba51eee7552b1020524c345463338

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json

MD5 8ba18c696f1133b59b118fc8782e76d8
SHA1 753b30999b62396520258e83315f5331a3279667
SHA256 efb5c50762266de6be195bf5f9c1dfdcd8d3098fb8836df60d26fd8cdd585977
SHA512 704b76485df8976e56798efc84d0a70e7026ec622e6c0c9b8855a0da594b1876269a333322c5a085fcc9565dcd607d2321ea8c6e8aab8ef6443792230a3595d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\434ab19e-36c7-4133-9ab2-b22c8ce53f07

MD5 8a92e877be0d1ea4f2e8a03dbf37785d
SHA1 964ceba61d4221e15bf2ac779276b740740d3be2
SHA256 70c05873d4d879c0c98b50f18c69c885613638a10308e8d7116b5311bdb164f7
SHA512 3da3199e41948011c795a1da48173be1b9b147186af735dd787a76aa873b0d59ba83dce3e7d073e6fb5d2ac7e8f093b8db3a29f9eb393182e4cbdb09e6e6f9e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\fb5adbea-6826-4b66-a472-c9b000cea30c

MD5 dd7e0f8f0f23f216ef5f33ab1a413721
SHA1 724c2eaedb4af76112ecb5a570695777f1970402
SHA256 eb04e66adc5732cc8bea047ed8418fddb1e9e709e028a4c7fa8a0a2ea709bd39
SHA512 ec933aa9b1a8c988ff3ed294ec2ca701818ee90fff3d3476240110e02408c0d59ddf2aa584fe7ad535fbf0f440ce551e2e37c75026e5ce2041a990a2c65367fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\3e3f23fd-a05e-45b9-aa65-b003fb392d11

MD5 a73af6e5468868a7d48f3a5c43896403
SHA1 e59d820a15db0b1c946db6bf37196e7c5c55d478
SHA256 0a7a1144ff84f809353f55d0e6375b7e94dac14929b400ca6485b1427a5f5230
SHA512 8114ef9b33b9f5da641456417f930f658e23fc4a380265cef8fdc416276f8045a1b6d7b8c5fc9c408377d7565210da9b4b8e667c72577e28965c4f88e31e4057

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 318acb5999af0b790300b9617ef5430c
SHA1 8efe8f6eb9ce3407340c8726fe3d150e2db71360
SHA256 a8e4a5ddef22ad75991c219ea8f53101a62a36af0a70ba29700ddb4565efe70f
SHA512 798defe2641cce2dca51ac6ded6662c93e075bb2436d531ebd9b8c97519fca74f50c0539179a4652436174afebe88bc71f764a907bfcaf6d4ada5b5cf6ba7a39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 fe2025e94fa4395944c9ffee19b188d1
SHA1 7f2cc23a395d63087ecf8253c4baf04606801a38
SHA256 7a430fccbec7d4516e7877b047d1536d681280d25fdeb9a70eb3ce043ecbc14d
SHA512 2c7f3c40050bce97dde50ad813cf35e56eb1506dc0cdd84e6c3d50d2587846146b7afef4dc3efe1820b7baec6d806f41abe187d655073e11ac1872f89485b5b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

MD5 1f3ec158e281504465ffcaeab04bd315
SHA1 2a0238fb7042f39468114281d533f4c23ad20264
SHA256 db802671c8211f30c77563040ead72202595859dcd4eb448640546724232c7ab
SHA512 8d7c48a172d51ba4ad1848cb5505e0a04ca71ad1475fff0348dcef5002eb579543cbee8616ef2ae96ef660030a477fd47e236b84a3a7c66bbdc23bb84b0078cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\startupCache\webext.sc.lz4

MD5 e90868fe46b84f71d194375b09986ceb
SHA1 c4f9aeb20444d76f07b3a4d0bffe5fa7b99f5fe1
SHA256 8daa50ba36fe51f06d1aadca29aa0ad27dfe575c2c7c5175e4044689b99ee190
SHA512 2f18b04e808446ab59ce04395a86ab366d3a4d835b6a178aee5cdc09e60438e151c79b3fdd2ccdb7589ca4e4636c306fd6e0b0741c83e291e49f9686a8d61b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

MD5 4f3a7fa25b26279d9544188892b24cd0
SHA1 729b2cd650ab91866fe5a158e7982e0d2719fa1a
SHA256 6d7f632e298bde461210f860278fcfb6610558bf3ecc0c0690815955738ef119
SHA512 da963bca1ad5870bae0bcd833ad29d9dde64979eef27c5a614d16f53fa3ca4fabbbdb45288a8a7059878b5360e4f0b8e7837f1e0fe3016eb2db6ace5b2697c6f

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\Network Persistent State

MD5 1c2466c938d165410902ec67df43c3ea
SHA1 efcc8116504db8a18077eed1a977745d41aefd28
SHA256 2d5fc251cc5fcac6702cc6a387ed3ebc393cfa066dabca4286282eb055d60389
SHA512 79c1b48f2911d5a88a154da8081d95b36a3c6698dab4dfee53f35074cbc06d3015b0d191ce717b7897fb689e99272fb58292fb05d8c110abb4bf77c494d1fc1a

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\Network Persistent State~RFe5a4f4a.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 22e3aca4d5ce500de70e0344a75263f0
SHA1 219acacde426f06966aa4d5d322df2486a8fa35d
SHA256 a99f86912912494b1650902f749006d11470802b6302c8cd657a327112f4debb
SHA512 450a35268d75cebe9ea8c6194d101042f9483509104ecbae7020895363f43f78497d80bdcbcbcf81a58deddb387f83aae5577c8657648f00af7fca4c382d3d66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 e00ea2660ad0ab675450571a169e206e
SHA1 a59808e5ff3e042090e72b8518098904036a1b0a
SHA256 3c4bd7f23aca637139d907ce9905dd9d131f5c956930687732fa9931cd507f02
SHA512 fbc7385779d947afd9327677d322dda74d186444e068b3cdd6321e453f0854b94d28876ca29b9fbe92c5510cb7ccc9996f28f06d0006178f60c93fdac06e147c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 b791acdc932518468972bbead15d453b
SHA1 1a3c3775a28a6b6e1b08d47ada48d4e396c4c3e2
SHA256 59473567cae1b6516e2e8e699a1e85a124e796b68182aeaab6cfc8331c48b67f
SHA512 7be3e8e4d7bd703257dbde8996bd262d0442e9b79221cb30c92cbe885c08d92d344c321c1f9693c30527e42ada088a08e0ca0fec3817a8260aaca4a0aa8ebe0b

C:\Users\Admin\AppData\Local\Temp\tmp-u7s.xpi

MD5 e33f7553978d8cace243f32743f669fc
SHA1 2412ae3ca2851a2f83edea2a212343059111349f
SHA256 2461da58bb977204aeb2ed185919e5a9b2c417de0d7c5ad69b2b2196d313d0f1
SHA512 bd9756b57692c93ee3d2f8d9a16e67f18c2d2543a59780bc76169943350ddbd484697b90874998c8c8fd656fa73fd3705c978acad941696b3270d6b081573406

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 81913c88e9b4cf0f296ebd622811d05c
SHA1 487d32dce48b2eb93718e241d49d38b72ef1fdca
SHA256 9e99d3f005bb8b4650056f1fda80efd781ff3c5eb83a8d734c72429a177f9494
SHA512 e776a5aff12b370b57e964bbc8bcf688cf8b7a1fb5deee7031ee62108edc18148b314db0670ba7bf495813bfbab19675a0d9a761eff90857e75c925cb1ae46f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\extensions.json

MD5 b358c3b2ef42818c394fcf6071007301
SHA1 da148bfc48dfbe52900b48ea9bbc56c036582d64
SHA256 4d1dca5a15704d228b0989a018453c7faef75a29b43c65523dec515cef0c0c2f
SHA512 03bf69625390b76616e583cd8584c8eddc2ab996f480dd78b9ef3fc9444729c5d98822bb12991bc82cd1b57d4a08aaff04b8ea233696230c99d29b2657ff34f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 a5b7583cc9486ae3f00d9f3a406cd4da
SHA1 874c657a71cf5e7d6a1560481977dfd836382d35
SHA256 bf30e82506db7edab0a973a6fa37aeff2ed945f8a2175038afc5810d2e35d772
SHA512 ed8a0fc59f7298501fc970ae49b5043f6c05f44537b492f05207f5404dcf22d858ca09b618861bcd61c0d9f0281d53d6a99a04d7f5baa7e3bf39a87b80f0bac4

memory/3872-2049-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2051-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2050-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2058-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2061-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2060-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2059-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2057-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2056-0x00000255D7180000-0x00000255D7181000-memory.dmp

memory/3872-2055-0x00000255D7180000-0x00000255D7181000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\moz-extension+++7800b7aa-b7be-46a0-bddd-8707d7ca258b^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 774e3d7e86253a0174002911541b1b16
SHA1 5be6a6c1bdaf716f585f89e86e05aafb67ba54ef
SHA256 2cb7e59a889d0dcf1bbf4cc1448e60e59c28faac9497fb9e8808368ca5473f22
SHA512 3c8a422a65cf9f04d3cb8c75de140db6f760a009f032169b606ed40b7af1dfc74f00d6ff1a8138b29b6aa05381ec19ffb90c4f8e47f3c8eb4033ee7b2ea8ad08

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-bn.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-mr.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4268_1147277924\hyph-nn.hyb

MD5 f2d8fe158d5361fc1d4b794a7255835a
SHA1 6c8744fa70651f629ed887cb76b6bc1bed304af9
SHA256 5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809
SHA512 946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 4aea1dd9d3c9cbba2b8456ea23f88b48
SHA1 9695f05e75f1e93762f5d96b289cfbcff984badd
SHA256 9279d4682667c90359418cd8b6c5b9a4c5215a47bfdd09871b313b4ac2073bb3
SHA512 7902bccc550feb3ccd056a3e14ed555e47c1d7fa8cdb1bd76c3640c5a3e9a12eb7603e0ac488adf68dbf9bffeab8b316c436f7e7defa6da8bf4044a560c38521

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 2199911aa0192cb9371e231121363101
SHA1 1a6c02ccff216d2256d76b642af215bebd41aa1e
SHA256 e79d71e7c30dd5d52f521a7839451d12bc9214dc8cdedefa166587505901cead
SHA512 805f937521224f3360dd2537481d1d1c60d75ac3f516bfe4e004e65f699af28543367535ded3cf6b407f00b998d33489d73c928b47fba23923900bd6dde21564

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json.tmp

MD5 648ea624280e409ac3a7f120b5e9000e
SHA1 168bd9dd85eb0603e0db6bef23a0df64f916bf83
SHA256 ea208bf36fe4e150165db9ff5972004c6f468114058d6dbe5d0350f85e8fc08a
SHA512 49520e85cd86cdb0b9fcefecaabc99ba3915ed5ce0b622ffe752de94df6d1fbf3f2fbae13ee18397b32477aadfb23280e42be6f92ec1c74feb4f246c60eb7e32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\places.sqlite

MD5 3502d1e6e1a85abf73670f08049cc3c1
SHA1 4fe42ccda950f607c657c1af7a896665aaf7f385
SHA256 0ccd9d768527af7258a02847148359eb2f0be8b142635a28ac84b50b56da972b
SHA512 951ed3af5e34499c7e26faf7d31eca47de00420e1091300df71ef1e10177f496e5df5f870edfac83a0050e641919fae98ae500bd44ca4b547563a2892bca7a40

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e7aabb09-92cd-42bb-b2d2-8769311b8e41

MD5 ed56a418e793eef10f38c9ecc4c77411
SHA1 b51130a95a5c758d5bbc16585ed0b379071c3bc3
SHA256 22d60ce587d8c41fa3918fc01779f4dd458ac37cb78396b533beee818df269b9
SHA512 1b6ffc83b0fdd30bdd8a1c5551b04b67e67de856d44782b5ab9390060b4505a36b5dec08a1b1fedcb502b95c71d4ea45f310bbd604ce9e152d3e32e77f8f2c5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 6ffa309374a66facaecc75869f603a1c
SHA1 cca9d1b47ceccb4cae2e1304e45a72a252e6fcc6
SHA256 260ee70287bfa2dedb15777574ec886de46be9d1abdc0b27b9af3dff5405bd4f
SHA512 12cf30dd9ded970ee7da5caf5ec7dd4bed9bb5eeb65eb2b75fc28c858dc2db3896259343170064d8818adcd52eaa512cf8440e964a7b1fa59ae3a18578188196

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 e3d5d866524e9f9c9557372408fa9321
SHA1 96984352d05c2b4bd418c18a70be06229ddb2de8
SHA256 c7eb45cf6c43f104eb040d19d1b30f768dc8481db4bbb47736cc3bb1fc559124
SHA512 8babae92a24c3efab21ae5f24765bce2e9ecaa2aabdbc6493615811ea631ff14f331c46390adf70f073df9dafa37eacf9c13ae9cdd8e4ba27a81cef416ba1ce4

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

MD5 aa403a9ffe8dde7b01302465f9d12119
SHA1 d744814b2d677557d3053c946469c72b696ad51c
SHA256 d62b32ae60c82b11fbe0f2ca786b5db7c61a1c6cfde08aaa97f245e6a9355ce4
SHA512 df54f0cd4becbe0a634d64540b902b0a3729cb3cf38b55f65b92f6ce99d2f3172d14821e0d226f02a800c7e4c6feaa3b28d3b3521143f005ffe0f85d6556a62b

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Preferences

MD5 309f5c30484bf10662fd95e8e714228e
SHA1 41d45422fc98e5213722374106275b13a7511cad
SHA256 6429f30e69015596663b0abd966c2d99495970d7d5a3da03716a2d69aa33e61f
SHA512 17d7429791904de08d32f4b54291ba0e536b6eee312e8869e490f234fa679f4d5b213e504993b658675520332fe1639dea31474d3186db5d56d0a01db2df952e

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\setup.exe

MD5 e8e8b726812f34db032aca8b97d8ae7f
SHA1 cfc2f7ddc42bcd55bc1de597dbd228faef9573c0
SHA256 46e9e7a54c7cb4b0f6f3eba955827af81cfd62bc7ba2b374c21ba7e802d820a7
SHA512 f26ae84b91c2f3cfb8b531c4ddcee86e3a95744d4d52162b54b055827952c78c3fcd138f1508babbab68c04b87138a74d9b81ae7ccc6919b2c4f482f71dc1d6d

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6AB83185-71A5-4296-AC2C-E2582729AA30}\EDGEMITMP_4E7E7.tmp\SETUP.EX_

MD5 7349ba3fd11e969251f9ce1f5daf8f78
SHA1 04e7417dc17a848b2fcfeaebb84e403a77ae9b1c
SHA256 bc16ba05ea264056790d6fe3ce3d253e7a601f4087ff1908d9cf2a936528c57b
SHA512 e1fb555ff9b641efafc9e0715af620f7f58b188f8340a64d9fce5270fafc67b709f2aa1b0989d8606bfce53ce94ed9ca6c5cdaa77dbe63055f29644ba736840c

