Malware Analysis Report

2025-03-14 21:51

Sample ID 250117-yk3ata1lfy
Target chrome-net-export-log.json
SHA256 2386b62224e83106d19ca769c6fa5cb8dad2faff4a535035a34004766315b745
Tags
adware google defense_evasion discovery evasion persistence phishing privilege_escalation stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2386b62224e83106d19ca769c6fa5cb8dad2faff4a535035a34004766315b745

Threat Level: Known bad

The file chrome-net-export-log.json was found to be: Known bad.

Malicious Activity Summary

adware google defense_evasion discovery evasion persistence phishing privilege_escalation stealer trojan

Detected google phishing page

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

A potential corporate email address has been identified in the URL: [email protected]

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected potential entity reuse from brand GOOGLE.

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

System policy modification

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of UnmapMainImage

NTFS ADS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-17 19:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-17 19:51

Reported

2025-01-17 20:21

Platform

win11-20241007-en

Max time kernel

1797s

Max time network

1800s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome-net-export-log.json

Signatures

Detected google phishing page

phishing google

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\MicrosoftEdge_X64_132.0.2957.115.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D072E04-CE2A-47FA-9963-4E7F16B86B5A}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\MicrosoftEdge_X64_131.0.2903.146.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Detected potential entity reuse from brand GOOGLE.

phishing google

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\AnimationEditor\ScrollbarMiddle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\MenuBar\icon_maximize.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\AdSelectionAttestationsPreloaded\ad-selection-attestations.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\sounds\action_falling.mp3 C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\MaterialGenerator\Materials\Marble.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioToolbox\AssetConfig\restore.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\NotificationOff.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\GameSettings\ScrollBarTop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\pt-BR.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\msedgeupdateres_ko.dll C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Chat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Settings\Help\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\msedgeupdateres_sr-Latn-RS.dll C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\zh-CN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\CompositorDebugger\select.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\PremiumIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Settings\Players\Blocked.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\AvatarEditorImages\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaApp\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Installer\msedge_7z.data C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\PlatformContent\pc\textures\water\normal_22.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioSharedUI\models.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\account_over13.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\Block.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\families\Michroma.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\TopBar\coloredlogo.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\elevation_service.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\sk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\ComicNeue-Angular-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\NotoSansSinhalaUI-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\MaterialManager\Grid_DT.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioToolbox\Voting\thumbs-up-filled.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Settings\LeaveGame\Button_1080.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\places\Maquettes.rbxl C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\avatar\defaultDynamicHeadV2.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\de.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\Misc\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioToolbox\RoundedBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Emotes\Editor\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\TopBar\emotesOn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\MicLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\sv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\BHO\ie_to_edge_bho_64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioToolbox\ArrowCollapsed.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Locales\sl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\af6b6976-0240-44c6-b2af-31397f6b2841.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D072E04-CE2A-47FA-9963-4E7F16B86B5A}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.146\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41E1FADF-C62D-4DF4-A0A2-A3BEB272D8AF}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 462210.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2316 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2316 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\chrome-net-export-log.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc14e4cc40,0x7ffc14e4cc4c,0x7ffc14e4cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4476,i,2384828666292927223,17909192385108130320,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc14d03cb8,0x7ffc14d03cc8,0x7ffc14d03cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5764 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03a99ac9-a9d7-4a1d-b1ae-d60988df27be} 916 "\\.\pipe\gecko-crash-server-pipe.916" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2344 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab1a998e-bc2c-4c6f-aea7-5016a1a5c09b} 916 "\\.\pipe\gecko-crash-server-pipe.916" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2776 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d871a2-aba7-43d3-96e2-e20a161f3e54} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3836 -childID 2 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd22b4bf-35bc-49fc-ba7a-ae30f3b23c16} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82854c06-4297-4f50-bf9a-6bd549a31f21} 916 "\\.\pipe\gecko-crash-server-pipe.916" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 3 -isForBrowser -prefsHandle 5556 -prefMapHandle 5580 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6a5782-07af-4156-919e-275509941785} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e4ff622-1624-4243-9e2d-55c5c82f06e0} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5904 -childID 5 -isForBrowser -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4d06289-c5bf-441f-b906-b6843bb7d53f} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 6 -isForBrowser -prefsHandle 6416 -prefMapHandle 6376 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7db76d9f-d447-4076-9453-a4f98f7a446c} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -parentBuildID 20240401114208 -prefsHandle 4408 -prefMapHandle 4412 -prefsLen 33896 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbd11f41-d566-4ccc-a784-b7f68a849512} 916 "\\.\pipe\gecko-crash-server-pipe.916" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 33896 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbe6e170-e74a-4ac2-bc92-833f0fd82f68} 916 "\\.\pipe\gecko-crash-server-pipe.916" utility

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4656 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -childID 7 -isForBrowser -prefsHandle 6264 -prefMapHandle 6248 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb16f1f3-01d2-48be-bfa5-80ec926351dd} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7016 -childID 8 -isForBrowser -prefsHandle 5720 -prefMapHandle 5764 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3bdfce0-2710-4616-add6-ccc450ec74a9} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7176 -childID 9 -isForBrowser -prefsHandle 2624 -prefMapHandle 7148 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e08f3c25-3ec2-47bd-a682-741e1c5b1f31} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 10 -isForBrowser -prefsHandle 7324 -prefMapHandle 7328 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8a190d6-26a1-42c5-941f-2137aab008f6} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5920 -childID 11 -isForBrowser -prefsHandle 6872 -prefMapHandle 6096 -prefsLen 28148 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68c9836b-d36d-4c93-afb7-6c84354e8eb4} 916 "\\.\pipe\gecko-crash-server-pipe.916" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,12793579352547609410,12286381858203458338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjNFRjc3OTItMjQ1Mi00RDM2LUIzOUQtRjQ4M0E3MjBENEREfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3NUZEMUQ4OC0zN0EwLTQ4QzMtQkM0RC02NDQxOEJDOTJGOTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMDg4NTAyNTMiIGluc3RhbGxfdGltZV9tcz0iMzk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F3EF7792-2452-4D36-B39D-F483A720D4DD}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjNFRjc3OTItMjQ1Mi00RDM2LUIzOUQtRjQ4M0E3MjBENEREfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENEYzREZDNS0yQTVGLTRCMkMtQkNBMC0yMEM3RDJENzFBOTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMTMyMTgzMDIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\MicrosoftEdge_X64_132.0.2957.115.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\MicrosoftEdge_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\MicrosoftEdge_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.84 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A0878B6E-DD85-4C52-9676-ADBAA80AA7FC}\EDGEMITMP_43BC4.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.115 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7f23aa818,0x7ff7f23aa824,0x7ff7f23aa830

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjNFRjc3OTItMjQ1Mi00RDM2LUIzOUQtRjQ4M0E3MjBENEREfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRDEwODg3NS1BRUU2LTRCMEMtODI4My1DMTQ5OUNFOUIwQkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjExNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAyNzA3Njc4NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMjcxMDY4MDkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzA4MzQ1MTkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MjcyYjBjYi1jYTQ1LTQ0NjMtYTg5NS1mNzQ1YmZmZGY0N2E_UDE9MTczNzc0ODY0NiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1sZ1ZuRWpEM2dhaHJWTGtuTFJpNnklMmZkcHI0WDlrSHk3ZTAzakx0ZVQlMmZrZjdzb2FSN3lDbFNZMjRFNDY2cVNpdWJxQkNWaEl2QkR6R0VLdnVuejZmd0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzcwOTgzMzYiIHRvdGFsPSIxNzcwOTgzMzYiIGRvd25sb2FkX3RpbWVfbXM9IjYwODA4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODcwODQ2NTE4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MjM2NzY5NDkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzMzI5MTA0NDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDQ4IiBkb3dubG9hZF90aW1lX21zPSI2ODEzMiIgZG93bmxvYWRlZD0iMTc3MDk4MzM2IiB0b3RhbD0iMTc3MDk4MzM2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MDkyMSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 2848

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D072E04-CE2A-47FA-9963-4E7F16B86B5A}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D072E04-CE2A-47FA-9963-4E7F16B86B5A}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{42E67423-42A6-4B00-863A-9BC97090AAB1}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDJFNjc0MjMtNDJBNi00QjAwLTg2M0EtOUJDOTcwOTBBQUIxfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2RjA2QzY5Ri0wOUM1LTRCQ0MtQTUxOS05QTI0MDVENzVCN0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDA3NzQ4NjMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDA3Nzg4NTQyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ3NjI4MzYzOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM3NzQ4OTg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJwWTM5eHdZR3FDQXJJdE1QUTdManlHY3V3VndBd2psJTJmczhIQWs4YTN6WExldDBWZmQwV3NhaHNCVTRndG5NJTJmJTJmUjFtYzRWR2lUNVJlZEhtNjBmRGp3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI0NzYyOTM3MjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM3NzQ4OTg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJwWTM5eHdZR3FDQXJJdE1QUTdManlHY3V3VndBd2psJTJmczhIQWs4YTN6WExldDBWZmQwV3NhaHNCVTRndG5NJTJmJTJmUjFtYzRWR2lUNVJlZEhtNjBmRGp3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1NDM0NCIgdG90YWw9IjE2NTQzNDQiIGRvd25sb2FkX3RpbWVfbXM9IjEwMjYwMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ3NjMxMzgwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ4MTU3MjExMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODE2MTcxMTU0OTAxMTEwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjExNSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezI4MkM5RDMwLUJFOTMtNDM3OC1BNTIzLTIxQTkzNzVGMzNDRX0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU618E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{42E67423-42A6-4B00-863A-9BC97090AAB1}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDJFNjc0MjMtNDJBNi00QjAwLTg2M0EtOUJDOTcwOTBBQUIxfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QjBCMjlDOTktQTQyRC00OEZELUI0QjYtMkIwMkYzQ0MyQjQ5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuNDMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzcxNDM4NDMiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDk1MDYxMjc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEE5RUY4ODQtRDEyNi00RkVDLTk5RkEtQUIxODFCNzk4MjlGfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDE4NDhERDYtQjVGQS00MjVELUJCMTgtREFEMzhFOEEwRkNGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEwMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MzAyODg1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NzU2NzcxOTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYwMjU4MjY5MDEiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\MicrosoftEdge_X64_131.0.2903.146.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff78d812918,0x7ff78d812924,0x7ff78d812930