C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State

MD5 6e3cbfdaaae5650af6ccdea474a163e2
SHA1 0fb75cda26bd884be995d3203eed735b9c9bc10c
SHA256 6f0d75f78580b313397d741398cf6ae26356b9e8fb436484a967dfd0f7875bd6
SHA512 1c14ce7e9764f31c7fdd780fcddf41d3336ee29fd840b19224f284904c17a0d92c7e533bb00469076d8e38eeb70efc19d56d60cc852cee3977c7f446433b2e5d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\qsml[1].xml

MD5 f30bf4bf4a728501d1e1d03f8291a3cd
SHA1 aa060cfd1a9d643e13831ba418288dc65434a4be
SHA256 522246d2fb679fcec650c81e2a6c3ed8bafe0baa7e18421a2acc8df6e94a51df
SHA512 e11e3a77a2208f14b18d8303bdcf694cf6daa86e36d4ad1ee14bd1ed7b12451ca448d078f20b6c6fec8eba47cc06aab781534a8440dd972136bbee9248fb183c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\qsml[1].xml

MD5 e477487c3a7de0554abb65b745f33854
SHA1 8ebeb7347e118d1df60d4ba02024a24efbc298c9
SHA256 3ac62937ce62b3df67fc1907ceeec7c4e72a2e98294db302d5621cadae7489c0
SHA512 cdff23a897bf1da46ac4bceab47cd95204df5659d2393fe7480ed81eab016ddeced205de09aef6cf69a73238a60bf4938d1a4fa8fd02ca1118b5f4e9ce4315f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\qsml[1].xml

MD5 077cd5a157d60c4637325f75a55548b7
SHA1 9c73d854254bfedf2daadc1757dd3015c81dfe7f
SHA256 45c4c94a937a41765296851e76357e1febde65ed1481b5d94bd613f8f26f4863
SHA512 5d9fcb0069ee045a955f054e63b4c4863c05e48a9936e8c5fcab6277c5db66fe36c5964ce75ef8702b7cc911df6666bbd03479266a966fe67173794a5b79680a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\Af-5ToHA_kFQaHdBY8VWJTjJO7w.gz[1].css

MD5 0c65fe9a2b009a7d994c3532dc3af337
SHA1 761dfa0486b0d436d73e17208ab3bf75fdf1d420
SHA256 cb2fa13e4d8dc381db2745c260a40414354d21838b48dac9935297f9297a0224
SHA512 0e05392b815b6e78c6b8951dfca8d4b58312bd72cb20d895677ab180467a51eb302827bb8f091287b205a10ab9f264ce31dc5c41a9a39b2aff212b4da7231180

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1IS1KN45\www.roblox[1].xml

MD5 5a9e7451d474c6cf8d3c70255d76df52
SHA1 34377a96fe7d075c3767e62594dd9b092c23d24e
SHA256 0caa6cf9fccdbbec2869a836fd62330f3ee13561c0bdc9915a184bf3f3a84fff
SHA512 34231ba45b1f417256c3f25fc5ba485268d5af6f6de732594f8b703c110539d1a898b61de13193dbca5353f510f96b01f151b8f170796ebd3d4c1a29ab538b9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1IS1KN45\www.roblox[1].xml

MD5 8967fe7bd429a5edd1428666ffc9d255
SHA1 e427dc4605cf507dfd15e6a15a95e7707e3104c5
SHA256 7cc35a2892453987c32b3b8274d6f46c8b3a61fe396aee318f3092693d5544e5
SHA512 9a5312efe0cf46db859ab7ab1dae5345d90f9a70babbe80c4a62d0e5f91f9bb811e7131ff52e0c3c604adf135f20624877f616307d8005ddc5ed15f911d800a9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\favicon[1].png

MD5 9e3fe8db4c9f34d785a3064c7123a480
SHA1 0f77f9aa982c19665c642fa9b56b9b20c44983b6
SHA256 4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9
SHA512 20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\bundleVerifier[1].js

MD5 d7a1a70f9f02d5bff967d368e52f1b9e
SHA1 f2643ba1539f784a2810d85757fb50eaebbd0108
SHA256 189e5be84e8c3cb747e0392b18f29a68362c321523e86bda2851a91fffe67858
SHA512 1f3558c1583177e04debe1d7cfeb3e3010630413e7e99fcf23a8e75c3a7223f9208fb09da5dc1c9a4269b15ba3bf278475f5ca8396640d3697480bb07dd4bfa3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\4b6b27d98e2c26f64ae53c2073ae9be982e055657a26519bbf962a21e0abec29[1].css

MD5 b734e11bc38a2a64e02e61d5756b0e89
SHA1 e402644db0efdaa4d6735049cddd4fde31dbc0d2
SHA256 88efbbdd1d0e9b21a3032c3c705a16a9f891e42a157637347f7b021c029d4e57
SHA512 aeb4ee831aee16b33169edceea61b5bd83a72ad87e88647e9cc24a740877cabda2e15e3fc49bea8fe55a598acfa44f7a663e38450eb026a51515df5f419e6ffd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\8fa43545250dfbd7d96d164fe24e886391fdccc9b87b0dc91ce78933aebcda43[1].css

MD5 2d9cdd35d81d6b3c1acce1caa6f7597d
SHA1 5d515877f0d44f1a03107d4a1b2bdda33a904c3b
SHA256 27804e7bc429cedf78dd5062c4bc27c17b72ef1a0e00d54addb85121b3e3a605
SHA512 c4c3e38ca39cf612452610445b83407f3a43aaf9156b5ca89602b9105a52d32ee166f5b2840b09d69fe956ed2b46a68b049db1c68e1c5473674117445c171dff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\d8d1cfe6a81efdc0eaa7a64ddeec42230944f4e6330e5eafafcda10cf9e5286a[1].css

MD5 e1a3a1181eb36bc3251d844d250a3760
SHA1 8600886c894327ac78c56160f38e8d6e9cd19f8f
SHA256 6506bcd31696ad2184defc292eb3205d76b817395eb1b881d0076328d42cb299
SHA512 1e41c5fe3fc8494c0fcfa8cf3842eb00b87d8074731deff471170317e3f8dd0389c56245c510eb5715337b1d7d5354cdc1fe8bbf910ab1ea3b0521002c5509f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\2c2a709240897ce382b7ff55be4347cd0994ab1e2d6ed3b56649e54b0e97e13a[1].css

MD5 e8f199f0cef481db4a12c2e1a3ef3fe3
SHA1 fa8533d7f01329a48afd6ed03b5eaf5558812a69
SHA256 de4d5f622b0d168175e83197607d670c2ce8e1f4f2653009a97bd55d6bc3b11a
SHA512 c165b6c00be0d358502d54ed5adc69826eb01ed751a0702dc62e7c207247d69a06c119f188ff55c58a68a44ac9a1505ee5711ca545b1fdd096aa04ceb8d36d84

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\12cb426f1649d8c5573f65f01b0e69618bd31ed9dbbf7be213d742200307601f[1].css

MD5 1d7df00e6aa8f868686006eb33190d20
SHA1 0d466747d72d75110b7cb7e199ab508b09001043
SHA256 d5b7e9e85546df883aeae5f0aa16c00229b600b73832d862abda014dbdf9addc
SHA512 b57fcf5e8079a26523d03994633fa874583b79388eae0231e82c0961bb0d8b96bbed9a753e01791febca48eb93e5843e71cab53c64a8f59dc42edd6ebedc0ac8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\08def520152a575438e73a81aa9a310c2415c327df7b624a24aa6e794d24dba3[1].css

MD5 23e12161d0fe06e8be36968b15bd225b
SHA1 3ac9909b4f8227a29981a008cd2809216ca04fe7
SHA256 7f20f213d19cf5d49883b2ac02c45b3738a0696e9f72a395710ef4b93e395ded
SHA512 661d0308e5c57ce02d8e46a8cca12b1dec9c81e0769c9265eb4c530b293a996f0862b4a28df36bc952569b3a14cd90ac1d154064fa2ec48b7d5d2f9f178964ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\9e359afacbf43adae364437d6c7671f1f7f616d62e584e5a03c08a3db28ac08b[1].css

MD5 dfdeae1fe6efcd7e3c6c9e0b34d2d511
SHA1 e80a7337225812324a0624816a144865106e6f5c
SHA256 eb6c5d84b92f156bc2c59d20205b345a3d8ca63f69bc5e72c10cebd05e961bd6
SHA512 14634f8088b4b4ae60f46d7c947a7408e4f0e4302094f4dd3b166c46ab6e99936d94fb96f6703268d4d3ed6ef7051bad78ecab9e0bfbe8fb89b10476a9598b40

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\4c3fec0ce872f94f2c2be18e6fd016e43fdc4ccecad591cdaa3a63116f512178[1].css

MD5 06d3bf8317cddebd3fd720ebec6e836a
SHA1 6861ab7e75966883bd499d9216c02317f1b0fbeb
SHA256 93c540813e4c1cf4aebefe9be1e01e0f768abbbd59e6365eefb6c9dbe39e1ffc
SHA512 3d32b3a64d1d8d8c10b15f9057a096408f63464c840a85d8e621c10b0eaa013b7064040a7a255b39482a7ada8dce696e727321aa6fc0075c8cf387b80c4ef3bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\5675f1b05c4902992323a19af52a6a1918eb3dc98e77b588719f8a940715524b[1].css

MD5 97889aa827c7ad6bf128e70981cb0852
SHA1 dd10e9c0dfdcee43fc397be9e0ee2c6ede3fe44b
SHA256 29209b111700abfc0925d4fbe32f251a67a0adb24bde0c3624c601088c0291d4
SHA512 b413bef675c11f80de0da8e248fd629f2608b73912dc01c7bb654cc9bfc6e9908d9825b2cd6bc92bbee6513793183ed9a94c091803cd2541247985ab5c362728

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\70a9b96d26cf93544ef5fca7ea783f537d9e57c8e9ba395f1dfb57b090d87eff[1].css

MD5 96b1f1c846fa589452b9d1703d1395fa
SHA1 1a7bd4def9681471cc431d1bba40ec6ee88a87b0
SHA256 ab303a37a23d8f2dc0e78b8cb4ffe67843572bd3b679f2a0172118c0d5283178
SHA512 faf84f7ed3483305723e9b4d159839fbdaa88744536124b2d4b100427dd61297070d6ac221f13569b41963500a0dcd13d9603d60636d726a39f6b7bcea20e7d4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\3c4bd9b17b9020d9ebc87d4542a68a949a9de6150a55a92f0e65514520ee777e[1].css

MD5 3306ce36a2916143de21338749091100
SHA1 e18d27d598c5b05097fdde260939e55039dbc480
SHA256 95c73aed10516aca84774c1858f4dd2cdc9c9d3547952c941cafc0cb2e72d46f
SHA512 3b3a5bbda0226232bd08f9f4bf2956310387a8fe18e87ebafcb5ff452058a8627e5da3eac34248b21708034a722d97132fca48976d789a4a249809680f4af92d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\b8f8f15a57a66e73469ae72eea7d8905346afa78b9f2397627cd099f7dcc779a[1].css

MD5 4822b35d6907be7deb782a70cd7d8ac2
SHA1 1ae9d83eb6fd731044d638013370ab016519b7b5
SHA256 55fadb9d729a01259ece92f76daf5defd5b86755fcf3f1928fc5f2eef61fa0f6
SHA512 171f93bb091c0fca9efe8a7d5818d0b13efadf728242fbea9fa7497f959f433b8c63b4e5961a3ba80e8f3ee3c450e7061aba4489ae480df595b0a07599d895e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\c56998f707ed8eb87cbfe169758e4bf5ec378d807483904507f8562ad5b64835[1].css

MD5 dfad5bf2db06b3889b70324c7853ccdc
SHA1 dd84151765efab9cfe65dc5bde6c3336d3d6c574
SHA256 725e55fa26ed7373f083187e60743a77e4b33880130e81f358f5c3ac98d9dc85
SHA512 9ecc8731f72490c0837d2dc252cadf988c32db6b456fc310dd5b23fb2a2fe4b798a811c34e9df7b0e69e092bf5180ef288e8af4f875b9a9bf6ecbf81065abbd2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\66b2fd496e668938e3b0e2d9a0c12f9f88c3a1a4974608f69059d8061fc0141f[1].css

MD5 841d0e206da11f1223042a23f4c414e8
SHA1 cf5787149f6304537a76e4ee8c6cfa83ed8717bb
SHA256 4e517723905ffa106acca7c3e877ce777a40afe41b218af974166c51fb8279e1
SHA512 5328c00d1343598609407bf58781cf68584b3a8878e2cb4102841a9dd58cc734255cab8582b2689203ed33422f32151d4e34fc249c9cb1f7d0dd84908a7e1b3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\76213958cdc4d91524bf7bd4db57ab8097891dccc04dff60d7f3d103861554c6[1].css

MD5 b1fc24b52dafbfa53da520195a879d8a
SHA1 fddee2539a4150e64e9515bf47e8566497c7d337
SHA256 51f472bbac7cc2929892a39e331a5c48230cd9c89f78dbc9eaed48de2b91eb99
SHA512 af7ac5b71dfbfb747d4e4003c9d50ee8673d49dfdb7773bd606c95f337771ad0b55acfd72f223ca61fbd51736dd80cee811a957599b61d7b9ce935e90f85d00a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\3bca47a98d58fdf98a7063c4f3b390671e5326ed559813887f3945876c997da6[1].css

MD5 5ebe91ba183a6233ce05983c84b03fb0
SHA1 bcc77c9d39be29ac57482d12242e4895991e57e2
SHA256 086e63b655881296de5b09f05a03e31a82bdc36c19cf2fc6a573b758aff71cf5
SHA512 08c8251b62a661e6d35d5e0624a0e718510003fbd692338192affb3bdeef8fe8c37b44ee6732c41e57191ee6406c1fab2998cf510ef7fdfab13216ed7cc9187e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\0fd144dfddc01ac3e7993d0305a56cf1027a2aed388c9be44c0d37f565b93048[1].css

MD5 5be36f6897d88d461109c35f54c14b7e
SHA1 efc533898ae1e53711fe4ae2b64407e3da065ba0
SHA256 4a2395a8492a45797709488f66acd5b72dc9e5b17e7c4dcafddfc49d62f2b70c
SHA512 3c7e263bf8f456165cedc5b271d63fcf3dc9f7bd2bb5befce0e75a90d0f9183ba855eb57ea14775861bdf0c03edd23c5d8880bd7ff932996cad28f2357fcd16f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\d5a3728b78be729b693aadf79a1f45f0fa49c15fe863a0d7dd631b75f9e82207[1].css

MD5 9c33609893ba704e16ae19f563888e5a
SHA1 9bcc2f77c6e9cdf2842b5a5ce8e8d236408a257c
SHA256 2ccd7eaf7c0888ceb1e968925904718ef6371d7e00bcb60bf9a9a2044104a4b2
SHA512 bc2bfd0e1a6f498ac4200fb94a7ac06899ad9fa61b6ad78b5c1475f1a14bd7a52db3ad34c06695a10e290424d13ad43f3df6100873c588f5c64944452c32dddd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\da45920fef8b22d35ee6cce0702d290241252fbfd99695e2abc0934d20de0974[1].css