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{15CE1FB3-BD31-40CC-A72D-682DC1F779DD}\EDGEMITMP_6ACED.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x218,0x240,0x244,0x23c,0x248,0x7ff78d812918,0x7ff78d812924,0x7ff78d812930

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff68d1f2918,0x7ff68d1f2924,0x7ff68d1f2930

C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.146\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff68d1f2918,0x7ff68d1f2924,0x7ff68d1f2930

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEE5RUY4ODQtRDEyNi00RkVDLTk5RkEtQUIxODFCNzk4MjlGfSIgdXNlcmlkPSJ7RjI5MUVGMjUtQkU5Ni00Q0Y5LThFRTItNzkxRjFENzE0RTM0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDNzQ2NkI1Ny01MkMyLTQ0ODktQUYwMC00NTI1RDBBNjYxNzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC40MSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjU5MSIgcGluZ19mcmVzaG5lc3M9Ins1OTcxRkMwOC03OTUyLTRFM0QtOEQ4RC0yNzg3MEJFOERENzl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xNDYiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzgxNjE3MTE1NDkwMTExMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYwMzI3MzcxNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYwMzI3ODcyMTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODM2MDAzOTAxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvOGY4ZWY2NzYtYWNiMy00ZjE1LWE4NTQtMTYzNDRjYTAzZTkwP1AxPTE3Mzc3NDk0NDYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RFRieml0ODMlMmY0UWpFamE2SXpjeUlsdjJlT3A2amptMUpnQ0prYzNxUXo2WXVlZTUwVDFrWkpnajBNJTJma2dDUG9tNFN0WGFVVjNmS2VRWjdHWWNudyUyYmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxODgzNjAzNDA1NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvOGY4ZWY2NzYtYWNiMy00ZjE1LWE4NTQtMTYzNDRjYTAzZTkwP1AxPTE3Mzc3NDk0NDYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RFRieml0ODMlMmY0UWpFamE2SXpjeUlsdjJlT3A2amptMUpnQ0prYzNxUXo2WXVlZTUwVDFrWkpnajBNJTJma2dDUG9tNFN0WGFVVjNmS2VRWjdHWWNudyUyYmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY3NTQyNTYiIHRvdGFsPSIxNzY3NTQyNTYiIGRvd25sb2FkX3RpbWVfbXM9IjI3NDIzNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxODgzNjE5NTU0NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxODg1MDE3Njk4NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk0Njc2NjUwNjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNjQiIGRvd25sb2FkX3RpbWVfbXM9IjI4MDMzNCIgZG93bmxvYWRlZD0iMTc2NzU0MjU2IiB0b3RhbD0iMTc2NzU0MjU2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTc0NiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjY1OTEiIHBpbmdfZnJlc2huZXNzPSJ7MkMyQUZDREQtNTA2RS00NTIyLThFN0ItNUEzNTQ2MEI5REJFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjExNSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuODgiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjU5MSIgcGluZ19mcmVzaG5lc3M9IntBRDA4NTlENy03N0MyLTRFOUItODNDNS05MTkyQjk1Qjk2MjJ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 2.17.113.72:443 r.bing.com tcp
GB 2.17.113.72:443 r.bing.com tcp
N/A 224.0.0.251:5353 udp
GB 2.17.113.81:443 r.bing.com tcp
GB 2.17.113.75:443 r.bing.com tcp
GB 2.17.113.75:443 r.bing.com tcp
GB 2.17.113.81:443 r.bing.com tcp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 13.107.21.200:443 bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 162.159.138.232:443 status.discord.com tcp
US 162.159.138.232:443 status.discord.com tcp
US 162.159.135.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.135.232:443 status.discord.com tcp
US 35.186.224.24:443 api.spotify.com tcp
US 35.186.224.24:443 api.spotify.com udp
US 35.186.224.45:443 dealer.spotify.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
N/A 127.0.0.1:50506 tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
N/A 127.0.0.1:50514 tcp
GB 128.116.119.4:80 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 3.162.38.18:443 static.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
GB 2.18.190.75:443 a1899.dscw27.akamai.net tcp
GB 2.18.190.75:443 a1899.dscw27.akamai.net tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
FR 99.86.91.74:443 apis.rbxcdn.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 3.162.38.18:443 static.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
GB 2.18.190.75:443 a1899.dscw27.akamai.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
GB 142.250.180.14:443 redirector.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com tcp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
FR 2.16.11.82:443 a1962.dscw27.akamai.net tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
GB 2.18.190.75:443 a1899.dscw27.akamai.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 18.245.175.6:443 arkoselabs.roblox.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 18.245.175.6:443 arkoselabs.roblox.com udp
FR 2.16.11.128:443 images.rbxcdn.com tcp
GB 2.19.252.155:443 a1993.g.akamai.net tcp
FR 18.245.175.6:443 arkoselabs.roblox.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:80 mail.google.com tcp
GB 142.250.180.5:443 mail.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com udp
NL 142.250.153.94:443 accounts.google.co.uk tcp
NL 142.250.153.94:443 accounts.google.co.uk udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 216.58.212.238:443 lh3.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
GB 142.250.179.234:443 waa-pa.clients6.google.com tcp
GB 142.250.179.234:443 waa-pa.clients6.google.com tcp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.178.14:443 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
GB 142.250.179.234:443 appsgrowthpromo-pa.clients6.google.com udp
GB 216.58.212.238:443 lh3.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.33:443 googlehosted.l.googleusercontent.com tcp
GB 142.250.179.234:443 appsgrowthpromo-pa.clients6.google.com udp
GB 142.250.200.33:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.212.202:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 216.58.212.202:443 appsgrowthpromo-pa.clients6.google.com tcp
GB 216.58.212.202:443 appsgrowthpromo-pa.clients6.google.com udp
GB 142.250.200.33:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 216.58.201.106:443 addons-pa.clients6.google.com tcp
GB 216.58.201.106:443 addons-pa.clients6.google.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 216.58.201.106:443 addons-pa.clients6.google.com udp
GB 172.217.16.234:443 signaler-pa.clients6.google.com tcp
GB 172.217.16.234:443 signaler-pa.clients6.google.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com tcp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com tcp
GB 142.250.178.14:443 ogs.google.com tcp
GB 172.217.16.234:443 signaler-pa.clients6.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 142.250.178.14:443 ogs.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 142.250.178.14:443 ogs.google.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com tcp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com tcp
GB 216.58.213.10:443 peoplestack-pa.clients6.google.com udp
GB 172.217.16.229:443 googlemail.l.google.com tcp
GB 172.217.16.229:443 googlemail.l.google.com tcp
US 8.8.8.8:53 229.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 images-ext-1.discordapp.net udp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 162.159.130.232:443 images-ext-1.discordapp.net tcp
US 95.100.153.149:443 th.bing.com tcp
US 95.100.153.149:443 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 95.100.153.151:443 r.bing.com tcp
US 95.100.153.149:443 r.bing.com tcp
US 95.100.153.149:443 r.bing.com tcp
US 95.100.153.151:443 r.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 128.116.119.4:80 auth.roblox.com tcp
GB 128.116.119.4:80 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
NL 88.221.254.67:443 css.rbxcdn.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
FR 3.162.38.51:443 static.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 23.200.87.14:443 js.rbxcdn.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
NL 88.221.254.67:443 css.rbxcdn.com tcp
FR 18.245.175.119:443 images.rbxcdn.com tcp
FR 18.245.175.119:443 images.rbxcdn.com tcp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
GB 128.116.119.4:443 ncs.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
FR 99.86.91.66:443 apis.rbxcdn.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 2.19.252.160:443 setup.rbxcdn.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
N/A 127.0.0.1:55386 tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
FR 13.249.9.45:443 clientsettingscdn.roblox.com tcp
GB 2.19.252.160:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:55390 tcp
N/A 127.0.0.1:55405 tcp
GB 2.19.252.160:443 setup.rbxcdn.com tcp
GB 2.19.252.160:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 4.155.164.36:443 msedge.api.cdp.microsoft.com tcp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.202:443 waa-pa.clients6.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.212.202:443 waa-pa.clients6.google.com tcp
GB 128.116.119.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:56155 tcp
N/A 127.0.0.1:56160 tcp
GB 128.116.119.4:443 client-telemetry.roblox.com tcp
SE 2.21.240.99:443 i.scdn.co tcp
SE 2.21.240.99:443 i.scdn.co tcp
US 8.8.8.8:53 99.240.21.2.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 52.252.28.242:443 msedge.api.cdp.microsoft.com tcp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.180.5:443 mail.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 216.58.212.202:443 waa-pa.clients6.google.com udp
GB 172.217.169.74:443 waa-pa.clients6.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.180.5:443 mail.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.10:443 waa-pa.clients6.google.com udp
GB 216.58.212.234:443 waa-pa.clients6.google.com tcp
GB 216.58.212.234:443 waa-pa.clients6.google.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
DE 2.16.202.59:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.180.5:443 mail.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.10:443 waa-pa.clients6.google.com udp
GB 142.250.180.10:443 waa-pa.clients6.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.180.5:443 mail.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com udp
GB 216.58.201.106:443 signaler-pa.clients6.google.com tcp
GB 142.250.200.3:443 ssl.gstatic.com udp
GB 142.250.180.5:443 mail.google.com tcp