MD5 b99c303f3ba644a8a6c5e5b69a96809f
SHA1 de8bbd869cced07d0189e48f990d2b04a380eac2
SHA256 0569e3633081ec425333bdc8c58d6a06254ffd1e30a79afa7a0eea47c2d0c78f
SHA512 1bff99be3a413eb3376a913a7916be873d15516cc3358cb7f8dbead3574933e538cc00b8021316e1626a52cfe41a9d6a2760f1a9dae9d598a4e87fb38a8cbfc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\c5373f0dced8d7be7bb3ad1b978fb8af776157fcc41ad3d5c92d725063c2e6e1[1].css

MD5 c5defb1ffe8139f535319a6aa61bda1d
SHA1 bf6fca1b24aebe3481b40365fe0cd8b9a22cb835
SHA256 91289386c0e3f8827f3783bee3fade4628b13512de861db87fc627a02dd61333
SHA512 7812b3797fa0060fb84a0a317af4b9cf9620a7b493efc94d738735cfd4e0ee65871ab9e9841a435833f1d7d212e00b3722a78896f9df64b69d14a84709b67ea2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\d45e200658a1343116bbf4a88c367d093758085e7d001918d641c85b2143468f[1].css

MD5 76336c679621ad9d60a37412c2adea44
SHA1 12bfd4224e6147fea491b4a046426420c2ec2791
SHA256 b0b3c14921ae82851ddd0ee053a5f0b66b5b0b5e76aedfa30dacb5232195ee20
SHA512 be3f0504dba08d7ed0d05c0a1f0943a04be27c2d94b825e449a76a482b30b1491e413843ac97178aad79235cf98c2cc08963f9689a453ae865656efada404a1e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\08a545ae1503441b55f5236794feccec[1].js

MD5 08a545ae1503441b55f5236794feccec
SHA1 a4f8852af11cabbf02efdba700170e3601f998e3
SHA256 a9a4bf50d1575933b2b4d5787ee7cf062556471f65e9fe8077116d9b45a1b289
SHA512 2195245b88a59847a8afdad38f8a52bb6daefe70c15392c0a88d44da613691ff74bc2429ee9c9acb2783ce88ab76976ef39504ee041830b025f37ea3be4c4b35

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\bce44770a3e3313217e86429c0d685dd245a8e4a8f79dc4b8bc6e0936f8e4872[1].js

MD5 3be5caf146078203ba6382e4b67225b1
SHA1 140e464f254d068e677f345d0d79d6304cc23535
SHA256 096ac7879e45439faa9af14be008094b13faa2b218eb5697c6ba0871e2c76c2e
SHA512 c8bb207e8261ce6d119afe43b7a190e3b12b43ce0c96973153b3381ccd2207fb6eb16f602976c227365bd26586994a162f4db86b61a4585cac14fde89a98c316

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\358ad3aa1eb24fc3f1183d478af41316f5d04bae004f77647d885c6b861e67ac[1].js

MD5 97580fd84d8c7bbadbb13a4417a39cf7
SHA1 a8b6bd1691fd67b02381928bb0b1c221de928e35
SHA256 053fc44703eac01de1f6fcf6895f319e1c1e54e2eda8d572ef088eac5f32217d
SHA512 372e07744d4fc3f4380d8b8dd8ac03e0f25a02a5c34d69dc243301acd9e79094ffaea8f880f247afa5175218367f41d42c9f3208c04db56b132daad30237d9d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\341005be30d4e45dde31bae2877e83edbda9f20ad16bd405e240f24050e32623[1].js

MD5 b7c164a7222fb4f8c3dc96da65b584aa
SHA1 723545c5307748156645c9b0dbdd47d431ac9f71
SHA256 b294aa329459ceda7bbac6f40f3f3db4fdbf9e141f628931cde5bbaec94d3dd3
SHA512 bdac31695881d87b84fee4c5dbbb6f9620b39cbe5179015630008462106972c0dedbeef139109a873b8d4dafe4de74746c8dcac83515dee0f0f5a11c870d6818

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\2ad6b2753f8558f55fc35440842b58f6a8f74b40879dd503fa8394beac7d3370[1].js

MD5 9bf981ee84663e83f37479080ff8f498
SHA1 320ade929537edb91adf6679693c062d934f1529
SHA256 94789032287c78e9a6fcfcb24bef8a8cfbc1e8b56937d8d6ff9b31c1c4d08e13
SHA512 88cab3151e4d74d5678f8a8934ee594a2e6a6fc75e69f78e530b14005ed03aa8a416490614a34f1e9146d75c2e7c6eea6cf03504418ac44dfeb2dade3f0384cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\c0b9b674b2a87f0aa6358830e63fa62841ce9a3e24f065c5fd33b7e73f22ffa6[1].js

MD5 8ad0bada37f2767d4dbc542958fc4f32
SHA1 7475a426a85d9b1d28fbfc41469c69096dced39e
SHA256 ca8029421c8f8f74921308985c89a826a092f8bcf040d5258fb3ca832d4a815c
SHA512 a91f4990bba9f723bd4eb8936f4594abe59411fb8766ea3beb4e03abd10419b6d0a07fbff582d2689e8ef1e7f627a33917f7b60388ce08b1d4f0ac6daac62efd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\hsts[1].js

MD5 deacad0a20ce292e0f0439f32616a363
SHA1 a8a3574096efad3449789962f97828a2914cd711
SHA256 ca7aae62c9fe0095fc0a52f920ecdd08ccb7665eabb5c67274516c2ca99a1177
SHA512 750a68226792cbcf6f1ee9c1d6c5055d7063c1226db65c9f692a46cceed7d9e44acf07b8d140784ff800acbf9184dc90cb369ae2cefde0038585f8a7cfa35677

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\5c779fadf28d7893108d5b896e092e0d-GothamSSm-Light[1].woff

MD5 5c779fadf28d7893108d5b896e092e0d
SHA1 9e30dd79b35c884925d8f4b8dcfb4f30f062cd10
SHA256 dde254a5345aea2d61098d4cf6f89af4cf1fe11b69345ba7324655b254ac286a
SHA512 18ef9ed6f342f19ff2029f999798d7c8a0c68b022fd117b24b883f68adf85b1d1245078162a3d66db14cb92beddb5be718d23fbc4171f22da2f4e76faac81150

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\713e0b3a604ff4e44f55f9d1c100e8b5-GothamSSm-Book[1].woff

MD5 713e0b3a604ff4e44f55f9d1c100e8b5
SHA1 b024711998cc92777241b1401ca39c82565f2d26
SHA256 7daea40b38c44630a22ed4ebdb0502847f58339094089865025e0909145deb01
SHA512 f6125a31fb7198ac12027235c92018fc085859423ab1c1ec4d2bb75aeba317b49e7a17727ed106539cd9938aaf6e4296862c228bffb841e1ce372a91df907c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\260757df563ab52c2270fe06faebfcf67bc9996c718dd4ed04b61e7f4676306d[1].js

MD5 73fa43a10e1f0e21cdc273084b438bdc
SHA1 03c9a282e54c9ff04a4038ee0106197e3c547487
SHA256 29fd9d4580a8331627d27960655177f85edfa181debc143e51bb466641770553
SHA512 f6892df192dd887a3329ba6d3791a6e9df5802f5f526230d0c3f4c4e4f3b33633c770cc45f648bef15f541cb09dc6f2f534ae0440cb6b37766d17614ce8b4b27

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\2ed7693f8cf4d79466dd604c35502f76-GothamSSm-Medium[1].woff

MD5 2ed7693f8cf4d79466dd604c35502f76
SHA1 50f205901b4b50b777ec024cf1142eff38b92d21
SHA256 24909631879a063171288611fba23cd68ab3bf99f5bb8646e297cb0bd7040379
SHA512 ecafec254da8765c894d359600e738e6c82d0da7bb1238723d86674d8d60b70d9f3c9ab881162f06a90aa3922b692817d7fd069b95cd654670a494dc5dfcac18

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\0c1b1b913a2ad4b51e9a8aced52b4362-BuilderSans-Medium[1].woff

MD5 0c1b1b913a2ad4b51e9a8aced52b4362
SHA1 37e01a541324b4ef59787ce13a03bc7da7cddc9a
SHA256 ff03498fe7b4f1d3b411174b3e8017dfb209cabad0fc1c3741438d196e1ca631
SHA512 55e7c3734e772afd5e82c461a26137dfe4198628b68c2b06269c5952255db1da2428b97cb257aab9cc2c3bdca3c6b5b16b30cb853263543847c95d49ab1fbd1e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\27762afe0183d3d8ede503d4f5ad00b5-BuilderSans-Bold[1].woff

MD5 27762afe0183d3d8ede503d4f5ad00b5
SHA1 f81f72208754a844ebc27e226228126a66345e0b
SHA256 0bd461c6196ee2b10d0d7f5701d2652ebd078fd05fa33266ffbb8c73ea9868e0
SHA512 d869d71efb7fcf193153f1dee020c6c43a549748a4d5a6e159c7cfda42ce14f72b4fe1dfa983ccdd717000341b58930a3a549294e34526e5d9b942b6839b524d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\3a390ad6e476846a971ab5923cb9ff1e-BuilderSans-Regular[1].woff

MD5 3a390ad6e476846a971ab5923cb9ff1e
SHA1 33f0a0de132c76faee5de14ee7855761ce80b3e6
SHA256 f0770802cc2c9c931fa9baab2b3831bc3b107a5707bd4beccf56b693f656dc5b
SHA512 02059e79fbd5254313daac70df10c7cf90364d49e5f2b5a3eda39c393b876ed3fb58721c0dc3add7e91a29655841c6724757634c58ccaa682943064e920b87f5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\fd780b5ee50e93a0002581937ceb74f9-BuilderSans-Light[1].woff

MD5 fd780b5ee50e93a0002581937ceb74f9
SHA1 bb5b79b66b3881220cefd8533360ce47adf8ec4f
SHA256 288acaf8a3adca05fbdbe7bc46d57c6e2f62e56b5d88cf520199ffa1b705078c
SHA512 2e2ee9a45213588f2c16d1709b7c49cc64c94ee42ef6006201c49f1bd0a027c6114b040797fa973650f0613659e373330f57b0adccb9a7ce246dade6e4905793

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\0774273a9a07ff6dea86332b42898ae6-BuilderSans-Thin[1].woff

MD5 0774273a9a07ff6dea86332b42898ae6
SHA1 5f467db95dc32ee5079d51594014de16c1918936
SHA256 63f86877afbe5a190af722486b676a7cb923dbd5fd40ba248c7b70cebe4b5b8f
SHA512 1019f34cb0b2326c2dbc6c3d2fa79a4627a266bd971b5f22351351e7049b54887fee6b753a4335a1f027c70a2de08622fb7986d92e3c84ca63d4d981148573e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\3ac436cddb043616a4059aa6fe3b0c0a-GothamSSm-Black[1].woff

MD5 3ac436cddb043616a4059aa6fe3b0c0a
SHA1 feaedcd1f6a04c709c042d27e2989feb7fd8bbf3
SHA256 3507166f4e17a878edb60bf631000cf684894aec3e340627ab716c0da94b2743
SHA512 d15ccc385b87b170539b99a452b654c4479b12684dfa33e0cb1f85caae2c7a24f640354b9930d0867662bdd11085c227f46ab5a9b1b3d261f65ad33faab53ce4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\fe0e9885efc341b17f7e600781493f69-GothamSSm-Bold[1].woff

MD5 fe0e9885efc341b17f7e600781493f69
SHA1 424c8cf3af83a269579cfd4c040e6eb6f67316f9
SHA256 be7c8a03cf754daf4ede018bc98b4c58c6224b45dfb15e639996c9345e61d905
SHA512 f7152efaec206cbb518b1f48fe47b79c12a1b88136feb4dc0ed0e8f8b3fadb36e6994608e6481093883439e9f3c5792d86b4f64b13d4a3302b178e767abb885e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\041f792b40f49fc31c78d68dd72d3f83-BuilderSans-ExtraBold[1].woff

MD5 041f792b40f49fc31c78d68dd72d3f83
SHA1 0485b40796192541ba968da7649062c5116e5d15
SHA256 c467a1b69a876767dcbe7bf94c64831d31ce0d70eadf12f5af651b3f6b341a2c
SHA512 a484d773e4b2d9baf7e3cc79fc010b2917312f9f71421dd3c3630dcb4c4615c0beffaf771e5716a26b5c897c8c9a06bd153641d58e589ce02854df19ccdc7033

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\4bae454bf5dab3028073fea1e91b6f19[1].js

MD5 4bae454bf5dab3028073fea1e91b6f19
SHA1 fb59487c9e9861427d5e3f9278e2ff25192bf542
SHA256 16e270c694d63452ceab6e36e48781a1d8ad5a049c3a81ca2e4c8747c38e3474
SHA512 d978be44aa2bf0df078b7b983423d595ffeed81189823a59906e9edfcca2767624c592f820b89dd292663c19910a009689a8a8a2dcf18180989e99fc3e68f3c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\00e1d37a965af4242dc6b296d6c883f0[1].js

MD5 00e1d37a965af4242dc6b296d6c883f0
SHA1 77623cfc910b5328516572602edd445bd502da22
SHA256 2758dc0884cdc630cebba686a41b738a9a90c7914e8f2c3c5d10a6c843f45d89
SHA512 395fcb74489d0b8caa50cc3f8cd032412cb53396a68e17a6f4a469a0976274d464f0e7c714d7200d68d6b87176020276bbb0f1806ca106379123296d79c0109b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\b306782a5a90845cd68a25c16a2dc96edaa002962ea62028f8b165074b06282f[1].js

MD5 f60f6a009c6beda7546db35ba4c3ba0c
SHA1 a11a063f6d11fbbfd79123362dd0e49e414b6d37
SHA256 f9771b29d891478f6b1b11ed347141496e8304eef316b7b6f4fed53257d2535a
SHA512 20934a9b4c7e44ac73053da133abbf9e26fcd7f0331191740c99f374860f18ae416743258630b34a2f2fb3acdc1247204a7e7b8e853c340cde88dd1ed4de023f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\3549e188c34f5a2d6fd6ff275813b3bc[1].js

MD5 3549e188c34f5a2d6fd6ff275813b3bc
SHA1 17b02d3606cebc44414475211fd3f0c851efc471
SHA256 968a20eab1449bae7485d20d20a614f2a33b0515f27f143792b10cf4d700711e
SHA512 e17176b80c6799ee73cf5084d2b5a7fc3a442ae9bb787c4231f63ab3e8d00025aa70072e524cae5d3c60601a8efdd0420c3a13744605f8e3e3dac0e797234138

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\a7db059d44edc83a4357f5e6c042ff70617a9ab13a77121f8a154d3ae5644210[1].js

MD5 8bdf7e49511ec67495ceb189c1810df2
SHA1 17284c446c9056fea60b3830950ee2bb7f4e02a4
SHA256 2c5a568c95e0e46664fbf96aa3468ecc2123bef7d40565168a65f586987c21ac
SHA512 45a3baa070dc240bae52ff7a25c5e272bf3a1582acafa00c828046b25632db5f8d93855a7bbee762b559bb6475796127f7ac7dcd13c5a6e0b8e871f003fe4ce8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\83d836a661ff433d5b7ce719c489e43af590ff75ab39ccc6d393546fe91b766a[1].js

MD5 3ee7ef4fbd7fd6a8598053bb1c9163ac
SHA1 477c9e17205ab78bc62d93a04874f0dd2d42f503
SHA256 31ef50611f6981b083bc1c17f1a2d9df1c2b1722d63548902000e47dab835c65
SHA512 209ca44ff68bfcb676fe7675d06c4de32c0718bbcf79ffb8b3cb7b9d6b9c152f95a90c42324839a743b8b8883aefb4f2560e7b19a90c9a7159b4dd185e4540d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\558cbed0ebd127bd21f1045302a44c69a092fc29acd3ed983ecd5bcb46ed2e84[1].js

MD5 2a5211f13633e621e4e96e3bb4aeb2d7
SHA1 aaec211b9b1aa4340aaea0cf52494e37725e8d89
SHA256 a5b539d625f24613d5224001de32014ed9d77f96f7de7b97a2cf24100d9971b9
SHA512 cd1e9f4c8274ee50757496c160982d345c51477ce1e8140eca44c7af3d36b516a660a28c41651c5321d5213d2c9ed938dcf00a13f4e8d319ba5e47a65d5722e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\b79589d3dfb2446936aac95605deaa507ce5bc3e09073bac7dd04872880694c2[1].js

MD5 6cfed30cdb69f19c15da9442ad3f8eb7
SHA1 c0e81e60512fbbcc3c50c9759f4105cd5a442185
SHA256 0c9969537d1177c77bbe5ee1670a235a8daa10d6f7e6ded34c2b5c1ce3c56f53
SHA512 eb9ee827c5944cbdeb0f4adb20f152df483b5da77d2ae995e890bfa75da83c0fb09ab059b737190f89703f424ed406acce954583c428adb93d0ac862efdfab7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\97dfb46269dd61a1834ab7a89d228d02f61dba167fe65f2ef902b7d7903bd1e7[1].js

MD5 a6c483074b9cddf7a12a1a5fbc1aa015
SHA1 5e51dff3d8e9546e67d686f814cd1ccd6cf99fc1
SHA256 1b499b7508e45a50fededcf7c68b42689be1416a52c9c2e4cf8020d0fb59ebdd
SHA512 9599c331a3ed3e8b9fb61fca871e4530bbbeb8e65ec6a8729330f2f0d6bdaf9f3a9d918dcf19ac06e62a23c8a4d6df7ddd6e7126e0e7f0a2b679bfae8698b63f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\2359bfdeb82ced7d627671a3f54e79df65c89aabeffafe46e360a627c8108d63[1].js

MD5 e1019557eac36294033f13588005b0af
SHA1 05854e7b2c92bc509bad8ce4a3dac0169d819e4c
SHA256 e0ebbd2ef1e3ef6ae3934fa59f20a4ae55da292b59b4b337f5de6b32a6e41f3c
SHA512 fb1b232bb77e66be80f2bc4b736e035231c7d41e9568475d63f25bc7e8b82f9f899350859fc450dd572fb5716e7fc3458bf7c622cb33b3f10bd4863f0b9af763

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\3756ad214dde52cb58a1300177547475[1].js

MD5 3756ad214dde52cb58a1300177547475
SHA1 f2037e4decca617bbd8f290e8030de93ff52202a
SHA256 153c7a2b2f87f9c0ff485fb263bd639d7c28f19bcc265af05517d12307d2f6f7
SHA512 fa0a5dfa503cfe3483db83d400a89d7f12d072a4c08bf1b9c5a310b2c78b00d8ad3f1c45208b8d6aa4ad09f7936c92f6d32e43860bb6fac9a91f4db0515fdcb7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\5259cfe8a3e36118bd61120693dbba3ba87f2c3641f84bb07e29f1d69fe87523[1].js

MD5 08c66093a701ea84318ba5ad26752a61
SHA1 d244d4c153c2b0fb39eb3c454fae6bfa4f296595
SHA256 524ccd7b4aac1d1232bba66f088c8ccdff7edbde4ca0d5fa02e3e1ffcc1fb12b
SHA512 31d99eb9077846a516a7040c0c6eb0e807426e754866e9c19b3f995b935fc1a09e05759f4091937c27bec59e6829c0f886f23e3ee57e2015d4b122192ed30faf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\8bf3b87abd50e6f1ff0efd7718757659719cc62e4cadae2b8da1ce9b8ec3a126[1].js

MD5 66cf122a905819e97761ca4fb3f347ae
SHA1 29e00f0048a520be8484f42958952c04a33c21aa
SHA256 3c9a52395225d20acf51147b85ef34e21254666a092d34c4d8b9933d79b8287c
SHA512 66f9acf07f867ef312f8b74bd6d024ce31a39439782ed38c893e88a8aac3ef7223fb429d35a48836a066a77ff780b87402b40a29d8fd19aacac8c3b613ef1bd4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\077dd64734d3aa9a884874f85f2f514a239688c33a0fdf3f90365e0e7436ec3b[1].js

MD5 3476e53f01f1b94b0d27714a64d74459
SHA1 05735729a6019e83e82e6eb6f2d5064b933f4ad2
SHA256 75850ea2619ae80e3bb74b69b3c10500374f90dc6d621d722639aac1b3c594e8
SHA512 bfcf547954e71ec7b2069cc56e4291a90412c053ff49f1abeedf0df9fa701fd49744b8b115e05b6338dbaa0dfe24b9118df040354f28326f17a056c6e481f196

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\7693d98990f875a88c91c0385e1b0542bb51913fb34b23f414b6890d90353c40[1].js

MD5 959be10187ff17f4f4b5684a33dcb315
SHA1 003ca24bcd9a2ed3ee644f7b0cabe0d5bf881cdd
SHA256 b757c1c017abda974e444fec6c8a8f182df7106d504b2623a455b03b83292955
SHA512 5d7e7ae709ae373f55dd3f1d6394ce57acbd617208bed1d057b22706988fdf3aff82beb3a0da13cdec87b57b6326a94e77dd6fd80f0db44c08022503c8478547

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\4428779c2e0a2fce051d39a841e7e4d2d6693def23be6198c5ee437df3e33d3a[1].js

MD5 e8d9d255101d126899a7b31937726003
SHA1 3a0b2803d16fdfac2bd70323ccc9ca8b3d55b8bb
SHA256 43f59091438ac5f5beee1c08997a1a400b016e8abbe08a10938b5aa441b3ac87
SHA512 9329e25057c8533eb7fd5acd5a5a2b0acaa5d33a38e5527fce939703aca2b6dc62a468523068f1639ef7408369e9a8f232ae30adbdf0a6c012e6fc77a2f91c3b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\eece21f4735747c13ebeb3eac6d21e7cc9d78b021f48d1818ea700f31bd71c6a[1].js

MD5 29c84fedc95e50c5aa2e73bbcb82d915
SHA1 81eaeee57aaa4795770a2c4ffa78d634ba5b401e
SHA256 e578e99db00719a823dbc44010411daa521fb4b4c814e697a04ce6b6cd0eb276
SHA512 ec2175e35c8cc8a79373dbca6391d95da60723450d36e200ae8d8f63244f6481cbf4d19406624b79392e20875b3352efb10b892de99ec80330891656603c6991

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\93bfec8bd4ba11fb0c3010513fd9857ccbba036ee67486c87eecc07b75653eca[1].js

MD5 829d28b76a7ac55eb904cf7aab7cb482
SHA1 d558f003768a709a12c2e8299375f2c30ba3d3a2
SHA256 fc5d79d14e050b59d5538c4ecb04b6e687cf3b00349fb344801b38d45f24fa7c
SHA512 b70b7dbc0fad5ebd0e8aba19be552425d3e497c3b0b2e997fd13f482d5a956387091bf37584f5f64c4f43dafc9713a28e9fa03d6e1561cfaad44b8354e2a9a88

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\77f5d3c9ad53257cbf0289315aa5cc0577a481757f88446af65af5b619a26f3b[1].js

MD5 c7ff1a43038bb07be7b2832863d1ae96
SHA1 4eb7dc781e8e7e197a553904062dad42eb5ad673
SHA256 b578251dc58863efad4f14a5a4d8f22d3c3d044a22a5b3961c0e3b42d65241aa
SHA512 435972ec52197690c630224ab4338cf193f67d54c1571a7c38fcbd73296266007a61256c240d45bf1237f58a45256723fcdb3e5909f7ceed4fd36a2bb73151a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\8db8d8704b1403e4c919554c73598a33742864def2eb7bf95279260fe5193313[1].js

MD5 eda3252d85095215f0a0d7c18610fe10
SHA1 128de1960cbb4232a7ad970bb2aab805afacf556
SHA256 6745e0dfaebd1ec9501802d063a6bc53394f680fba95297cb9aa51c9b540f452
SHA512 e783257d88350b050e64da4ee8ab5b50c57abcaa6e3e5b955f1c12c78546ba4c3a7ef90f0b09758a56bb79d543b5ad205f40466408322694c6d67c7655755bc2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\7043536ec0248f489b68b5e62dd3336f6962fb50d18a65b766453a206a772d4f[1].js

MD5 cd3d6b4fbb3c0d89042f2c101ffc472b
SHA1 4a43047f618a35fa3df2198d8b0c152260cc574a
SHA256 1ef57c242af32228a2964a894269e53e5636a82757be970b4164fb6bbcec9eec
SHA512 d66dd09fb00b9dbd3b1811f4f08fda99ddb903cce51cd82973333f5fcef52c2747814011af3eea45405ba80face75527e2f9bc600d9fff1d384092e978e29295

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\5a130ca7a8a39e0d88f0b43543e6e80e4b8c20405a7af835356add2a156a610f[1].js

MD5 5cabff5d9594a71749ce57d5adccd7bb
SHA1 ed209f1e47643f12d3c28654b80cb45155b06171
SHA256 8c6690ea23392d014da7e4312c3b8e0a9e3670cfb2a94c2a6f936436993a11c3
SHA512 cac43a14840045f9fa5fa54a99605ed7486129eefa4873080d4360a4f74d72a6d684a0025d52e559aed3ab55474ac7c8ecb5260f38daf5f2b8b345829971765e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\b37f27692abfd4515ec53562e3bd54cbe3a8e410b7f589d78f413e1e14d511e8[1].js

MD5 1da151ce6211dcee054478a90d5fffbb
SHA1 b393795c15a7802fc03ce8dcb0eaca6343487d68
SHA256 ea4e2fca9a65dce0bf18c0b3d3febdc6b96d9d881e753caf86365a54a2c8929c
SHA512 032eaf1c0d5ab3d36bddd21dbb02716c4a25dcadd8ad013f65ec4a11e5ee4b14ec5ae4e29f37108c8c3893da10f6df636c57426441186323b71bc6481876e9e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\26b6fd1b919f0b9627e151a0a84ee545[1].js

MD5 26b6fd1b919f0b9627e151a0a84ee545
SHA1 178314fa22e111597ae98abd769101f9a0936c75
SHA256 585df2f6c594a11c14672f949b88f75e1a2526e0767dc7abe38ae54341977cb4
SHA512 828d426a0f469d6f0a8ddb9899194a99b230162cc2938eb61cc8f1bcb196e2b20c0f3ca3f0b24d297c8267b1fe47d5ad45e6723a3dcdb9407b0e6c36dfd5e850

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\417d20fce3fddb17309cd798073e31ce5733c8d1e20dd955dfd2e80a44cdf563[1].js

MD5 c8c09fc50f6bffc45ba464c8bdcd7bdc
SHA1 54a9b210cfbddceea66abc629555a1c6f48dea42
SHA256 2e67ba509c854b363722b9dc0a4bb644c03b7f5d0ac576b5261547291b948f54
SHA512 a71a8d10f50d732c3166118ed76d2621fd88e64ce3eb9e174379d232acc048646aa584a10bf597bfdc00e731396c5042b70ddf318ee787c67744e41a9739fe45

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\47aa20a4d7ec095fabb9db116c99c5c798b2fa37161a5f59a340cb352279596f[1].js

MD5 79bcbff678890abfa36d67eaeb1efe28
SHA1 b747d516c21441ba477f04ec073352ee04d7d48b
SHA256 73c9e52ee2a19ed308e04b99738da7c3882276537930f25a77b578dbebaf2db1
SHA512 43c596a5e2cabc690b2f9f0b1da9b0955f792df113c3e81eab81f6b328e1678f3529eadf308e959875e42defdc4533cf931a4eafca607a59dcfd8d5279135d3f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\1e452d1c91edea05faf9702963aafb1e66fc8dd6c95c830a3c8ab50388a87881[1].js

MD5 727ff129dd5d3d5fed86d2ae64be0276
SHA1 701eeda2997d8eb3c3dc6b4d0a389e03d4ed7848
SHA256 d1db21a896794c07abf050d9d1491538b8d057a7fd04f5787db441471e7f22ef
SHA512 428d20a5b8e2737602db4ac0abd1a85fb798430b7eb83286eaa340d11f6de0447f4351c94ee2b1b3dcb82ea87c212e4dccae684a09a382607430859e8ba856f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\aff2cdd67a84ad537fb2b3e904411bfa9eb52ab295378592e4a0e7d9df8153ad[1].js

MD5 98042c2dbb9848e8bdc55a7b10687c1f
SHA1 af6177d954883d703130824ee0980b3cf1f471ba
SHA256 1cfdd34c29197f9d3ae0d689bd5d2e70624a3de74ecef6324e5f0cab9a4c23e8
SHA512 f529807ebd1d825a32b3a6a4d923f29b5a4c89de502ca63cd12e3366f7a65faa99b9a08609fc213911303f2cb56994c287ca42c96b96d4317f2bf6d1d1534680

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\8840361a5778ea49d9f3dc0c5dc9562926b3fe8f9daa65871fab9b623a356364[1].js

MD5 ed60d5af4a7345f420118282ab469c37
SHA1 4338d4f1bc661c1ed342945921b8501941a2283d
SHA256 12270e415a2767b6ad2d98e2fabcde53fa81a812c0565d3f6e0cfb7728c7d967
SHA512 cae48b98388956864d2adb720215c1818aa8e08b7616794342b9989650f25587613b02e497549c1b8c917b653c7b71c439cb928c0283c74fb856385d39eb884f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\727b0f26872ee53b4138788dc357add14e351a1813300c9bae57bb04b15ca0aa[1].js

MD5 311e1336f1637105e586fce5de155c69
SHA1 895beeed28216a16e4accf5911c0fae39498151e
SHA256 43dc39cf534f7235fb7e3017604b2a51a64ec1068ed6c4b30c1b7594915a4160
SHA512 ca7d86811fb4436135dc1e88807964911ec60f6725b7b9c7aa669780c3a08c54631de748642d29acbc1f65afdab541b102810229122437f7164217b1b932e482

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\286bf83f913d1914e7e80c962bcd94c6f639dc45b036e433ea8f2b8c4a71f7e6[1].js