Files

\??\pipe\crashpad_2316_QYAAZBWVATAXTMGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c3c4d0288e02e1941ff87b18a24c1b6
SHA1 800ac1fbce80eaf25c32d4d1af6a885f6d403f0f
SHA256 95f19f5459806c2d4cdac0866af18794945ad0b49106f6d0d27a5b91fc39d2c6
SHA512 940b3a35209b85d4d10e4442e3191a203a456c34f71dac0070804d680eb0a6fa13f9f7f5b1bb8d0b7303edb83e21cfcf3106014ee02fe90264fe08be16dde114

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e0807659fc18839a1f8669acd1980b3
SHA1 74f13e21f7ed876af1564934fca0a6ad6ccdf9b9
SHA256 90e6011a2d37941f780eb2a192c9c2170d042b47395c25fe2572c8e6822c9e9d
SHA512 6c709764cbb85fc056e9e5ba33d950b6833fe07b353a0bbf85ceecff66d45fd8ecabb289d84adea9d3f17b3303c8f46a7284ff6f61e239044d9852c21a2d2591

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b25c77ed3975819ca6b237e3fc498677
SHA1 163332857707051137525e1ba719b102d513a1c0
SHA256 1f04352b4bb26db72b0a182cd8b08d6d922e52b184aac2dc25988a303ccbc533
SHA512 5f2e0a9f9f85eb7d14761760e2c1c3cded856bc4c0c3434f4c5d280c8806e3867044984b774d1608c0b3231d1911cedfb2e70602bcc944ec6e21a8adcebc4459

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 337239b388dad09360b19d2cc877fff7
SHA1 d353e6bf8d1de0cef0e10effc9258590df9ce5ce
SHA256 3182f0a7cd16b923693abec941235d0ec5c8b798e64b7b949b75e84d9c12a5c4
SHA512 e49bfb7ad8267b665c98527c51b48585e65057d241e48e1ab4ee2f2073b4ace31f7e52e8d98859e0ebc7ea28e39115aaebded3afed62de39bb6c0f3d307762e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 46e6ad711a84b5dc7b30b75297d64875
SHA1 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485
SHA256 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f
SHA512 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fdee96b970080ef7f5bfa5964075575e
SHA1 2c821998dc2674d291bfa83a4df46814f0c29ab4
SHA256 a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0
SHA512 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 03e299c992d1fe3aa9119aaeab4e0e03
SHA1 cb78afe9bedb65bb8ef54c1dd660b13ef50967d4
SHA256 455d501b70b8a3eae308fcbb24bb7bdb833a2b3d5565f8c3d7bb42796c6831e4
SHA512 287dc47adf2300fd3f9e39d68acab5099bc35d8411a2c7de265beaaab6720865653f16d90c9b80d0b4ba52551a9eed4f7c257148a9065bac1eebed6c0b1b1a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f3ca659a7f57a71d41b43dc5b819554
SHA1 97e87816902910a7f14faee174f3d09dae4e3d73
SHA256 5bb1f7f6fcfd9b18e4ed73b712ef392607dba17c16e172089ed1730443cd336e
SHA512 cb632c1b7c42faba552fd9a732fef835205660041310d5b4eb705b2e3f0660379f53f86c60f85c4dada9d319098150a2b67347560730c4dfbc3f882c5a1d46a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52615c72e603bb04c2f1f426eccdef64
SHA1 2fa4c71ff7c6c041b35a892f1bd5240b62d84347
SHA256 c25976e545a7f9e2c8448c15abf31d07b56ce25360950fc04a082efc61bc4aa4
SHA512 1ee746118cf2a2829fa091d8ebab2969dcdfc3499b7f0bcebeb7e598c4f43755a28d76cc34c4cc54157adbdc81e41d088169b206a135ba06d3f2bdd6c872b578

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8e766b39d0b218189d9e345c32c93f2
SHA1 55218837a66a2b98a59a540b5240cb46931eccce
SHA256 9129b358349103e482a081e381412537371b952d1fa657f36a60710d21942705
SHA512 4eee1cd9a977f1866d2ca3e40585a65f2453eb202b4a25556af85588b15d6ebe1d463fcc3ed36dfeb35cb0c0eb29bfdbb297ec8f81aba4de0a004a150adadd63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fa7989de6512821bd3b26bb6ba9240c5
SHA1 b9e45a08231f7376388b9616fbc6e5c7c02d5561
SHA256 c8f55ad1f022d5119617ef3af0024880a3b7488076e3138aa35ed1d929b8a9c0
SHA512 e2e823c4eabdf75d7cf67c8bf0374f53643a96e2e0055a28e69b5e9eca9d380b3ba33ba7d30c108dd354a99f6ea76b961899c3fdeda22026b647b70cf828e62d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e86c.TMP

MD5 13ab8821139233df6f0586402f69d306
SHA1 77ee4ff6864091fcd85bfa339f4cd6b8c950ad0f
SHA256 247fa03e6357f7794a252857a42fbd75222418187030a6345270c3892ffb8a99
SHA512 79695b731f034eafd2560c8149f5d873f52b108073220313cf29b0831eaaa07d82503cb5515a8c4cc0398b167aa6f804965f46c70aa6d270bfd644fc3c33f0b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\c44c8399-ac2c-4ab5-b492-b712a4e6b819

MD5 e02b562f8bc0a9fb63ec4485933c297c
SHA1 562209157e47b0daa5a3243dd63557e5de1aedb3
SHA256 81fc62f31e9476ba021cacad2f198f0f436e2c643fa522c91712aa05d5f0cff5
SHA512 0d5aaaf882d9930d5812ea0b4fc8457cf314aaa1a55a5a61efe91d547f0cbbe53c3abcb757a566d54e5d635636b1e400e4cf128aca948313d1bf1709dc281326

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\5747bc9c-f703-45ce-bb1f-16d915ffc015

MD5 200b18ff3cecd4b37f9d2fd5f2adb4bd
SHA1 3244b57dabf6924419570da669870353bc00483b
SHA256 d09cda6d5ee118539d69e350b859e9fd3e64e9151e7b115fd0b7522532e05b74
SHA512 ca86dc585b97fc2513bf16d89b3544109f5f0c740282af933a2da9908cbc8e8839154bdd22e6abf34623c683b53b97914122533bad4b4349be1c88c22898930b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\07794be9-26b7-4272-a62e-9a1369c17dbb

MD5 6685501ac5d8b3e0f4a5f0a750d43cc4
SHA1 a8dcd0d2ac9a054099916cfc176ae73106cf30b7
SHA256 b79b195d81c6142190a6f955e05029b59798289a5f94eafd19595530e4cc78e2
SHA512 0f284d3558b6aaa299084e23a4ebde8f91656010d019157550e87646b84c8936860737f405a8314106c9f2484a15cdd3f3417f91ab7408c67ec80f25b628e124

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

MD5 325f17f2e27bba86a082f38a8bdad8e2
SHA1 3456e7c60b381e2749939f991312f8a4693563cf
SHA256 ec618f13a32624a907db72bffa71f3db85443df65a4a3abd4b7aad0df12171a6
SHA512 55c5dec1bdca71f902486bd3a4ff2cac20131ac9d534f2fd6771742f203da81b98dbb70b0039a0e1e7d2b24bfb960b896674b52371b1baac95c5c0a2f93e0523

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

MD5 8084948b44e5728b220fb5f5a9d573c3
SHA1 6ca7c1f67b0de1953282065ddf4b21b880fb75c2
SHA256 1e408b5dc2cbd57e9c4f526ab401431c3f94f16775a7ad63d6cfbe461c393ee0
SHA512 15dc99942dbf85b72e59df9016e5b2293f44dada4d506f2a3c58688c47914da552f6fa55b93592d1fb2ed8d550615ca8d9326caadef91c402e6733c8663904d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

MD5 1509b64f333e3b91c5ab9d0690017c5f
SHA1 f6be8a3346add5024d7842b8583a7025a5963c8e
SHA256 bd0f28d16eeb702d4d4b8ed5f60497454a850394baac23a06279f8f9fd65d3dd
SHA512 97bfaa9b7c9b2f8ac7c29957e455f4a46aafe62e2f6c0f666c0ef68c92ddfd6aab92d29b70c00dd432fa6cd124b58d1bb52914ca4ebb2d54d625eb6947f61c3b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 96c542dec016d9ec1ecc4dddfcbaac66
SHA1 6199f7648bb744efa58acf7b96fee85d938389e4
SHA256 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512 cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

MD5 15e8bd0ad56e054e57f7f20b8176ee31
SHA1 dcc5315526dc6125db111966202289792079ff1d
SHA256 9a61eccc5497fc76f30c9c3a7512a10779025319644bd1938c2b977bc07196c0
SHA512 82acb460dc189c084f58ba7b2b6cdac12015c2c080b340ba408203d6ab91aed0bc7ae281117e9d8b4e02b337c8dc6c3036b847b097776c90201b9c573fa5a71a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5b0abae7c8cf4656e612ff22b413c954
SHA1 73a2db15047139ff8079a0b3174da09c5b345e66
SHA256 a0db3cf64deb76d80f401a226f4bf3eaea7d6fee31ae22bc90ce15986c1428a6
SHA512 9c454238165626ac6b5b538761b3d7abef39255a15b3aa41f5848a420c54f100d914e96c62b50fa7e4b31e9eead7bed7099fa3d2befb3ed4859d1fde1d226737