MD5 2c900c06918c3398390081189b669c00
SHA1 3cb79d860dd587a64b40abe0fb160713605cbe70
SHA256 db0a25498c34cebbb0f7b6550788b26140e3bf5efb6d7b7cd07424b00136ebb3
SHA512 2327197cc576bba8b9fa91b0ad0724d88cbd1d961baff8841310bde84ab4381e71e218db581ff958e816ec910ea309eff31c3a9eec6f060b10f5cd83035919b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\89113244251d50b2478155a20d0c7e1b40a6eecedf925d799c69408397fb3d98[1].js

MD5 4627b5c977145b41df16e05ade500af8
SHA1 876a7930d60f331d6f856771e68d4211a59d454e
SHA256 079228792173664f793093d46ae72f3cd30eea39920e1efa680aa6c5d82944db
SHA512 f2129a46f10330c62380d97722bbb22bb2d3f92d27f0f2a6a0da4ded587f05153f50c5cec6c424148750245cd268113cbf3e393662633427c79eab9544b86d7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\c4b0a446b38285f3db5472340f4ef27d737c87b78348e36dc7acbcfec89d70bf[1].js

MD5 921ac3eedd28fa0e68ea4abc9d34be91
SHA1 bb13f419963d9a557dc23116dc6570b0b4f73378
SHA256 cdcbef4fda07710a79ef3d93e3f73726f6285495cdbd9c2994d921c3cc11604a
SHA512 67faa6d3c442003ad3c36cc168b7cebf5be7ac9d4feb1ea25ec6d54ad80ce3ca0757ea0089b0de4820957e4287f176d041382d4cb3bd8236474ae8bbb00099ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\340c7872da3efc0c41b58c55435c2051e9fcc71863ebabeb77aad1be971525b5[1].js

MD5 37ce0b69f32fd7815ddb6ecb35ea3392
SHA1 7b070127b3bfb447a9b993bdddca99bd43dcaca0
SHA256 8275775874c90ccc7a2bfadd46f52321a26e14eafbf303ff50f4a65887964c35
SHA512 2241af73d96100ff5b9605d27ab6f721de976006c7dd8aba0738f49928a12beef6609439748ad69dc3e498e618696eb165be166538ad106b91d7eeceadc3ff08

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\faa458f4f0a5a65724f9fd28da2ae1b68e0b42fcb485efad35ff219de9edd015[1].js

MD5 4da93032ccd0f9299381a796a4c811dc
SHA1 90a9236be97723c11c21284eea11d89789b451e0
SHA256 e5782220959af7055fc170e357d6769dcfd80736ad988349cea85fe1330beab6
SHA512 bbdb05fbbfe56c4d3fbc40a8f248c6bc16d470cfaeca8d3cafc9cace0ded71b1caaac5807096f5def1a8abe9ef5e86dc57dae4cda6347abee13a17923925f4db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\4bd1d2c26b9554957dba7a429527fc5b73ff6949c827448ffe265cb819285202[1].js

MD5 423d8383c4814131dc0c86aec646b1e4
SHA1 2c0da065da81eff03e13c50aad4cd074bfc44a28
SHA256 1d1b5eeb69900e8bcf65e10107aa7b268701b538a28ea0e5fa0e867547fd3ac5
SHA512 f3f81e5e55c21fe9b3fc297981756ea87e07d7dee1f2e47ba975fcb1d19ac83826c8a6e52876a4ebe84f6c91a8cdb56dff81a62107c8b14b29e036bd5a692c27

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\cddef009765ca412658d8c18eaf9fe332b3b54af2143085b8347781a767094f0[1].js

MD5 60fbb1d0c21ca1dff865aa0ebe87beb7
SHA1 daeed9892735d68147d039c3efe594f80804e5dc
SHA256 93638633ca2a04dc20d523d9ee71b4b4330f252dc856333d3871f6e067797d3c
SHA512 8b80de2aca14785cdb193eea6928b5be07d23438dddb69aa6248a73e43d36d66b69d144dec00142f42d7225d8392c3c554509aef1a592939fd28bf8c7771b986

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\4df6ec52559e1c250d3f2e8286e1ffca9f33998dcddcfaf096a4bcd364bbf808[1].js

MD5 3a53a2d2f76db9ed5dad030d435283ba
SHA1 c96112ca2dba8efe39a49e422896d1e40a640ab3
SHA256 7565a4f96b987c05b0334d6b6d9a3c1724bac76644901932320d79068af5239b
SHA512 06ef51d303b932ec1d93ebb0a9b4016aaf97689b8c3150f783dab3210de068541d06ae889ff7eb79278d7857cf7526ceb27bfb0ea8e4d0c7ff82b3a500765896

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\28a102894c2712ff7dc9f486c5b3401a56871feda09d7c1b15f2898677b3957c[1].js

MD5 1f133b3a7cb4e09f5bbfd6c3ca35754b
SHA1 a682bdb8eb9f05459db8fc4144c765b7216b7e6e
SHA256 76c89511a83af0490710ce445bc629f4d53fe2a182c35b25866e7c3951737191
SHA512 d3f4a870dac8e66b55d52cf6cc671700b622898077be19b594aa99b5006a8fef7c837ebc0bc90de996d768573ccb1b238444844df6e3dee6b5ee72d203773703

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\85208f99ce501214ee1fa2dcd97b294f330e1a23e9c378d596b9575ee15d7759[1].js

MD5 aea3bc4f7ae1c637c7dcb3a04121664c
SHA1 901128e8e32f1979f40b908d56140bab896be728
SHA256 378bbf100ca6f5c0a10f0c35715f6c0b79ff9d0dbbecf79492c36ebbe46dafcc
SHA512 9e38eee27d6582a36671ae4288127e5b8c0e2fdaed9a71eceadaf6cc4421f00cfbdac0bea0381f00c49363b0098a5b723a136c81aa9176b2e4a82a57a59fe387

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\6960d340cf7512fb47e14b3172acefe8db9963419c9b35ffa1b0f1abc904fafb[1].js

MD5 b182dffb80eb265afe468d81b3ca3244
SHA1 2477e02c5aa3d033d9530061ff33b44eafc460a7
SHA256 93644872b0bda020d7a9d53fc2b7caec5e6e1c2e9a141f95275d9dd442ae327f
SHA512 b73f19b187bec12d25bcbeb3ba73f7fc69fb8182fc3a71a27290b40d9b16a4c5c692ccb48181d11625664a098dc05984dfdfe21abfb45352f260ae73771d2610

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\1c8bc37109fd84f255ebad8b6f2edbbc9f0d2b97ef180131d9856ab1852b48c0[1].js

MD5 d87cbb542a9373bb61f12e2c35764051
SHA1 68fe28576cdb3ce30fb96f1d143de4e3b0a2889f
SHA256 ec08dc848b63c9f9e37a8857005ed94c86cbc6431bee542c6264d5e1bcf813d6
SHA512 a8203e169130a14da35828ddcd24e064177a69e233b78ecbb9a7ec5f6c58d0b919b71e5d620efa50c81b34431610794c691fd244f5317f04412fc8dcd78ec64e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\38365a88b25d184116e052825422e21e63e138cbdd19523d932f5707d4f0d122[1].js

MD5 449a166b0a57b413c3a24d428acadf85
SHA1 7bd340abe6c48f453cdc70133d32b9c7731084bf
SHA256 4aa28eeba7658c0213b53330d6a5851a13f6a5f2fc75cb22ad361611a87334d4
SHA512 dd852f1ba8b5ec04fd2e807638fb93b7324c677b5a3ae55039e9bee483d6342482765674de910ec617ac4e5a1101933433981fce3cd07e6a7eac31848415dcbb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\2dde7e9f4ee2afeb69e982b825a06322b3b9a4b6f015e0ff804422447f2b33fd[1].js

MD5 c5102dea07e03362dfab4cc6b3623268
SHA1 7aa75e7eb1205c4916ff50239799e8f5056345aa
SHA256 b33bf6bef61598d0445238ac965ca4f09c5b26522d445e3bb20af190e2c44509
SHA512 59d3c5e7931d843a270517192b716ad392f9033dcaa2848ebed42a6ca9008fdbe6571937cbebde69904201fe4576b07d5f9cffe9a62bad1e56bb4f2f34458d82

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\1e979a52d80126c2447674c17604baf65f73183fd44df1e6cd862feb441bdcc5[1].js

MD5 b84e730ce35d06ca5187beef8aaa5552
SHA1 d34bcfc58c576775a82159a6390bcd9a90efdbe2
SHA256 b5dbc3b12caa6d271196d665215c5a4a1f8ebdbd3eb1e7f13b4777f80b8fc13f
SHA512 1608ad147bb4a496990f118d6146448f80069c04cef4da73bdcb400e0dfe920cda1273b52fe6e1c02666787052d5f125dc567a222705fdea762a98f19fb54f8a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1IS1KN45\www.roblox[1].xml

MD5 4aa50e5128d6a59f922ec327d40b4b0a
SHA1 62218b15b0ecbb354bc74a77edc7779139b1f3b4
SHA256 f4442632c5396b12dcb42d003f1376e50e5d42e9422f4b9ddeb8cf59737bda62
SHA512 f25685dfe24495da32c88a77ca1cc21d2b2893386ac1ed74e73b42a255379891ba4f32b2bfb1bc4306b7c2b8faabcd1aadf6f3b2420a023e0eb41308e5138901

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\latest[1].js

MD5 f92ec8f4044bb8a416e05e255b7e0b6f
SHA1 d33dba53f960cd40b87a6159b0daae2a4475a638
SHA256 87913cddf943d3eba9140536ce406ec3abf4f637b417c05a973cc096b9929346
SHA512 4a1735c357944712e8187580950884834842b50b0bf323305de397823cbccb74cf57e371da6a542bede6cfd60f9328e89630093a22aeed6c07dd2dcc63fb7a66

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\0fe97bffcb328f446dd0f247d2d42e740d354ef70bd54b9371ece139569a5e72[1].js

MD5 73b41191d31fd641ef43ca6ad7f35dd3
SHA1 cc98c44eaa2937e9f292c49ed12bcd9445a8d5aa
SHA256 0db67c6104d623210b9e8bd04cb915103496ec92462ab0c8bed3c4640ef6d9ca
SHA512 fcf62c44fa37c8ace4096640509f6b28dc6d0713d53c79806595ebee7d7cad7b34136685e46452f300ea324ea1721b28703723bdb17efe3cd9be55e8153e68ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\2da1b676b979a60ce3b9471d919f53c6523c606f10e6ba75fa3c168945b8455a[1].js

MD5 7902d8149ee4599dd926a0e35831b025
SHA1 51f862e67eccd55a183cf1c7da8555d4d73305bf
SHA256 2f6cf29047c3d7bee78e45891ea26653789776ee058e669c0c156885f8a59585
SHA512 59d562cd2363a35db03082726d8955e7e361ada87d815a552c8f04eabae32a5f666c3af89822205108e1a3b38de8d8d478281720f6604adb9c6d626b08cc61b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\730fcbf0eba6dd82de9b0029e157627f023e6f448059c5b4c6a4f356222b3ac0[1].js

MD5 2dbe2e4d187ad53e8cba10a510dc62fa
SHA1 32e67f8b946bbcc6ef40a9ecf3f80d6eaead3d07
SHA256 07c8f5eab3ded2ba45d8c5e8914e42fb196c90e45d68efcd2db8b5cb58d27756
SHA512 e6e348c4fe34778d4690abea35093595e8c4101cc6d930e4d54bc49540f2564d77acd5fee939c493d3fde311063660be7108e677e208a5241092cdd90d8b13dc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\44ff0f2cc820b734456e36bcd3528a30460f0576ff6ff17478b2d84824b64abd[1].js

MD5 7a9839894dae8639aebfe9b735c0f15d
SHA1 59ee0e2cdfe19529a607a02edc8c6bb1d649b7e2
SHA256 1529a3576f5b0fda8f7d25f4340c9619c91c8d554206ae172a80da211758ec28
SHA512 b5e1fe996adabab060df6479452608290880c87dcd5bc92d9798a47575f3ecaa185529e808d14d2a3f5dabb314b3a94e698f88862b1fedc78968da4be039d197

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\3f0e9ff5dafbd5826c77caf74e5e7d41b7be314b57022de788a0c53d6a3ff036[1].js

MD5 c77bfeb8d09e7e4d76db06729fb8205c
SHA1 cfc3b83cb495663ecc8f878cbb385d29cf1ff687
SHA256 23358e6e756732285a728fa11dc22f0c2b1a8d8d2f1a267bcf0f04a142421faf
SHA512 efe42ecf3b8b7c916fa11f1434598aedd16991dd4ee5111a5395d1f66476d3b38c029b6f0ffe806d86e36acb49a1d065b7b13b3ac9dd17c61114ec6ed9bd3e90

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\5a5300a5800d03e45af07f710bbcfae2d6a2f4edea9305cb47a488bb57b74455[1].js

MD5 2b3db538884d4f33a5d58faf84c18ddd
SHA1 657f23f3d5d30f72dfbd37f9e6d869c4add55357
SHA256 34fc773fa4bcdc4d791882ec2d2f49162211696b2ec4b47b93912fba343fc725
SHA512 49ba7c70cda1dcb219721ee743d4265a99aa0563bd5dfd52bd8ec1184c8f014e6549cc329c10b197da3540c99467b7e371ec79c1217bf31ef417d7309f43b98c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\582150b81d510bcf5e46d972f5382bd22792214a4bb7adbbaa460a217699fd71[1].js

MD5 df4d979ba42e400684c28f37a9289cd4
SHA1 8f96990d092c6a9768fc8232d7a34c7ff716b006
SHA256 9f56a36ba0cbcf0b5bfe7d7e4b024ef1a708f55dfcf04bc6b40e6204a5d60dbd
SHA512 ad3d6d1a81c2076c86e73c1a2eb7ccc601da44e6d2c42a7fb8f558ded96546903658b68d31d80f1d04411e9f0a6b16e8450cc2772aa9423d399a9fb156945359

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\88bacf62dae20f1d352d30afbd3df4c64ba7a24c551c6ee02152719cfb11b830[1].js

MD5 c6099c6f076c9e6e0f401c1fe0613f31
SHA1 8695aa6488bd22c8113eb3300c4ba555ad431300
SHA256 405c9ee62d2f087ff96595929a6ddc15d733d32ed6b66bc2f325380b336ffb0b
SHA512 5ff20ae2776ef3e6567a96b7fde6f0b694fe5c946dfee9f5fbee4755329905c3965dd46e6b94cbb391ceb2bb0ee59c9059b37b0cf416f3b9a8a9d3a011be9912

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\3fec2c529efef400a78a26a5c0a2d33e3e7ec0a13971616a31cd958214c71e37[1].js

MD5 3fc88eadf80747cc3026ac7a5a29c19a
SHA1 3e843c2a1ae41bbf410deb8d2bb9816be570cdf3
SHA256 74a186f2c330b2e9520535f0e34c65cb51fe11fb979131de1cb96afcda86298a
SHA512 39365fbb691a78a64c7372940c14af5871ebb90b3abdffdca808c71ae6b84ab6f81739d7e37cf22cf7082a347eaa65e5de07004b2c474606084aadeed817d0cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\e7e3731285889059db29156a67cd4e5358a2dbf2102a88f49403c524cab2ba91[1].js

MD5 e7df2354f73a731cc050ad2c115a6865
SHA1 e48b53a1c1f3ade3656d54d325d5ae73dd4ee60f
SHA256 577250a22f660b8a74680bf6eaa07fe76abae3802379e2a68fa167d8fdb578ff
SHA512 4241a02a182ad1701463d1ca51079ac07a9f1815f7d2de53bbb2db8583a705b413fca00661ecbee3d08901af82cb422f595d499d4de3f4edf55c1aabfb441b8b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\437a08c644c7b6d83387dd5fd957546207bf0c3464e1fab7b025029188a433c6[1].js

MD5 3ac47f7e3da829c8c74d806c8350c5a8
SHA1 788200d19fa9ac04ae8c5f3afa37c4a387b695fe
SHA256 2ccd6e23717e6e9526a6a4ba88b19525c784474c7c6ad21438876006166f8bac
SHA512 fc6383f8fb30d6e74151b96afe008dda3ce6ecbed0536557f84a18e5012f4b31fa4087e20c3e35afad298a57b9a7ff5ee5a5d594f29fdd169b522937a0881295

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\fb8de862b7fa51dc12e96800cbc339d4eac4131fc0e7834e860e418515687da2[1].js

MD5 2fe7ed1237f331ea69d83bcd4c4be603
SHA1 b26b5953d183802e06392d8ea1da86857a2c8029
SHA256 ebd3dbf1f386ab7654a11b29750d5c50b4cae0ca0d8c8deb807e6aa23afa05e0
SHA512 59fd8512de69d86f5016f1cb525b394a38dc053c08515f2d14a33f8810a6667c0f6f556cbd9623b1525194981741174d7979a0849304cde00ec2544243a8be19

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\b41227fe1ecc1f4409f2e33f02d4d968f6d6389349d2221f481ff3b34e01a257[1].js

MD5 d86d7d0e08df6ad04384c50ddfac0197
SHA1 8734812c4ab4a720eb105e4f917260964dd5eb7a
SHA256 29c6735c889aa74e29f5569337f03a1df150c204837977c09357efe789d1b2cd
SHA512 5b20c34b7278a027728b70561fc62526d839a699ee9069e29d0a73148aedf3b44ea999a3a64c810543876d68ac5e9d27e11d265f8ed79d6b6d857e3783a9765d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\94a14bf31ad0a75d3878f6772e6d5a251e7da9b64894e2176a07f65f4d79d8a3[1].js

MD5 2d87afcf03620e015c37ed0fa8c5c0a5
SHA1 6331bbb0a0a39abf2284752562fa2c3ad339b13e
SHA256 ff243ce99943cd71e1506665e011a800867fd5a8ac481ae9730eadaae1f06b23
SHA512 747851d0fce294586130c9e21fd55da46738897a555d2f22ee31e50cf11efbb4bdf6d751688706e40a0c298948f36443fd5f48adb4b55e883aa20e34aebae3eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\5fbd8389fb24177a5be64285e12645c445dee91f0a686d5bed5865f0e009d387[1].js

MD5 d99bb90a05e3441e9ec00bfc27098f7a
SHA1 5848ca788b61490ce54908472743d605f7f93e7f
SHA256 44cf2d649cfb4974555f38147b172a58993d4d84ceacdc8c2a9d77bc91157249
SHA512 322fa979330919ef3d4971610f5cc76652e537fdb035edf24a853e11f171033add2f050946a24e235f62bf336ad5e8ffd90434e51d9f8a2c0f75be9bbec30093

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\66af48dac0da4f3f49e12c6b7c3af3389dce3e20828a27ed1072476ed6521779[1].js

MD5 f3ced92154f6a4b3b5a5262300d3a03a
SHA1 dde373bbe64ce4f7fe88d2b0869f63fbb8e3fe83
SHA256 e872592744b4c4373e95ca449fda2cdf0c15a7dece74afbb550126deb9753500
SHA512 ee3b03416770d06e0cc021f577a17fbffb1cc20cb7534ceed705308bb6c2ea6f58ef68b2ecb66db5f3d24b46af555ca9876392e9f7797f77b984b0a4947eca68

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\e778966a23e02f475d8725623a8dc21579b54a939c52738ec1b6565dc15be9bc[1].js

MD5 df0ff3c191ec3ff66b9c066fbf43f5a3
SHA1 49f53a73c655d415e4691fe363c7c107dbc5fa98
SHA256 80f0d601f67d7cf3e21c19b6915dcc5a48218aa680b3d07b14d48c79b9c2e472
SHA512 1d413823fd003396806e887ec1a2a265f42df1baf958d45161526dc2e9c8ae7a875e82fd059a0721cb62f41e77deb5b79554ab8ac5bbc6d0a57d1294ca9d35d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\2d489ad8a92e817f589e0015732300273bd3a92baddef4a03c25f3962a28871f[1].js

MD5 2f2db4486ac6d045ac141b7d3fdb21c4
SHA1 a3aacffcf7d11fee8cc21d3ebfc21aeacba399be
SHA256 28caa2e1e8597428a17a6982d38ab2c0c4bcbe38a4ac6fa221c65d6024f23e9c
SHA512 c7a76d68ccf8f7bafd3b4333f644296d3aae5d453d2a3c457053dee2f26ae0d8ab3a8dfdc9265f4e559d8e84c2987512a45424973494b56ab27641419b0c7408

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\35f0d01b47b92a779a0eb4c083a91f682d01b13e759d03f4dfe2f87bc608c2c6[1].js

MD5 84d9075a08e19292ab91ccc64eb0aa43
SHA1 20230c41d262ee0dc2d24207b2e3838e13fd8a0f
SHA256 c6bf59cd780aef654e98f6d4c41b07a733452dad88e6e0dff3d7634f1d57bbfe
SHA512 3d2c4d1d72457201acee6cfac93ffc1fec2f89ec9f1251fae458cf215f26c91034f0b9335db2066c98d425060af50a2f5517d1ddbbd926483cd8137bbfddddf3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\bd18305af9e4ce41099df37e554eeb1bf2cc139ffba636e356666ccd9d07481c[1].js

MD5 807ab99224303d842eee39a1fcd8f0bb
SHA1 78bad9cd23961acfbb15f21e1a41a9bc95e47411
SHA256 d7f1c31c5169751f2b69d2b5485ebecc5b7ceeccbfad557f7c06012f01bed220
SHA512 9487ccb6330e6768c5112cdcd38ad3aec3ea3ed76f82697bd012d9bb9b7582022e1fbbda871048eacfd59af23f557663611a38106c5db42c8eb7f78e73f59c9a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\54c13aaea011e94d285d4171277dbaa0a2ec1bf763b408d71f2adc7f72bad919[1].js

MD5 66e230caf3492ad77b339ae981503cb8
SHA1 b00be939ac155028c0cfac6a6f702489f975cbf5
SHA256 f547512caa5bc9f842f0d3a8eea540926d8314e9d245ee0548b3d33add06cce8
SHA512 2b74dea0ff39dfbe41de3972130b824929900b9f0f775d0eb928f7c6487f768aa472f52e348203a804e63965ae5bfd6a45681b360d2d9983a0d69b25df824d30

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\ba8d8575fdb6e0bab85e9715a0084d297ade28957a6e64d73ec56af6c0a648e9[1].js

MD5 e4e178664ba5e01917a1f67fd292960b
SHA1 1b7c2008aa6355abde66d0c1019c2348eb2d7892
SHA256 6dce243341e4d162b94248714a39a36514a399d8ab6da21112954a794d9d020b
SHA512 48494ebfad25d7e061019157df63224f05ee64d976a7fa2a1cf99780592ed68f55ccd8f1f725662a47ed229c43f1349d39fe663cc4d5bc4696937c828d0c8a77

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\1eba4a5ba48b46f09a1576cdd3e3440341efdcebc7150e44b4e743da95e3e830[1].js

MD5 7ba1001c4fb0c8e948ea394fa9897a26
SHA1 1a1e5684284d0551f22327a4a73eacf62739fb04
SHA256 badf12881b5ca48663e3f2675f88b6a15e6b5ec747a754db1da52f54dfe0f5bc
SHA512 571ef53ea0d4e2894d28044bb5b05424048c518787197b54e5e2387f26ab984ad9dd1fcc0c46ce16dca91bde69fddf4b58eb20026bd05bd01854afca03afe838

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\5e740130ceecbb0e1340b712955c239f6395e918d1558fe7982933b895d728e5[1].js

MD5 34bd2c226ff83cb1b5bd1ef563722abf
SHA1 a80e1e6b1f59b6087380e358f9be83d9a89f30f1
SHA256 b0ecd8aade5c8a346f4023ef64f9dd221daf8d48e032effd8b42d152a5b53392
SHA512 6e8fce2feda97246ab55002e8035d89bcf8c1c9e3fff28dc91470c1ae067d68ebbae96d60773e4593d0e17f318166895626286d6961b83e4afd3234b2cca2a82

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\ebe4ab28d2c5d6e007893c7f3f5afe260a48232b82a2711a86d8f67788d3942c[1].js

MD5 4d62f87c2fb64a2771e5b3376b1ade34
SHA1 f4106e144a6045b489c5fca3e79510d33c607c70
SHA256 d3ea1045e3a00fd00af7fcd2cf4ae9a55f5e66acbf1b3dc3c2ccda0ba5199479
SHA512 834d2b860676aaef68023048529cf51c30379c963a0e5190b9b27761fc6a4adce34a77ee040ac525ec242b4ef3e7df99ec4ea4257526b77330ffab0379d317aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\846daf4727935bf2ce0c89ac0f21292485a9e326c1485ad9717a862220944abe[1].js

MD5 4263dfc37a1167214803ed1e8ae56f0a
SHA1 6250c5d7ae6e8d148aca4dd6da58ecc6f4ccd71e
SHA256 f570e18e96e9f0d8f611078db35950e212d9e7ee990d1db0763c9c9a0deba093
SHA512 2e2aa5ca2fb0d3cf7298558deed3e9a1507b926ef96892a4bd75e25c21bd67b0dba545ec229a177d139c6923ae910863a385b7699268e2cf6c090fadcf659704

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\64daef195122aa9c881d456010e7b98d698b1c6b1aaba58c81abc27da0db8fed[1].js

MD5 3f285fcc6203f183f74d2dbeb9e0387c
SHA1 6b289d9c1cf6b6a9c36bcd63dbb51567a2d11d31
SHA256 341105b7fece7cb942c10161e0d460f1c70499efa3727f08eabd59cb5d7f4e2a
SHA512 c79c2775f1bc4ea05f00bd547a9644faac56027ad3951ae9642a0610a7a142ba3a06bc3b849e7c7282fc5d0ff9027f608d5046bba4c45d75a5437f6d079b0369

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\4b4ed339879e21ebd989965a4ade1a7d6f3181871df8d816198c1cdc73b629d5[1].js

MD5 af947ab42a0e85565b59146a1c86ba39
SHA1 f4483e335bee767f8e6846931536296766db8007
SHA256 b31d17b05c9353616ff6351531a63efe7b1ae72c80083d4227b016b5cba86632
SHA512 4fab9aa1df850658203657f5737138b3077e1cd3c40db6fa1010fef7f9928ea20148ecc6959ebf7096b8a413666ce30d461aa7cacf11a7e01e7425ddf1e56031

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\52f90e6ba256b9b9cdcfa23b2fd57cec[1].js

MD5 52f90e6ba256b9b9cdcfa23b2fd57cec
SHA1 eaae3fac6e7f34465031783cec27a8a5d4b39e59
SHA256 9d95f91f8465899adbb9603f58788717fe91288f3c063f8ca1baed0f1269acde
SHA512 360b68384c933ddf1cfca39a682ad9bb0407f835e0803d9edb1c2239dbcaee739a6832e54add57881f43ffc2e4a4463bcd0528e076c9dc3dcbc15cfd74341306

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\ebc57f8a4aabceab9f38dda880bf11c04f2c92f441e535f0bcaa21b294736e65[1].js

MD5 6644b8aee2297186225b03c258f28ab8
SHA1 cb26867fd19bbc00521810e267431f1ff5a88cd2
SHA256 57ff67c208e6a60b10b5cd4ec06ac0a74a2a3da0f9ca88d03868a311536877cf
SHA512 e27b9619fcc7d51512e9a9da2313a8acd6076bbfb5dc91f89b24869f5bb9bbffe496e82967ce342a90204ae3e2c1d4d288e343d81b19057e78d0c1176c5cfc28

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1IS1KN45\www.roblox[1].xml

MD5 6e9843047f380e7be4c217f90b905852
SHA1 d48c5a43539b47c45d6ca148ccf8dfdd97acdc35
SHA256 3cafb70275b160e00805166c961a72972c4b686908c71e80d34c0115559b7fc1
SHA512 8591737def8d94743787200bde4edbccf112ef2ebfd1b73fe6cb688825a98f8390688d9342c03ac0b2be249b750fcbb0578936d81662ca365870adecb11e4520

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\ImKBE4rpLba06OUTLrf6I7-IId4.gz[1].js

MD5 11d2d76bf127526745923c5f15267003
SHA1 422ec2e9042a086ecde818443c7d3ca14bd404b5
SHA256 4ba8a201a01afd349e5f65826d21927c62a91f1c43d3845828bc75faab8dd00f
SHA512 74300a984bb96170f2987eaa106951173008507125b02057ab5eded788c5032bb1cd0f70442d0800aef353fc3dc8b8414d3be125c0b278a38ff635417f5240f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\5WG_kDsbFabhsuv_6NwDoh2LdnI.gz[1].js

MD5 c1d04951e98b892931d4c2bc34555057
SHA1 55e6297f3499b4961c8e956f7f088868cd59c769
SHA256 7c317940549467b3210d2f72da000bac3481abfde3ac5358d398eb64dcbc8532
SHA512 d427487c00af5e8d9db222f8a01521a5c8646ae8e459d517443dac8ef2dbec2ddea91877b095b82cf3e52031e1650c7360811ed8a06e02f85e3517974d36ad96

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\mciomeh3WwtinhMtPTm99zLM3Qo.gz[1].js

MD5 9649dc74de449c91ae880b2f2bb6fd3a
SHA1 e4fdc5d42a90bc9e863c18af212bd665eea34107
SHA256 05c07bc6c37d115d91ad7c8158dff1485b0a51598ceee23918e969d432d1665f
SHA512 8e14d2588cd3f0284119806901f25655cd239d72ac110888e6305d71b1ece8fd4371ae42528538d32e0015340759e35c52f83999c8e9dd7a0aa69daf043072c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\3CXqFTlYKautB4uMxJM6OdQs_Lw.gz[1].js