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 5d0a485c6575ffa77a45a9789921f9f0
SHA1 207468b870c413099bb675a3e162346ee2d417bc
SHA256 728b08f74ada44e54c1b8c28beb43047e7f2c34e6abf27484626975807a5a17c
SHA512 fc94ec23d20863fad9ac2e97d919efb4d40bb9a914df7ecaeb063e6284cb008bb5ae1ec37eacc25aa3ea706ef1f00f769632314bfd5ff615b4dc217c3ebbc279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33c67ad24188082348438411dcccf165
SHA1 ed2c66380d3a0a5353a8251af04dc444fb5617e0
SHA256 ab98de9689da2566acd887ab9ac0afe030a86a013048a1e13e0fef8d07c57272
SHA512 45c105e840a7ed7065211fe2b1b112b77bd5ae323a97830fd6a75308f3756bafec61680dbd9667744c5bea0308b14f566f7afb8305a18e858ac53c71f77f755c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

MD5 960df670fea52297ab0303018e4d7e43
SHA1 e09a58b064676941af445c5df96e42f711d46289
SHA256 200db4c1c1c006cf407b7d0eed19e649c72676e991c46f1aa05c7bffa765a7c3
SHA512 a5bf6553847b25c3fedb7b0b1b861109f625115c5c66cd52c9545a2d3415e4b5b24ba6a46b501d7d4a734a61e8083732c092bec4ab8b53092de6f75799f4f9e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 b463bfdbfa7fbf50add69e1d761bfa60
SHA1 911d721c5ee4d2963ebdf055b2b4f56142bda02b
SHA256 125dc071d0e954e44aa7d8ee178921f366fbc5d009dd9cd8f37959d493ab5275
SHA512 71bd6c615197ee0790bc82732dba6e56ec27f9c3486568c0428061e4b8b09c2eb34c7faf23521b354e8423415942eb60df054ff272b7b48adcc0bb190b1fa467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 c5adffc150f99f75f3907ff925d0c94d
SHA1 5ef641946644072036dd460ead201071f5bba717
SHA256 296aa1299b5dab6d4c3ee427985dbc916325f9fcea900bef93334c9a424e015a
SHA512 ea6b38bcec0c935073c3e8ada17f46cef282cc6e6fc50329a13a330d8c8007b8bd95e84b36906db4fded080184e722dcb3cc2b82841e9788c9796f150a75a9ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\CBB3AF37072E075C70D6CACBE827A43A2FA5106A

MD5 e13fc880f013c78e3a4c82497c64fef8
SHA1 ebfd55a0765b8400a70b7ae92ab24ca8ea93ca95
SHA256 d2addb21cb500df3375839b5925e2638139a18075beab37b3897420cd67b6a98
SHA512 96f0ffa9071820147ec9f577dfa8c71b29d4679d186db2b93db02c7c35be542f7be3446eb991399a7152fb09ee27e95b39b17a1b02227c53c3916b2e979502a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14ef34fde0408a2d586f0ec841b910d3
SHA1 ebf0c2cb11b5731d4a42c042da4e08933e51f7d9
SHA256 b5c4706da9859a0db1c147fee02be36aca2e3ba776d9dbf4f198bb63a086752e
SHA512 d38fb143735c0a5c5d5481be639c6e50fa2f435d12b7374e61bdb406669c83d5644877ff636a2105257486a3dbc84e9a5ff32a81f3fb2de8f566b1b1dca9e54e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

MD5 0d7f12e5cc079670ef4330eaca01d7ce
SHA1 1be06a6f51363f024abb185684bbd292183073db
SHA256 ce6b549ac6e827f0cf417300b08a12470da0fbc23f8fb16641ee242b639d5060
SHA512 7c4546e57e5bd44cadaf05d3755688a350ac0b7f6341fb69fdf4b6b50571e8cfa47350b824e841d766cdd271e5c66df85353cfb108bd4231ae0177c2e03ca60d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 379f362a759525e69bde7136abfb724e
SHA1 94e91e7f1dcb1eb55c63517171aa11b41dbf30cd
SHA256 5ab60bbfe03cedcf0cb70680b8bba004d6a1b868688c7c148ca1e609ae018613
SHA512 d88fad5429191594e12f2b6e3a64712cadc82de12a2b5d3ebafb40146d0b3cfe14d1abfafba22a83e917b529871086dab3f16fea3fdc41eaa65f19328f76a33d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 ab9368f1b5f1126d245aee76179b5c86
SHA1 b4961b3fb5105d31cdfb958ee13a75aaf1e72c98
SHA256 98ecc104fd437d0979e1bff83c8eff82104f80d9a4ed988418573c1da28de498
SHA512 7a2b4785759b33b016b940bb941e6d3ca003d9e8dc9e9afb22e7eefc9bad135b9da3e68653678da8374f926f3e5407443081796b5c99634c27258709400d6821

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

MD5 8ff9575d628c941590cdf13067c2e3ac
SHA1 d8a6dd74552c09cfb57331027fb4d30716e260e5
SHA256 ea53ced1179e4cc6b7599251894ded0d54d8d59b18ff72ef147e48837d3551ab
SHA512 ae1180b7e76f44cfd03d0a248d20b0738c59199a6183ba1f42568f80a17e904f105eb09eb3f1d437e55ab76529721582ffeb1b194396118fefea1dd88fe35af4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

MD5 6dae2a91dae10f49be0969a78f79f09c
SHA1 aa0013ec0fbad138f447be7a42c5824ca2645c20
SHA256 e17fe75c616741e5870fe18c34a46fd00f1f51f1ca4f3e94047f6d6e1b001ed6
SHA512 73a4e08ac5035c55232fa045f02179a68563bccfaeb4d588abd4a8bb2b2a413d00e34897d1115e8a69aeac6aae219e661e4eef6a984e1c3a81618e93b6db60d5

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

MD5 ad17f09df41fe652215f2ea81b8e2005
SHA1 f654dd9c0e1da30afadee6e3809a2dc0a2e818f0
SHA256 12efddf332e332cbd374d668282cbf5c86071778332cdd8f2595f5964ce0248f
SHA512 394fd53dbe8e90a942c4812f21c483a97caed7b2d39321f770442e1a2ac25fe726f07596b70af6565c8741e1c02ff284e44d237f5ee8d5aef05ea56141909ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6048d12fd1e326e90c9b0e1c710eee4c
SHA1 7dedb32380f995f12e65c45a12ef50f51a993b27
SHA256 e6c5c6f65573ee1f3c667a7618a2dc1ca06e549ce73d536de142c766f0c3e9cf
SHA512 918ffa4a1c18511649755331be13ecc43dc23ac37a66f3df4d1ccb1234c4c30fbc1c85de045d4250ba304a3fe554f42eb1317d2c2f41623ee8fb99dafbfd811b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 2bd7fb2883b4ddee5f67885f2b9c0b9b
SHA1 866cd6fefb078af3a1315510307867513109b220
SHA256 a113e586d4c49f4f376e91d0f3ebef88463dea0151870e7c2a10ec8e9076e60e
SHA512 c2605f6611e7aef1a5582f818fb95879e4dd1555965d707acd90907aeebd9a3314fef75fad09275237ca25a7291ae48ad9b365a344ccc3b2a11a8a2e607e32c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 20753cae506a2395adbb83dbfc858167
SHA1 2ce6dd409b79a731182612d008213de574ff7bcf
SHA256 40839f5485e74beeb00d2ba53ab2f2d75ce42379024dee9f3b913cfdff368e44
SHA512 42f0e5ad992cc055f307c538988bacaf6908ed9f3e01eee975de7c88081ade9c578be33cf3027099c5b71b17b774318db11ffed7140af2621ad4bf133617dc87

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 119621c62d5bfb061a85fb366a1bea70
SHA1 f80056ba9e49fd2a46daeed37d14b168e29435e2
SHA256 9b0c3af3623d75e8b43cccbdda9b7f4bc0deb00c9aa6a94d82e389c127943e89
SHA512 282c1c7b9b26461388404792f14ba6a4165b5514cae186b9cb61066e4bdcb2964ad8da381d1280cba73577158b6bc18e581661728e69de40b6909df6c9e84760

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 c2c85152ae6bd8e260ab1bedbc277317
SHA1 1715b19256525a5455d33caf7ecbf6438d79ad55
SHA256 5a3a0b4ebaa054da2685335c423298a10b0b27b68a378eed4b11f28a66e6cb31
SHA512 f7bd45b248aaf69e1e4b97fb52aa69bfec9ea0822f787f207f8e653d90718ce72ad255b372e8258bce4ff6ae4e807d5a0b52a10f18909351302fdce0df775f44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 100ca5fc70446318e2d5d42ca5b6d5a2
SHA1 33ecd7bcfefc49eb7b9b8a85e75af710b3076c7f
SHA256 778ef9f53b9bcb25feb025907d19f27751f797608ded63feab784b5ebe04ff98
SHA512 5f30afa09e746b194cc387e140872b477f16552023285aad39c8dd7e3ae433bf3959f9da868aa70940e808421d7beb7300b601c516f7ee6b4cf79d0119a9513d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\SiteSecurityServiceState.bin

MD5 7a07b36024268d874781858793db1386
SHA1 0509316ce8d9a031dda63604e7601f90e3057841
SHA256 32c189f63652fd0813df86485d149616b0204bc85e98f08463cde02d5c9c59a2
SHA512 ed89835356e8826dcf4ae35a232cede5205a3ae91351b141b47e0b078729a517554216f457181e6e8a55424dc4e861d364dac20708fc0b2a5e091bfef9da952c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 1b956e40af0c285d8f27db5578a7da4f
SHA1 1c4293ea99fcfb69da0d1c870944c00657c70dad
SHA256 dbd4a37d8d40ea178102505d6bf00b120887aec8e7d15529ced7136cab93dfbf
SHA512 0226b7451272638815df6ed1d39a4cdbd93214f9ac36f76b88ec4c512ff34a83041be3ed79d21191b47344fc8e6942ed205dc13e580506b04dd6193b3dd0e3f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 5e37018867415850ea9126b5bdebb186
SHA1 0d2f0e15cd9c32eb32669d89b5d41fa61226e18b
SHA256 45cecc67e9bc13212b53b325ae149294b7d63480f08536077fad110d421095f3
SHA512 e537d4a6d84de6b7d072517768b94b536a24e860d3cd6896c4627c9728dc2eddd0f9b00cbe349e1aef5aaa87fd3598b7756092ed10b282befceb51a842476226

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 2ff79729d5e588eea13e241257c7c754
SHA1 d27b90efcacbf41010430ab02d8033c0450fc146
SHA256 518c88ba5f3fabd6cd27bfef4b6607c09a8762490b21bc9969cf3cd2d9a21179
SHA512 a8ca9165bcf9e5b094ec8d29689c09bb80349fc8b2314c145fa373a426de526b7bf36b5602cfdd5404b10365d3f9e7933fbb35a506b3ab805649d3415f6f6ce0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

MD5 f6e9c56e14203b8b6da72d6123642229
SHA1 99a03e8b72efbf57b67f786e19eb1b31ba254779
SHA256 e937390e0433a90bc79816fe22eb62241e1fe31475fc1faadead55231156ffc9
SHA512 156c305b3fda44c17d4f6ef3339e25d1ffe3bcb55c4818f2fc50130fafbc55c163c3cdd95802b31c8d1fee0958f8a2ca688bf9903989e4ed4dc52fb5fd85660b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\B2321E3F9DF86CA98AFA3C0508B0DB4289FBCFC6

MD5 2235f9d5e6b0950fe02e0e713c35e118
SHA1 3f37f37d2855bfc94ab70d0bd47262f993b577c7
SHA256 de247ca02c04887c4f51e81d8741a7b1cc559c365db2f305ba67520901e3aba4
SHA512 e40686092ac8273cf10647ebceb70fbb7e65c8f77616451539e812178b020e5e0837d0b15e0958fae71f25d7e62e88e8fee7fc5e265ee002624ca18a86b7286f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\B5D9B00549A67C5E8FDA11F8BBFCECEDD00925E6

MD5 c41db39d57e9553e69a4b061e293deff
SHA1 741dd94557720d74cb2b569c6b6700a96681f1ec
SHA256 50ea88f9c4f9de483a2cbed3dc18fd818f473bcaf5f4e3c09bf1c888150cc210
SHA512 adbfdeac544629c3af70f771ffd809cbf42d5cdab5de7473fe07644eae100c4144b52d6564183046aa68c241d468ec2f034dbbf3f6bb489d68f88ddcfb41b47a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\3880E07D7216EA6B15D621AA35EA5FA1D0B4B5A0

MD5 d7ece842471011d5138a80e31fe4e7f9
SHA1 d16371f2a9b0009199a0f450844cf07ffc59204d
SHA256 e54e041343d1d83c44e04fa48eaa9284ca44898536029c2b08010386e0aee118
SHA512 08779d44ec88ac8b5d2c1ffe29d563ee8caf3b0a726a0692eae330c3797e2b06e4efdf63e466edf48171e65cf1d83387d36083ac3d95c5624e6faaf58f7e1627

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9

MD5 287b4dda7d3d34758e3684d310cc9429
SHA1 b6c291a1325fa69d9c1f794b5f82ea4df1eb1f3c
SHA256 2b1fc12f07276ffd45717b49d5bc6210bee7f1ae672b9aa4caf769cf981ca27e
SHA512 ddd6e08799d3d022beb18a375293f1dfc98ba18c5e2e676eb08f553f5dbea9043c96915d036f056538d4667b5a48324ee32a9d4e91ab80246edfe336f91c8018

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

MD5 4bfae5eda831620ded7c76f63f0778a8
SHA1 80b87a62e771c9fb4649dbd3600ac8a95e54a3a3
SHA256 b07e27db339b1ebd54c7c515dce0b0b4dd9cb59343d107377e56bd1f09d27a46
SHA512 6275abb07b36823dcb4770edf088f63c3e68da5e47969e5126d788d3993dd286870db294ccdf6bdf263d12e7f194930c60242bbb2528f0978919cb1e7831d2ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\4F0A302E303A8A3BF5615AF7B227BE05EFCC1BF4

MD5 57ad9d46aba1693e92ca57bdce8a83bd
SHA1 74c7c7d319d1fae42554107cbdc62a257e3de2bc
SHA256 8dcbcbb321caa0f20fc755cc68be72ff08b75d8546019ea8b564ebb0fd573f3e
SHA512 2758843ee6effc8de3ed72e5aef64b36032f72d3747fd4b671857f62083af48396c4b5aa495b5e739565a48e5d00fea7f546ccf5534baf4bc6295285eda9a120

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257

MD5 b29206d226377e0e5aa34561e62c026b
SHA1 88ab7fce61683a3bd61855546ebbfecd23b4305d
SHA256 9b6ad8a0127d3387c45994029cd9c317defb0ac082eb15246b954a20bb1c78ca
SHA512 f705c53219afcc31cab2c12e3f3db0e5f580ae19af78ee26363179941c42ddd8948ebe2cd6c7c2fe20a89c722bc33812c16125a0024177b757e73ecd24d6de63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\15CB1DC9BCADD0D8314FC7C7BF5E02774D2AC20A

MD5 25cb0832fbd49f0a4d4546a348ef965c
SHA1 40d8ea6d044de49e2aa981b03ebb34a9be544b84
SHA256 d5a723a95d41cae8e60536cea1c4cda1186483dc62c4103a0d265476ba5f2774
SHA512 d67ae67fedddc8fc2fc8e9ba9b437fbaa2f1301b4b0ec5b5f4f5fcdb515ad54b914b3fbf6fd28c4629e95617d1fdd23f9d1fb4527c7b763665b233805403c330

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\691680DE655A62653643DE337423E895A6C63C79

MD5 bf4e2a284696052d31b39947239ef92a
SHA1 57c5ea7b8e8c5f6c0a74c4df7c11518d304b6bb9
SHA256 89529c32ca4658453a82f8a9380f0f3f7970ba981d0fca6a806869ef3e7cd3ee
SHA512 03bc00a8b72034a1150f57976432f35750e0576209510c898906888bd914b7a5b9b249cc62bdcd37de20de850bd12add918131041e038acbfdb6544794ea887f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\7D2EC7327A9ADA22C9789720F397B4A592649EFE

MD5 ab59a213a9a5d9932169411cc64bee95
SHA1 bbee24593c1c926a6c255d33dacc65ab301595c9
SHA256 7b3bd86e7f884a6776e2770813a6221a72a34c8c3bc2cf3b5d7882d2be608248
SHA512 78215069e2e58702d608e0bb1998b6ab9769cffc5c689810a3481e02681c41a85c3262f5c56e33b63218d22f77f8aeca37b220bfb4be4d334005842082be7f21

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

MD5 762817208f0bca2ed2b462af440eabda
SHA1 9077cc2d9723fbf0f4c7f6ae4fc83da08dc3da1a
SHA256 2afee3a9928dffbcdd79840b82dcef12bc26223c4bfb6675b1681e55006df939
SHA512 229fb378349102054f1c7a9be5f88291a71bbdeff308a4a9f1331be91b5d84d688a697e6002f2b8cc7bef2252a47c50eeec7544b307da370015a38e643567ad8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\9111D6B1D65E3DC8DF87F8D14FC15CD1A4FBFFCA

MD5 147e43a4aa1a2870ae786c119701cc30
SHA1 7db10c7f73beb74f3e571c98d5636565d3c2508c
SHA256 c9906214f189029af59a203fd277ca3f03901b9b44ec7d303fd778e352a5bbec
SHA512 05754f060808c3a193c47193c4c12dd44472d46987be15b3fdd87ae2de31bbb840f7a7677cb3f18f8bab6111224e9cfc10cb33da33221af88f5410fae28c60eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

MD5 a45d4eed38410f8911d8af9c3d821840
SHA1 6320a12449d52c1653a9578851e0996f6e8693c7
SHA256 407c809e6b8d16a20cb0f9f82448810b4894451321c88b93c599c8bba359a54f
SHA512 d490fa31c5f3af724822a7b81f3fba48ad2138080c6faf411ce6e139a4d966a9cb879fb51c47fb00a76d0c7438886b2be1462c71886e14cdc49765a28e8bd3a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\C68D52241DF17C05E063A681668CB14188760D95

MD5 26462e7d5635e4b3880a4680260025c5
SHA1 0bbce012372575c8becfd5431b4453287bedeec9
SHA256 fc40dee8159f9d374e4cfb318ef09c33775ceb09c1423c142e92ec3a249cfde5
SHA512 b3f7df94ca65f8356ea7211575c744f38cd492cc8f2739e3ea5bd3d643c8b84af90fd4902c656360f80a69cff90640361e1042e58d5b64e544f276183d7f73e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\23D7ACAEBFC24DBA9041C805C4C89DF006351EFB