MD5 f6a8e70d4f3875b8069b90c7f577113c
SHA1 61022971f03947df306f092dec95131b95fe1206
SHA256 a4d9f10fd34994207a221585ebb6b4b88f4059f001fc6d59ec97bce54a9608fd
SHA512 57479fb9d10a2dad509871bc9ba425bbc08614111f3592276a6855723de10275c1c7a6fa597cdb571f3d922dcc24d6e772240246133d5fca4fd197161428c8e7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\BzU9zTkhBepusIAY4fashYypG50.gz[1].js

MD5 ddd23e100a6474a6e64856960bf087ee
SHA1 719a7078b66f5211032106665c77faf7eda99bda
SHA256 78aa31d0b825a124c7ca14f4fe049560d1bdd186e8cdd7785be87c1d005384e4
SHA512 c92bb45c0c4367d2a92b75bbfae381372a1cb9ed77ee66c4d8df7537eb88768a7a835f637d3b7556ec43026b88c9b3a6db4c5b57b9d68e8d446554b5faae0277

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\a7s5nizZY8lKJ6VMCdSRJA2buHw.gz[1].js

MD5 581c2c396720f651cc2f3d40e9e727f8
SHA1 6515c6c20730dcf81a861ea8d16682aac4dda273
SHA256 d6787bd009ea758f8abdd437032799f7004247fc10f631b93af0fa84607597ec
SHA512 e7198c04b0e8cee80b8278e77fa0c301915b32f62c0db36c1d7d2d9e20a7acd578308070eb833ed8450a2360358e118e55b47db149fb4ab8053e8faa2c925568

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\w1gdrM6p5Kmzh4Gi9fKcTaefJ1s.gz[1].js

MD5 16050baaf39976a33ac9f854d5efdb32
SHA1 94725020efa7d3ee8faed2b7dffc5a4106363b5e
SHA256 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55
SHA512 cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\l2ZGlGtYcjsLZbymH5iHvGzi5Dg.gz[1].js

MD5 65125851782a676455b556d771d3ac70
SHA1 f201fd1277fc51d53ebb8611cba3eb2c083bb3cd
SHA256 d763f1e7e5ddde8e9c79bce466a9f4fffbd1fe8018e46ae7c75df5fdc29cf8db
SHA512 a2c9f13bd9be96d7fadf43ff1b02ac357767b432e63b80394ac86864ce3f8bf306c5cb52489240540dde87353451eef2d298f840c585670d603c31694c4abd29

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\yyZr-NY0-pl7ReDJJWj-ZtcgUeY.gz[1].js

MD5 766d3d3366c6b45503bd49b6f2a71ef1
SHA1 9451b6877a31caf0f4e4169a04726dd64c15ac2e
SHA256 42a54c13c4b7e4aa6a1e7136e5adaa09043744d23dfd64e861ab5c4cd1bb343c
SHA512 3a69ec63a553b9458c86fbfd19f5ce4385bac23d3bd8d6f5350ae23a72077416ceb68ea8050d89080c7b7e4586769d8b4070d0358f8d24a845d6332d50f0e1d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\3tdN5-aUjXHlyFDCP-W57B-Gjkg.gz[1].js

MD5 0c0ad3fd8c0f48386b239455d60f772e
SHA1 f76ec2cf6388dd2f61adb5dab8301f20451846fa
SHA256 db6dde4aef63304df67b89f427019d29632345d8b3b5fe1b55980f5d78d6e1e7
SHA512 e45a51ef2f0021f168a70ac49bdcc7f4fb7b91ff0ddd931f8ecbd70f6494c56285b2d9bc1170804801ce178244ccf361745b677b04c388b608d1471e0695ebeb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\Nksr5XkRIuoUdxQ2qS3yL9r8V8E.gz[1].js

MD5 1c0981ac86e2ea5b7f08f34548af3280
SHA1 57324208ddb3a9e80abd3346607d712c999c2e50
SHA256 00ff3483d93259aedb929a9fee4454a623830b18a08f08781ac1961c1e98774a
SHA512 0f7185a8579d9bf1b89623bf126c58789010c76f7e279a3f44064c78b2e3e04bb0a89394e6be185618071153bc872e43a69211255f3470e1120e51ab0d5f2329

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\we5MTeTkjiic9oaBxzZpmSWxZ5k.gz[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\f5M90q9eKVXkGU-DAv9Aa4jef2k.gz[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\UiCBzdqhH8tMlfayZdAijZAB5sE.gz[1].js

MD5 341fc0acd15df6d8a064e4c3a896f65d
SHA1 1258fd48a874d80cb635be454f9e4023a0df7c49
SHA256 4bc6635d4d95f9c05a91904b19370a40cc6e4c2ab43661c00615eddadefcf9eb
SHA512 6b552d786e782c36f17bee1a6ae204f1e8c9f85be5eb9adac1793d60b537cad13228cb2d4299949f051e6bc364c2e5a4105de9bbf2885f492edb425cb14ce982

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\NRudXMsXYtnM1BQyD6xvAZoudZM.gz[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\fHuyi8cU3N_FKljgNDAU8JiBqx0.gz[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\8rqwN7Xb28A6E1cuZBn327GVXX0.gz[1].js

MD5 33c123623267ddccc3506de4e71c105b
SHA1 61c759acdd259a7520988c3d0d58bb4c5a25d87e
SHA256 dda145af1f9d026e6c080b2d21fe7ca1cd46f4fb58dc1cae1474c119b1e1ff2c
SHA512 0d0b40c625997d91d216df9489d8d048047fc5179c264eeb77b8b1d28e5e11dfd633be4b3af07afd96f9e0f526e5dd1ba97232aa6de1b05a94fc60682321d151

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\G-BGKSh95bDhorQ3SIbuRlPtjCE.gz[1].js

MD5 c116a6b56fd562cef52bcc821dabd989
SHA1 8c7580f35c52401da7811c547a4bd71fa2df68c5
SHA256 aaf86aefba21b6b5651621aa6c942a560dc334eba662ba9051c6d3cd88cd7d82
SHA512 919af6700bfdcbdb7f80e355b0fffce6fa6bccfa9f78187e5018f8e490109489c1e8433bd3f9810ec81c55fbe717d57634582436839cbd8ff134c64b9f46337f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

MD5 0c2672dc05a52fbfb8e3bc70271619c2
SHA1 9ede9ad59479db4badb0ba19992620c3174e3e02
SHA256 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39
SHA512 dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\EpWmPmOAJJ75Dtkzr_jvzdu2AZc.gz[1].js

MD5 f1d4daf367daea4b88449ead4cedae77
SHA1 bd21f3faf35f8376ac4c08bba88417b00306201d
SHA256 3fb38b15b5d4bfbca4a3a715c38a5998f0b16bf8b6a8a4fe9afef7b9a9453bd1
SHA512 d324cd6139df432d67d0224d5329dc7e14b2e34737aecc4b93773cabc5051550b2e6ae44a8b249172dcf1b2d88ac17d0dc50fc11582176b8388e991967516b3b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\0-Zjm2D1Xi7EVDuBG20uAHZbNEI.gz[1].js

MD5 7b9711d4d92c7651c2b5e5d710c552c4
SHA1 ec027469adbf58425e4d9eea39914339d7ef7255
SHA256 a02c10c8ee36deb7df9c3c3174bf49cff5614f753aed0b0c1041767458d106d8
SHA512 5bdd2f5497f199f3ee1ebdbeaa71493d9b0d06209676bcd1f49de9b5894e27d67ce0b46f9226b973ac5eeb1c33bf4005aeea131a296922871a240bcdf9e3ad4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\jYkYz7NXYQ59P1lMGYsnYUM_0m8.gz[1].js

MD5 d6741608ba48e400a406aca7f3464765
SHA1 8961ca85ad82bb701436ffc64642833cfbaff303
SHA256 b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
SHA512 e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\Y806JrL6RagU8tqNI_iN1M1S1mA.gz[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\wTSI229z3h-Hz6bnpHNPBwzG3xg.gz[1].js

MD5 fbd697700d3db83ef373590a4dd5a171
SHA1 c459db597829dca158539ba0731cfc9cef0d30fa
SHA256 a31891f6587f47a80bb3ccba49755bde3fd4dae9b6502c655f09e5bfe924e6fb
SHA512 7711ff4d3768bf177f292228eeeaa400201685e36df4b3570b906c9b77b6ad04687fae1c4befe04b1cfc69c95d8161a40b590ab53569c56b5847d0365b8bde86

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\Cm2CNakxR9YBg1qDTMycX3cIYAc.gz[1].js

MD5 1db5473c2bffe85c98f9a3f692c6b082
SHA1 d5793dcc912927c670380bdc8d65c4980d8fb478
SHA256 2898df3498ab696d144a60acbad462a4c286a5e615afded2448f55cee482f4ae
SHA512 a80c4873f73f406d6422169fbb078ac3f63a04d1c2b536cbf0faeeb19a1b9ff1ccaac6efe7e8d35ee91b783cd36ad27b202eb1db9b16db318981f6ed56554fb2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\fXl8EMlmRUn1xdkAfK9TfAzPB4M.gz[1].js

MD5 57d0c54c48896bcbd8df04581bd7687c
SHA1 d9ec1b883e09230164dde4d1afe3e7fcc865929f
SHA256 df4aa0ba6fb043b2ab11646156755139bcaf32f9428adb0e357ebe9e2cfc96b4
SHA512 530e14cc8500a4ac1ed7c74fcf5954c76aa1fc84e3dfadcc98c2fb62fde3e6b713b109e5b2eb917897e41366d6822950975b4f3e46d2a5286930558dc5c2d527

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\917TeG9xbQe-loK7NRMtW53UdJc.gz[1].js

MD5 42af829fd4468b161e36f89a5fca0ae8
SHA1 533271f23e1f7a5b053bc7bc92a0ef6ddfbc5b99
SHA256 7b876d0f2ce240e8806a5ff0d386750241c79f57ee7241701b6512ecc9fc732b
SHA512 5b56bf37a23997983c5dc5d2cdf67788f6720b2fa151f0d873c08576ff9a6e34d13f6de02ca53f6523fe1118484caec54f138def8c8eb97123d0173acfb4f303

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\b_jg5AxHB10gCWMtar73e7LIcwI.gz[1].js

MD5 f4973107191f6952dcd8455bf071ad9f
SHA1 c619dc2ecceaab7d512e246c714013dce72906eb
SHA256 2a07727096a3541a10516f6ae12a50c121af5d4834db34ef006c60b41cea9374
SHA512 976c2dd2f07072c3360f3c98cdaffd80704fbf09f069783ccd781f02116afe494ad832e0d586dd16b24aca861f9eda8fb1fa3491cfc1ca0166d0fd9d440a4105

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\r9wKr_IPyMWQKZpnU2jrU-5VX64.gz[1].js

MD5 98ed2ab2571e3f450ef265f9e506897c
SHA1 79747169dc2d59a689f575879b86109e25a7f4db
SHA256 4c4535af86d197589edaf1f6d9e9cdfec2afca8fa4466e8ad584327d0ec8145d
SHA512 0e752507b9b6cf1da4c622d34e5578aa523f123167f3429b6df24961636c67d6d2cd3d05f6cbf3ab292761e798dad80fdb29682b38bbe0d3a7f4823b2ce944d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\9YFq4imrseEwIuXcDlV0BNdcqbc.gz[1].js

MD5 6932cd1a76e6959ad4d0f330d6536bb4
SHA1 e2e7160642fe28bd731a1287cfbda07a3b5171b7
SHA256 041eb2e6f2582f4c19c0820acf9a0e9a2c7262edede0d397a5f6f0215e83f666
SHA512 28bd0bb200704fbac0de2d7c3d1c64a38d5567f79bf24b9c9894c7c6a3b80bb69a5c9f0929cf82163c8e8d39cb6667a2ac81dcb4e6d2072cc7fedfb63219e584

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\FIehDUWPR7N5iCc7TLt009B6lOw.gz[1].js

MD5 ca42e3253b64b3e1cc112764fdb38dfa
SHA1 d09178830437f890fde8580c973f5e7049039536
SHA256 75cb5d690846dd621f5794d392600ad61904a928366ddde80f3449ed0d684b9c
SHA512 39dc86d8de9d8fdb4ca9fe8e4824ef35a038892dca766e3c6f0a30eace54fd74a9c2149061a4e54fa7dbff63b5377eea09b6d25eef16104478a2b90e5a746b73

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\XvCkl1917hJpV9KTHRLNg4iMMHo.gz[1].js

MD5 9560ce96b8d6be578de81f89a9dbe366
SHA1 bee3a806dc2e298190d72787eaef8e06f17938dd
SHA256 bce2ec13d1bd311bb2ef76ce5c015aa5e08272ed591f768cdf2ba2ccfe4a96de
SHA512 a900101290b9e18868da163392c441bf3862da18e55a39a6c266bfeec0f1b709d2f7898a2ee79c565e9e64d45a56e26364719ec4d0f3d2885a9eb105a441c9ab

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\A-1XYHxJxj3UZtPX9mNGELyQzKE.gz[1].js

MD5 fa2ef6f65e9c95af42d21f99d38a91a7
SHA1 6820ab9e4fdccbef2000b97fb5cd1878a4b28571
SHA256 6108960affc29a0cabf3c81a46265229010d7e5523da39bdb9c5d112d0ef8c4b
SHA512 eabbaf63183c9344e037e7e0e0f2e08f8615a64e812e672b032906d04bd4f70a87895c05e14769d6f44b13a0963d5254895e60e439b9afbab2ce50575e87bd1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\t2sZoMkgsUY620tnxnI-zsC87ms.gz[1].js

MD5 ea266469f0ab0f684be3ddb02875c0f2
SHA1 2ce5b0089d708d372ca53b3b3ea4e326e88e1c35
SHA256 65b8cde844fa64d9b9eafeae05e7b6da3522ce7ab5b70a8f2bbe540a23148d15
SHA512 1e825456ba4a10ad5f67e75718825ba9c34abdc92ab39a5e435f26cddab284d3aa751a06b7de14337265ad578691724dfec251d6657c996cb4c39db4b056fd7e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\6v5u2U4fJjMh954CqHxOmGfCxRs.gz[1].js

MD5 12ae5624bf6de63e7f1a62704a827d3f
SHA1 c35379fc87d455ab5f8aeed403f422a24bbad194
SHA256 1fb3b58965bebc71f24af200d4b7bc53e576d00acf519fb67fe3f3abdea0a543
SHA512 da5f5485e1e0feb2a9a9da0eaa342edaeeefaf12ce4dcd50d0143bf476356cb171bd62cb33c58e6d9d492d67f281982a99fef3bfd2ebb9e54cf9782f7b92c17b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\ALeVzHWphHzcRnC_3ugnhqYUEPM.gz[1].js

MD5 2ac240e28f5c156e62cf65486fc9ca2a
SHA1 1f143a24d7bc4a1a3d9f91f49f2e1ba2b1c3d487
SHA256 4325982915d0a661f3f0c30c05eb11a94cb56736d448fdc0313143818741faa3
SHA512 cb90cf76cd9dc16829a3ff12be5274bd26a94097ad036f199151f1c88534a15bbb8f8dafdd699e51df5c38e73c925c00728f807b20c0b097a5842963525baf4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\e5pP99YnFydVw6Wko59hbAfFRU4.gz[1].js