MD5 7c46711b63bd04d541b57250fc52efb2
SHA1 1c1fa2ed2a0ea8faefa44b3d53fc4f6b03f5b177
SHA256 f94ea01813a3abd377470346797b037e6ef68995d6fa9b2a5223678d661b5152
SHA512 ba38c5efef44c5f2a521df208d3fd0912b514c726dc0ad602c3cd09ea990959f86645128f3470dabb8907f1aa14623ba789173a3a392549fe3271253057c3f85

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\357EE03C3DE8F75A63C2014036B2431C1AC8CDB1

MD5 d06abec1ea8d8026ddbfaa98f1f89331
SHA1 f6fdfe0f0376761a1027557099f3f71eec964f94
SHA256 7f4ba6cb3090f4c37b7f94e82410394bcf8973845446a99cb8a71a13e911424d
SHA512 16597995e6d1c38b2357bd04558cf9f394bf98ca3dcf47b48449ca602cae5b97c77584f2998188b49b0e0dfb821a1b2cbfa8dab6f487dca4a4bd43f21e04c4ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\37AAE6F2172EBB8F25AAB227C7FE49403DC4BEA7

MD5 b173f56ac50f98a16719e4009650d965
SHA1 4e531825e1c82d5f26b3c61f21f327a1f2e877eb
SHA256 0e93cded38b03deacee80601fc1b2e7c191bd7b2808a5925337411901fdc009f
SHA512 9bff4f7c3802c530230e321b9d329f1bc6f4b28f1907d2e751c5e8a4b62644c6a3a5b090c20e89b4296cfb357ca23fd68f94934fa5231f54f1786e72c6e897f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\BD78485C28EFDBA59DF992B8A5CDC34D177325C3

MD5 805e874eec5d01a6ffeb42595eac0efd
SHA1 4f1dca05768c89ede40ea9a7e321ebb0d18f9a48
SHA256 d162e4b2291859c74c2f1f3a3654bb94f285d02d8e65616d89e7749509f9be24
SHA512 2f8120ab91566f57fba2c7c1c2d10f2ad1a9967428fea8784b74b433554b62941fe8f46e485da5bf3904b3f0bdfb85b2161be6af479fea893028095a65a0d26e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F430A59B10E951FD3D750F57D5D290E363216E7D

MD5 541343449fa64d76bc88b3fb9032c32b
SHA1 d355c3e3fe1054ec0a1c62360bef09d0cbb3fcff
SHA256 cf28f36782fff0c55429aa359dd1df6cd0f7e9e1eada452e142c9a957f3b5599
SHA512 cd881dbff67fafcf6b1270ebced7f4b99eba7f067e3d2a11b226b8455556398ca78cac3d4f3edd11753ae17c6981b9877b297667f136572982d349de13056e26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\903E00CC0EDD76D57ACCBDEC95CE0B3E8C2B9C11

MD5 b9ee6210afc86e29f2d5e147f7730616
SHA1 ba15ce8b2238d9dea37793c61547cac47bcca6f5
SHA256 028e5c25b039c2a8d6e83567a9af9c011c9305dcbe1feb87568b6b9cceb34233
SHA512 ebb8824a84e56cb10a978e56c7e4b5f9e4ebf6492205b8229a06d07b65bf66ee93c371acc07543f56e44461fb1664718b85c2bc5d2824a1baa4d859118f9cfb7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\971E1369139A2D741CB4AEEC3C5501EFC6E55795

MD5 b16388d763252b766dade93195404843
SHA1 0ede5eba5317b4a6fe8117bf0d23ae9f804cd622
SHA256 5c3e231215abac8f4d6799bd2f0978d4141d685c9762a60ce46c2d563d1cbf28
SHA512 3928705d828d0e104a5dad10cbb9b328a85c9007dfe9e558d814f3c1555169f6e7a9cc764ea52dcc52c911984d4cf21edd548b556974277b2f79e5a5fbbe6fa4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9

MD5 365687724a22f1e9c66ccc12ad775151
SHA1 785d37584e837d8aaf414beab5fc51166b0d3903
SHA256 9126ace87a2aacbc0a0cf1fe8e369b22456d3f9f44d68279317b9f006cc98b2f
SHA512 d669ba7e4df5df7f96f3de0062fb4bc39ae2d582981cc8de4d865970d5387baf37a36c17cad9151a3766a06daa6dc8668c0d3291a7276a53eb5daaf58d794100

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

MD5 9359ac810927acc1266c9c043f1f2c76
SHA1 7833f0d368aa2b662b3fb668259a36cfb3bd64b7
SHA256 b25ebfb0456f79a6a677965a612d4ecb7646d939996cdb057b72fd00be9ccd1a
SHA512 b5e9564d16bf6271a57c657574d3d9af512e26a98116ea3ae81a3103c3b00799fb3c681e33dcae1cf2988c6f5a063fcdb6da95015919d43efc305e6dc9bb99e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F92E7D1CFA8C9E7BA6B8B6333715A43C4D60C42C

MD5 64a742889d173aa5ee29a5110105f301
SHA1 285fbf725e8c79ee911c75fb955d53f507ec5f88
SHA256 f3b660a105175b2b032be9a0f1789c64b46aeadeb544550df542fe755cce00d2
SHA512 c3c46c7e70412d991b014ab11c46563f340b179d355a20d4f812b6b9e016fe3dc2c8d863c1ce819939f8ed61bed2b457ada6b936059668678ce3b2b97a099eff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\FF7BDC95D9D2E2DCFB31F46479BA0372533C2FB0

MD5 a53e1b4498b130e7cbabb807d16035c9
SHA1 e82007a85799322540694369ac93e34c8337f84e
SHA256 bd45b31b978ec52cb0f22992566a1153fa1a7f1c8512e32d8372c61446013f73
SHA512 da54ef7fef3245bcfa6f826084425bf24d25499006584527f5518a3ffec49719a60e7c5556e14e61a067bbddc50bd42fa8073d044d929cfd4c2761d6b594a337

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F3CAA836DF9244F44521C9C538B2099C9F5A9015

MD5 43798df0c1bbbda4e603d94c4dda63ac
SHA1 a3ff85a47129d98f99eb223856ac08c898196a01
SHA256 f375246e566a21f0bd28354f2719eb41ec02cc027c43c55b95198070b48939d7
SHA512 6447ea70e3a650ab2257e14afcad140bd541f6dafc7f87da953d9dadd748dd0bcfd0516434ca6035074298e890e9e28b42ee62f379b39d0533eceb0ee8fc6d87

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565

MD5 54be89db63d44085c3204df77848212b
SHA1 d95c3c752b8ace10c27e5090faca28ce153787b9
SHA256 7e408e543b2861a80828506b069329a9d2216214c7489035612822fb36c41ee6
SHA512 08476838bcec184467c3856e838da3fff0bc7548fdb5d438030a918e36225a0fb683081cb73ad3df36e4f291a50b9c6ed636abba5cf9d1ff41c213c45be49651

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B

MD5 6f4ce9a465f45094510e278c31fc25e0
SHA1 9590016f3517899d37416247f28af5a65a7c3320
SHA256 85f65d730b55be343f2bb17d1f67a5fb5c2a20dc7a4e2593903048605b0ab350
SHA512 eb6021ee22b462c5413e8ed2e4015111ade3cc064159da61fb7a651abebbb851f9f9dbdd66710a43d489241fece080fa7de892a282ede3064b6d9c2a55d30a48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F00DA237FB5E031A47B83AD110F14B4A4316AA94

MD5 12a84d5a6f80e2dc402aa0efb3170ce2
SHA1 c75d9c1a31013cdaab6f33d98b7b57d5d0574466
SHA256 b5aa447d167640fcf111b106f36bad0ee6f9b17f04f92ef935c7b1e06397a15b
SHA512 0b1981722f71da1e00af364bec32f59ff0d25522a6bac3655c3f9022c963ff29c95e2ece3a58a15d37bdc520d14d163e6cd1ca3e33d1f0643f0ab6da383d90cc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D

MD5 005f18bc36b92cdbadfc18d355598026
SHA1 b046db3cde4e0b9a980812e8fa8b6e60617d4e3f
SHA256 f3c5f6e255603cee51e619da55ff76cbef4b6b477651cfae72c49ef5392a2e38
SHA512 897fb48de9dcf3b9605c9ae29701339dd2fa4cabbe90248ebac1bcabeecbadb794c13894b95fda37c6107015b92b8b2ef0572b32e14e48780d8a78c276b1b7eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

MD5 8e443310aa3dbe2b47ab82a7bfdd3bec
SHA1 9bd9689274bc2c7097c6ec764ea735c3fc1dc5d0
SHA256 f9428eaf33d330e0c34c30cd75e24f96305cd75cc6e8dd409c21716c24c9b076
SHA512 9e3a33627d0cd08310312e9c49accb9a5e5a63a2fc4ba6b3e7745585325a953308d78017adb984d54f3b34987edc4b3e8e37d73454da2ad6bcc835e89710dba6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

MD5 172382e6dd992dd42c0937b8dbb552f3
SHA1 2d369f53e4beea3f17d16c0d607512ce50fd6db6
SHA256 7b9e6b343b8f7adebe4c9870acb614bb4b762cde703ad5dd3dd930f123c79667
SHA512 d5d826d59e227ab2d82d87f873d736a43bfc612ff9df1666971d28d670f8ce74f9d0d04fb0aef034da7f3e4afdfe71a013d2d6519faa96e0254ae9ecdf955227

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54

MD5 e5fa0e61d16fed622de8a227f2590b70
SHA1 4453d073b3803abdb427dfa8f34cf50a11e628d5
SHA256 4fcf06e23db0615ef042891c4fa9856e5f2f83a461084d11ab0b36063da81d32
SHA512 fdb0b148210dd8d6d036c7acf199bf30f9c149238f040750e893612891f0a092f5effb7d8f3743b0de32af0c9c08ce0a256d34a8f69f53255f6e8417ad4014e5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF

MD5 3709c89289dfbce548c58b64b115a55b
SHA1 1beadd0c2a654299bd4839cfd7d41a288cbe56c8
SHA256 c2f45768bffcbf76d38b0ba07640385b6b4ee6103ec46370741761849e5e5d86
SHA512 b657ba3d3837b20b1c1b821b16d5d6fd701cc51826cdd99ec140abc34bc703757f29c318ed8c0281748d313377415e87f9b9cb66ba0bde3384d434e101667e42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++mail.google.com\cache\morgue\47\{4463d31f-a9d3-4185-b6ae-92d49389012f}.final

MD5 57618d45f1a752b4c219450869403522
SHA1 229d85842b59e762420f156984c6a5586237c74d
SHA256 14ecba5f33e97966562dfd9f25d5f68a56849a138254e6bf535d9973ebff0a19
SHA512 7c2bad8eee74bbcdecce791fad3f869151344f445ccdddcf3db32a84b2e2df046cb50927d69f6158c6c9b86a35f70ce5b95c79b038569faa732287c64295aa16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 150c09ac5078558921e8314f5372bb9c
SHA1 2dd8d2f53310e002f0909de4bc3172db23c8c8bc
SHA256 897b9cbe5cb2690d004e21fdb9bfa569c371d396fb2d9c19e33502c239f000dc
SHA512 4d8c2481b7803e5e0c6fc09664e3b17717764b4b442dd5987182a4611457246320f434405daa8c0da2511e3fdd17399871c781f9b42555999f63816f53f86aaf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\c5a8e166-4014-43d1-b4d3-da145933bf54

MD5 8277b9883940a146d13d1168a3c436e7
SHA1 7aa87c20e02968969650b04d762adce2b4d06aac
SHA256 e664c22eac59b35d2f85f0f2e188a453ab4934401732bada8066958bfdd4d056
SHA512 23b6ff3a2bd56427b6153949ba186921fad248bd11130c6dbc9cf247bcf4c896409fe62d93709683d4e4d5a1bc6ef38d5f89d9a2030cff0ab6c9f154fdf47962

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\bf1a10ed-e3cc-4452-8de1-1ac11983f97d

MD5 d3fcaf48f13e994ada571d00e2a814dd
SHA1 f65fcfc2d3d7b99756a8c4083a6e6b8163935951
SHA256 d054b31fdf6b219e9619bb832fcdf7ef5ea21a7c81668ef0390b9a5ec743a999
SHA512 1095e09579daf972e131be079babd18835b7e8b2ad23fdca1bd04d11af45acf04612856044d47d47b4375a3a921b26fb0b82946e0630499d0a7c6e483644b25e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a3e05bdc092eda64707499b4b34d594
SHA1 6f1ec9e11fbd7433f96709187555405e2795b9f0
SHA256 a23bd2f46879fa53bce143e907c9cc5df489dd7a29d3ecdac057b76091dca175
SHA512 aa0752972cab7a376fe9d1b6e2aa3bbba8306f8db53db91b301d704cd6df200cd8a52db9aac512346a37d4e6a0cbbc8a3702b83f88ae93db0ad6806e52d8add0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

MD5 dfd23154e465d8ee42857e7cbe1d2ba9
SHA1 d0249d595081f4f726c1b0da3290868fffcf761b
SHA256 d7e94e9b9b9ccef6469426010e7a5e0d1edf1e69d52c7d2d257ad086aca2bf79
SHA512 0f7eb2c87e9f27d4ca913226ce8315cb4cc2857d67ca56d505817da259e9f2dad7629bd7d71f73d9fdd5a4e7b182ca00fc27420f8bb3e780cf456af1a7a792f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a06867cad7a78d823f45069e7ed1a3d6
SHA1 ccdc04e305df86439329a8b026e8b9af87577438
SHA256 82199981378d574aef3f5f44325d3ae0e884230792006a4709347f8096dfbb70
SHA512 a77ad23ed56727d7eb25201116a5daf4a9ad29dbedc48e5d223a0140ab0494ca482b376ee4bccdb91abbee0f988ba958c5f7b3975c267cb54e2ae46ee74e4d6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++mail.google.com\cache\morgue\180\{28dd4037-8de4-42c9-bd18-9df378ec51b4}.tmp

MD5 615d9fcb4533363b0032fb2de5ff48ef
SHA1 a36560c52fef423fe0121e3e956148d4d050549a
SHA256 b6e77896c094c201436a553220f57aef336116a0119dbf63ec1bcc196f2b4b78
SHA512 85b64d80cd61aad92e68349c6306ced6fa660e0f891cbb40a93079d9b45257a64260f808e86d936d55ebe9a4c0347b5b91458ab36339d02de776725ad7e3b364

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++mail.google.com\cache\morgue\12\{c83b7643-1164-44e7-be92-eb3fb62dd70c}.tmp

MD5 8094d7c823758f6f8cb76b9b6c2a2840
SHA1 96faaa2de728a0087192511f90b3156cd8144292
SHA256 45d56f6c912091232a506e6c9c8cf63a614f99aa709979aaafde46eb59f1d073
SHA512 b1d2d783894b4fcde0a74da2d9672388eb2a5ec1b273e638c2c951482146e9cc800ff9509d216d9efe3f76ba9ee0a0c56dd2052248a0bad36ad5798e5f43c131

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

MD5 c3b539aa25b63b3c983d22d6c8d00517
SHA1 0ef13ac8c89fed3773df27eb2f79e5ea0cf582b1
SHA256 07a15092405c255521c138883e4f5466fb7603fb7be4bd2697b88ac20ea1c669
SHA512 8f84b5e9cbd2821e5b61b5347fccb5104543c8e3f9b1e6c3b1644a19e76c4277c6df9325bb750ed30cb215d7fb2fc1d7ac4b81183c0242879c4ede2909c64ba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 596ae1f2d09bd43c5b6a7c194e167c53
SHA1 e661c8cd24c9a2d0d74199f53e389bf32152a5f7
SHA256 9931b5db177ffff7cb90d8acdcb502496ad5078aec710e0b4f516d50c60a247a
SHA512 45c85b1482ecc80c5d3362f5be0507c61af5a37a4f72fca22b9d0bdc0c2552bbf54426f66f0e5c09d163650b42665e89a09ad75ccddf204bfddd7f715a974033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e1ef8ba6a460db18551dfb9ff8b3f21
SHA1 c83af0038860e61c4e06a9d834de5a2c4128a590
SHA256 7e46c924edd3555645369f4a50beca9f502a0a25bdd9ca6f8100b6f517b38f38
SHA512 c1b6031b718829ef80c179e31587201a15a0fbb8e50545e5c19d44189b6857c4621749670c0529c99c9da58a1af08954045a0cb2f9824165119d5c0098563414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58079e71dd900a5afdc35362de9ff494
SHA1 f0055ce2033165c1af7ad40827dbe8bfa8c91992
SHA256 6c1dc3e99b2b5e95dc4be14d3a1e7f87e8b6e5e84a3a4b08021aa8dcc1ad0cf8
SHA512 a41a7be464da47a4c310812c78aa1083dec2a007d4a86167892ec484ba78d193ef654188812fc1c099e03d91451db6fea823f4d5a0ceb33bd71124804b5d18b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f01d7c70cfdeb9fc8856d42742440016
SHA1 e862138d466624a0f7f65d43325f3fd278875abe
SHA256 73ddb2b7a4780bf6abecf82c201dfd997c2e2a21d1c233cc34536ba7fa1b28de
SHA512 063722f71eb3e141fc22af45eab87af085f5af903b9128315f7633904efc8aad47cbf5990ba7845759e80fb0bafe3220c6f73087de4186be0822785663b69825

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 8dff9fa1c024d95a15d60ab639395548
SHA1 9a2eb2a8704f481004cfc0e16885a70036d846d0
SHA256 bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb
SHA512 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 86fe63fc0e7a1438f6e28c33fe5064dc
SHA1 8e2536f901bdf219649c2ef9fd4915b2778a877b
SHA256 d70dec47837e50799c46d9b8925767d32f65adda04ec015be6af92bd4caffec4
SHA512 99f6f8abf56e3b620dfb9e961a71897c050e7f6b3d3b20801e5b7209a6f0afde2de637f26e4baf5d869aab99e99f1b872b19017954155fba0340f8ec771bb03a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

MD5 2c7063fbe85de97dfe8395ea09f61756
SHA1 98c80da5bc95ad3226f7bf0dd7928559ae2d0029
SHA256 30137c4a9762495c662a2650058ddefac5bbdd8035133092fae4e90af7048a19
SHA512 71bad075c3af175c9fc853a5128e570eb97d4d89ab26121b28f5ea09c23475c8ad2b29ba4d7fed26b2b6b37983ab17c3031714bbf7e89c71220dfae2f6cb6398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

MD5 04ffe044ac566f05ac974dbdf6ce9f3a
SHA1 ae0e2d141abc16edb6c9425dfcfb079b1c28a07f
SHA256 824614683c10dfc60630492ca4db543b1adc698ca9a24be971bd55a9e40d9174
SHA512 a8ab483440d07917df147c92cc2e2577701761f2009f986c7617f86624334dc179fe4fc71be5759c416940614cb00d3f61d2d4ad13a770131cd57eeb85031808