MD5 2ab5f586948224ab662fbf84a5aa14d4
SHA1 0dea7ad6d167a668dac5223770c1181617212fd0
SHA256 3cc647a2969085cfe0e526fc7f460aa5443057fd4d257c34e0bc099ee1f5492a
SHA512 02a7d528f3a97345300f63909ddce8b0e73b5e7d3f4e3f4717ee6b3b8b1d75fd244ab9b132a04d4575e18f848117d8c667105cb0136e9c8e671b0068490a3779

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\r6pGvkl3_RjeQf8zFKA_zKCEdT8.gz[1].js

MD5 1b4b9d03f96bdc877ddc14801b367ad4
SHA1 0b74ee1f0ace124fb845338583fafbc05eee3dbe
SHA256 d2f3bafc7018af432da2135981e3800fc4d5fe4b254ab3605a84bb183167608c
SHA512 f52c6595b0a95f497bd6a988188041c6b40031791edd36f6fa7517c6e48bf5fd5bd6c0421b43b6e9830516a7c64350a35c18324fddc87747653ddf6bbcd43764

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\D36Uq2tG-JZ1glXfeX3wj6pjnG0.gz[1].js

MD5 6deb575ed015ba9f359671380474ef88
SHA1 0f8f36fa0b0cbc56fa091dbd60d918a0c1f2c99a
SHA256 f015ed4a8bf649fbe3333f1b9e3214ab9cd495bbdd6387812ed79039f2ddd394
SHA512 d3ace5a16cba1245128b38ef256ec2420a44c929830540dce0f8539ff45dcf833257a82f132c4316d9acfa907823741ae4146a67c99242b0ee1b1ec9471e40e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\dYz9PzlPqAXtY4bLRNOWwKeFfUU.gz[1].js

MD5 6f04ae221f166c20db32901998071d82
SHA1 57b9af43ee36e3faeda2a3a86e7636f36135d10b
SHA256 c5380fed2484297f0edc88b0ba865a4b735d5637bf7854999fc6d5476ae1216d
SHA512 c75c37d3e8d3dab1420646a07921c18a71e3c569f25f2cadba81fa58cbc49803347dcdca3e67bb0ea2b6e761829387453fc0c0afdf847bbe84e290102555c4bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\yIQEZKJqiru4vW4YsQrakg3TlUE.gz[1].js

MD5 904ab0daa735504aae493ba7168338a4
SHA1 4dfdec86b14e7f7418e3639a3e15b3023c6f6dd2
SHA256 9614edcc490d84bfe36813c2e0707937b33d9dbc47ffa2db58e3becab7f255aa
SHA512 20464bb50dc383dab6274ae469bf3b9dadc2d8f3db815513df07288bf5e3430390e69621d62a4b4cc1e94e67a3167187fadb33d4cea77436aa43a46c367a6388

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\eEKeBQI31y7rcnyQQrNcLv_nhJ8.gz[1].js

MD5 561bd1f49e6e33694f585d3e04e23bcf
SHA1 3b96a25db9eda40e1a816d6f75fea750018fec37
SHA256 100bc10963976cf6d7d6f26e8df9a51d5d359a921750a96beacdb547ca130cf7
SHA512 959104cec2b895af0ea854a65235c55571688fced30639c58b922c88762caedc8e72de29ab32e463e5f799b0bccc665ba2cce307a3406ebbdb385566ff35f39c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\3LcnbHMO4_Bbnt85xhE8xaq2nqs.gz[1].js

MD5 b04c2444576c3b59ab30221c6ef0ac19
SHA1 f54d98efa2ee23337da264c22c75e006316f7c56
SHA256 9c54d752e14384a1dbbf9a8a93c56507b50019f15fed558f803fc8f32b76c761
SHA512 a1b37fec3d9c91f3c95c95450d21cf2e5757fc53668706cccfa9263ad36812f31acd7d3b52b1903efb6e98ef3ac203a6990c5c48182a6917045f2afa6551a30e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\UJy1fek2Z-wFfPW_lNmXDjXDLeY.gz[1].js

MD5 c5015915a6f1bcff910d698978ad9489
SHA1 e5990ec7b5cde1e450e44f6049468221101f0bfb
SHA256 744b05a15924bdeb96b15bc52290af4f3cb05ffeab7b74c58cb25825379be0ca
SHA512 37fe8000333dcd4b9ed0760e4c59086d3c9442f464d32a87df31e0c4ee5b3f9f389ec663aa67ac209260bb4752225e25ed45400c7e5dd0322fc12f5caf3c6eac

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\4s7ZhrXI6zr_neONVUOfqcCChH4.gz[1].js

MD5 d6e9388749d476ce972493ec6243f949
SHA1 980ff8bbb92cbc125786c5511eedf72b7871a16f
SHA256 5dab9a46291ed216aa3017da09063fbb24ebd97b72f338725a01fec4786f9727
SHA512 81dec53736c4c05d5bb97e817b436de83f453a4f98bca02f5d33ab138a00119fece672dcb5b6a199ca4e0d1543064a7302521dceffa8951e5f53fba06e106f46

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\pt-9DJvVZPpXIPBXEPmdzcEVBQM.gz[1].js

MD5 d2a0750f1255b01fcb61e1ec696a3824
SHA1 cc28912310ef3128a80f2364352f516b44da443d
SHA256 9ae661bb5617387893837a9221d8b170d3ece93cbd896cafda9f498631006a44
SHA512 85e55f47ab5ad7c8f5194d9a6d6bc89a10b396b6af61f313451082815972a9117fc52f7f93b9ec42893b6382ac0c8cb3cc3df0c625cf95caeb953f6d06cb15d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\W8bLYGpay8IFp3H_SrUDKaBAn30.gz[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\Jhcu_55E4oZmA7XFf1oxcaAGFvM.gz[1].js

MD5 5b3e2fd8e824e69b2e32469c046a35e5
SHA1 ac62b20d73e2fa61030d585deed53e58d03ef74a
SHA256 9077771f70727a1d7007a97feb2a07ce753e90e3d1da19a733e46f36e7910397
SHA512 01fde7361cee5d3ce3093f55bfea0745670004d228934a46064537288f983d26b62869ef969875e091045e6a28eae3ef0d9e59e7de824ed6b76cce52a9fc7625

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\sgLr8Y4mVJegkevNnGDcMsbaTiI.gz[1].js

MD5 76ed74a9fd9a74443976389c069cc74a
SHA1 03ae45e49077b7d87d7fcc434574ba49f95664e3
SHA256 b443a3d58aec4919e37df4629f8c759a43091b1f63b5a815f8052df0d8d46804
SHA512 d2d13da2f47c2e94db3a3b9b6f5185c8352268b1d336baaa856177be4b098535bd71bc53819fc73c0f4970dabcb7ecc7f375b4deb1c25b25474551204b6921f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\nwjuy36-UFy0C0sLDCTnvdBAv64.gz[1].js

MD5 c3b18f8470631d6c1b7cbfe9bb1ed969
SHA1 001c2f621e5166084fed4e6a282aa0547bf98676
SHA256 231b3405bfa830ce8d7263208d14edbf1f1ab20d74d0527be2a29d955e1a694b
SHA512 9bd39ae7292ce3cf5aeebaf7fe57bfb63c91079bda76cf1dcb38311300d096feb1bad1dc11b8031a0175ca6314270566162d7991cf3b0a2ff23868aff0eb7b6b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\iSUyoN2KvYmBxGO58IhEO3QasLU.gz[1].js

MD5 56e8bade1aff1ae713ac7f9750a01c3b
SHA1 11563339be06540f41cb26f460e459e5ccdf6f54
SHA256 14f8c440dabb87a33c67d911241559b21047f052183261f6b942b0136f4f94aa
SHA512 d655ba27f3b02344837a56699947574c2f397c54f1bf10e75569a93f174ea16bafb4d8a0c04bf3866f1e3f9d5a3fccd6cc7173e134fdc6728793ce0f33ade358

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\mY50bHH6apwJLdYAfoKqjug54RI.gz[1].js

MD5 55dbd6671aedee96cfd1f6c8dd7c053b
SHA1 8b3940b30094ebdbf989764958e23b56f0149b66
SHA256 18ff12d8a4f3628242baf1ce976924ef8867013646118af4725b07dc8e92c79b
SHA512 2fddc01ea71c023cfd4e0921763caa88505667d6d71669c6f66a73b14f194de84e968ecf75fc82b5aee713bde8dae8c81b691c1e83ce6e29dc4eeb66a8c53fd0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\XsO_kXSrXEzfuUWANypwtIq2qwg.gz[1].js

MD5 2937c6dcad55e5e4a67945f4f803c7cd
SHA1 27399487b23109021f178841013d476f92b057c6
SHA256 acb0819704ddc4062d6a3b565ba7fe999fef298778b4b56c284e8f1bebf3c9b7
SHA512 2c07163f841a09d2061af35c7183984475247ce50a9000b4b2b0b5240701a64b140eca99853238db08bb94e9b9368bdfffe9e83185eda1745fb02e6f81110d3a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\1Xov-RfHHhtkuDG5ykngQVY7k-A.gz[1].js

MD5 718c9d9c2d2a498de3c6953b6347a22f
SHA1 b2f1a5400618972690d509e970cc3abeb72513f4
SHA256 66133f155e3a433e9eeca08dfc3b4e225d358e1a89ab0665379eff319f9f0081
SHA512 ac55ef9f45d29cfcf7d80c009df4c55335f7c3b55d66aadde275f580f321125a2c7669f7157d5bf9a34b3513c1231935a461f46eeebdd87b7801685fc95dc6c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\lw59M8VsPcagqkYPhRaPAD2HizA.gz[1].js

MD5 7ad48b05e00d9274bf5e2776faac90a4
SHA1 48ad8649416f6a2cbe13eee578f3ad425dc2434c
SHA256 052c9015b7ab7bb3f14c44efc4e702e3716e953725b898b45c82801d327fa086
SHA512 ca83c29c878a68ed5e365c2a460a5a85a5707434548544908e61b11d6d0cb4a54c48766c769a2ead3f7f287164aedffe5c023ab4dc60662570c4ac3acee54704

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\DEjxwvkpxv2TrYEFLbNhRWrxeFg.gz[1].js

MD5 d7365c424e30cb142a85b84c0618d671
SHA1 7212fe88cd0686a381acb1b0583a544ae3ada1b0
SHA256 8fd0225b5f75ee2326adc68a10f5b9fc50c30a45bf4b61c7ee9364103e6102c8
SHA512 26d9a5da2cc591954c6014b4de1826653c9f058e9c8287342d8f0f2c9960bdaf30e1d4f8addf529830327d94c8bca21848a3adaf2846036a5e9c618992b18d5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\2RFgnacsz6nPw9vvxd8AGFyaQr8[1].js

MD5 e849f94cd30ec77987643a0d405e33e4
SHA1 d911609da72ccfa9cfc3dbefc5df00185c9a42bf
SHA256 b39968f3ab3c3867efc7115c77d0239b0a2c505ae87766231bf46e32f7797c43
SHA512 dbc5ef102c16d14a99f090821176b3706ba08d87d1efba817d763af969a10f9058c7aa0ce54d442dc816e84d294b52dc78623416044c1b6efa59a28055b48504

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\SLuXxvgbbf6UWVua9FU0UOAo9Gk.gz[1].js

MD5 1615cfec75a429daaa488ed26a6f0feb
SHA1 afbb2ffcd53320d85d24bd951440fcb102a46525
SHA256 66f8a15ad8d7a3a81049e9741a88181a8a39df233a34ee55378952279fc65355
SHA512 abe8d330bbdf52c69fca11a6b8923e34378d583dd25c754b3d883df0df7a2044e733986cb645dfb6af3cc5b2a512c58943aa151a404dbaed104f0dc24e990166

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\SgoqBxSOmwTwlHsNr7h_YzVKV-k.gz[1].js

MD5 b7bfa4b5bd91261544ec3af325fc959f
SHA1 50934be0fc74bf286d969657eb6135855b4ebf29
SHA256 4726966e38d630052ff80db65df3af7256a28c577397dcbab577827e5652f52b
SHA512 385fe38db9704ebf82a3c827cd1c4caac0ed70e216bface8c3000552f0aa21e565ab896b178ece62c5ec7ca1d55ef6149fc6835639b56eb8f962e6915e324657

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MRNWLGZ2\cTjovfJ8fuNtDtyC0VQH35vgAUI.gz[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KZO91VNS\kFdRGnsF9oNJsnfvt_bKFj-yBxg.gz[1].js

MD5 0794c2ffc9aaf238496bf687a9c68799
SHA1 7938be485611f9d417e84b8c0a74bd3c589e052f
SHA256 805aaa9634639b2eaa912e117219727dfa6e92a63b8b92569c336a9ccde52dee
SHA512 fefbfbd39b9b86d8975d8faab62b50515488e9bf1e21ad72fed9fa93614e10adafc99da77349ead2501b89d422d766adc313b6024bcb9b331ab83a7b99bb135f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\43BJuM7qM_8Wd1WfIZM2_oK9zrw.gz[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\pCjAnNfKRza-LKbFI9VevrRjIwc.gz[1].js

MD5 22720d009b7a928af6b6f0a9a765a588
SHA1 6b23f5332585ecb1e5986c70c2717cd540ced735
SHA256 9f0fa7d003ecd211bebb45d69143294a522936c9446b3c0c359cfa2369374c4b
SHA512 3f80f974c9aef814f760d1ca43af03bfdbe2e5d7ce036c0c007a754bb957d48009d0e000e3879a9d9bab72bece9771871c776ead6bbbc1ae62147ab9b11807a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8G0E5PSO\clarity[1].js

MD5 cd26449a786f3f78e3503bd15cb15d5a
SHA1 28eeb34265f228b008b8dff618e4a5032164c9f6
SHA256 3a40971f81442c3beab64fffe274fbf1000d504e459021c0ae08fa64568a6dac
SHA512 683ee84cdaff2d60af20bc6f5c967325aaf46bec19a8cf88b6e10a5e085985838c4e6b8082c783c5bb26720ae32e5c5ab02d61244970c363ba93699e4b3cac9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\A4HFCYWX\revfavicon[1].png

MD5 9ab713db96fd40f487769266fba5d77a
SHA1 60508a5f65af06cd22188c842c32acb7618780eb
SHA256 cda554d643de3bad4f85feabee9bbe0f96084d83669e4948b84d884707069610
SHA512 a8c3d3a155c13c49c4c7cc41b3110c41022820c316292bf6c4444e45a72d87271a65b964a4375b32456707a15fdea52f79a09d4cdc7ce97a7f8d63b085b2bb28

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9tq58xe\imagestore.dat

MD5 1c10410db7ff48920e210fc421d932b0
SHA1 5baa5ed9ecab9e0317a229af82e20b7b68b119a4
SHA256 4f18156df9d0bd6fb95ff5bb72b3554318f094be0779473c0c8ef26d79acefdc
SHA512 a9a38a2da494ca947d407bdb2ebc0748c271ad239289857e44f1fe469e7ba605c01a157e9b0a607a79c0dc92cab99c956c4dac847c01382ffef57385da66b03a