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2f4f38967789177204f7fb38e23f805
SHA1 708fdce042233c6de6402c09ab055dab7a48686a
SHA256 710ee9e9d336c1fe888b159feb5ddf33fc459c748b8df9f3821902b53ab4db5a
SHA512 d84a5d58a618002ee70e9f18c3682343d05f616b3d7df67e678e577a29063645f48e1e09636cb178d07af8aeed7870faea50d951bf133ed1900e71f42fbd4f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 915efa939f59f8d11b3b396384fdee97
SHA1 8ba02c63428ac494d96c7e23f475c922b8aa0ec3
SHA256 535aca0eb37bd8f9a80f48d9d89b7366b3d5ecfb213688b1b21935ff08ce92d0
SHA512 c52ce172e76c4788f55db1fcc5136d343f622c7fe3e6ed7a62e6af66242f1741dc704858eaf005cb3986346b1e687b28d74a0a83c7c9b2efc36a27a61475730c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ab442687f336e56c37810cf8f590fe3
SHA1 c08811a86081ced86048df619a74544c68902059
SHA256 62c789c5c600a3571b380e965aa9034ad4cf4882fbb7c356243ad2f9a47d8b94
SHA512 a8fc46704305990115fbbed37c45222025b3ee67dbc38294e4d6adb68becb104fdb330ba5ed7bb2576cc2fd765f6d8c7d2984f2d81a06c994a9ce7ff9bed4533

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ddefde94f475b070ac7995458ea8592
SHA1 60a4b567c45be6071f84d0964d3b83967f301759
SHA256 5442fdbe7476de691bed3b87ac8628c2cc686afcc3ffbec5e034cde01ea9d320
SHA512 31ec71a75511ba57e4823a355d0207bee7826b1302be0941de96341662742aa00ea8f9dd0dfd1f6557f57f296a99707312c46abef33d6c01c53550c820d68f1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a75bff162374d950c1532952ea1255d6
SHA1 f92a03163c75d47ddadd6ea54760250e03731ebf
SHA256 c6b7d7779bf64f5cd536a62d07e0e787aad59986741f863d9d33a4c8485bd654
SHA512 522bfe450ae5ebea3d4f651d189470b8e41f078e385d9de8682b89f7ca34a1219050dd0292c244ed647c711794339d4ff954fcd1239728721a327d0393100129

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b6cf76b246e9f85b2d0d0943d2e66322
SHA1 dd7224a381881713d365def2d4c527c83de146fe
SHA256 5975b8fac0d9addf074510b71117c755eb2e24e59a767c875479baac45cd445f
SHA512 44d86cc19fa721fc85743a14c5acc0dca85a2624360722b3e7f3f43b7d72a012ea6533f481563f681fe5da3ea6aac151fd88de9b651a27259385192b47e71e1a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 da30905a0dcbd4f0a49c3a681f4e01a5
SHA1 2f0d09a7769b95f476385d383ad57d3b5d4e90f3
SHA256 e5b42b026ae918d5160ea4cc51d2e46762a4d682a5681850ddb680eaac9b9e7f
SHA512 cb33d853fcf25b6bcfd090cc29e95210421d6ce166867ea0d5c1f61f0a3d45058d4dd93b4cc88d7a35a65e0812ce25d5e125a75423dde947c9d9d3a19494c776

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 175685fb06a69d9e2c7c052f17ed33bb
SHA1 b7b5d45d12fef73374b687f4c1cd291eeb8c20f2
SHA256 f4b315eb9209f655f39409ddc2cf3853fd07509d67f43ae47afe3f777c06a4a8
SHA512 e61d0112cee9128f1d78f7f2dcb8586b05687d9dfe30714b6ac8995c5a84387b36fd0a165101f38ebfb7b6ddba72b1df09e9d070786a0443eadd14453bb791ea

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d7ee9cc0267499439eccff920203f5f4
SHA1 4b7cda9062217833503650cdf2193fa774505407
SHA256 5edbc82e14762385c33817f75aa782497b38338b6508558e406a071e28c6d9d5
SHA512 ed909458520a393c2ce0cebc1ef8b28c4cd922f3a5c6d1fda37c26389e9f21031197db95b820dcc71025be4382ec12c10f33b5648f6a6b1c5a3ed0b400f48b87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22aa913cc4d8873887f1cf0dfa5eaa2a
SHA1 95613bd2f222ae9651ec905476de96a39eefa60c
SHA256 20665897495b8817e7f1b79bae1c687db5fc7d5f7baf7da5150a580664679fcc
SHA512 16903fce890d440daf6bb4ac2ca2e4ddc5141d2e793cb71cd43538d2e245fd95df1e079a62c431254e97540e8a1e63659cac5a1beacfdc83a40a089096a5dcc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0efd27e02e03b829fc33db6f25c9932d
SHA1 c15e5067cbf755cd4190e832ca77058d40be4820
SHA256 d01b0067cc619f01f621b878546d93003d708bdd8447903428114bf505b508fa
SHA512 4e3c79bb0488d444fad9e167d08b802cb164074111b798294297e834a01e4414c317cdedf40e5170251664c91912e3550a077366028f5b705a7eeb07fe74f273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

MD5 b715a5dd019d1b8771a3031ff85c972b
SHA1 5768744eb85d3137d094458e4b7842c1c5c526cd
SHA256 e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a
SHA512 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3acdcc5f4c8dd6c71ef6c16af002ef2f
SHA1 8f65990a5d41d211c3865ba50bc001f43366b2c7
SHA256 656e34a3cd4d99c80d2a8e47c8945aba228d9a6f4b8e434f9099d6382c33af85
SHA512 0e5fee09139818acccc8001e131584a8ec87c94b2900fce6abc521b8a1cf9506b47c575640e7261c97447c16dba139e5a33c69b44caa22d9aa890bfa64806592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2a0bd14852a4951be647636903b1ead6
SHA1 3aab2347174f5c6f22b2f1a612a2dfc6fbaf3d79
SHA256 6c03c239b1e54d8747d237900e988b662e38b3c79fa0916f079877c918cf9355
SHA512 fa92b836c799377694bea7e105d75d2e0c3de9e1dd4eadc62b4324dcad410f44962f0dcba4ed434b7bdda5b78913673a4d4161caf09facb58cdadb26b74ebbd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8b0b5cd-ecd0-418e-9b8b-9eb5b15bf556.tmp

MD5 9365ce418a7400f50508b053c83d6d36
SHA1 4792759150d50a63e8ce4ae834cd904c89201fb8
SHA256 d464ac806af5c1a865dff7a9e312cd7984ec702193034b8535f47aa57d4034c1
SHA512 150f438bd4ac8eba240110c5ee5c4f25040bb350e16019895772c73da61d06c919b196e6c0dd3b63566bf34b05741fefca29e0166c9ec52bdfb61e02c588bb6e

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 e16e648456a76cf6c12be47b86b4401c
SHA1 a033d9a48bf918dbba65ef29576dfdcb5db2194c
SHA256 3032ddec0e6152a0aa21929060e8fd6fc0a55c4d7d8c534fe6be24775dbc39ae
SHA512 68f335d81d20b8e5e273310148c011aaf8c2d42f2902da31653f705090f2c86f6a1c872c40e776aebd0c394abc32b87efa0213c95292467fa3b5ba0b8c9a6d6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c354aad37a4298c9eaf30cc8af00abc2
SHA1 2165dd99e9fc6493279ee83a61754273aa879d3e
SHA256 fba94412f1c7578665c507b38b9e4db9d3b44f0c86241baadb5138ed930afbf4
SHA512 a9a7d51c98301720a7ff2e91b8826c0e3407fb7aab4c940929782fca1d7711a689c199e63da6ffed4a373418f230f9534e063bff3a1d30d91f9345420e5ae2b5

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 59424c76dce707ae9be1c22d3792615a
SHA1 eff79ababae89ff5c6547826241d6da9830bed33
SHA256 56952f66488eb973dd8dd593068ae19699bd018ed67dbeffe7a33efef4b0d1aa
SHA512 c820c679ae7b2e4f119a1d5e6ea2aa2f04bd614fba1f1a8c15284b1248f82b9eac4661ca63ce26f2258e8c7a0cafaf6898052ae8b2dbd0e17e92c1ba9db20eee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de682f05ed581cfc8d3a2f2b62069574
SHA1 6f15be1b0ed4925194098dfca0bba63af5e0c1be
SHA256 d6160c31432248498394c110ef7a18a02ab3a8d8cdc91ee6e4670b397ab3ce86
SHA512 68117c9195337abcfb4aa829728be35573b29376886deebb78fed689037ef43bafffeed85d598d02cf2bb2b8ce9e707f0a719fe702da000cba2ebf96b2deb2a0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 59a8fce0b77ee833f89a4e326997188c
SHA1 228394baba47c5da192c1192f51a1b713164aae2
SHA256 56da93c87616943dbe21ca8e06ba90257025dfd2fdc1b5659cae01e6d7dc2797
SHA512 38202e3b31a363eddadc02e58d7f2abc5cdef6cc542e7161ae25767b354268ccbbb177fa113088bf79f50833f16b7c2b5152a2e04a7825a493ba652d4bf6719b

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\4eb40bd3c767674ee4b74fe5497f0863

MD5 4eb40bd3c767674ee4b74fe5497f0863
SHA1 e632cf2bc598ee38f323b331b4b64de0fd51a706
SHA256 fb9fb730389c066f553796c8c843b507ef3101aed13f7303d5f1ac6c347cbd2c
SHA512 33b5b734a696d67c5ca9dc911f4920a29316fc901bd1b0a9cfb1702657d7f017806c69b1aef80090f64dba353364dd987e3440ca2547afbd3fe4e9af61546660

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU8B50.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 408105df79f8f63e7cebfaeb886a9130
SHA1 9018ba3692a007446b172b4972fff535b8a5231c
SHA256 5b7e09d93f9c90a78e317212d56280663fc40aaa98f9a930d2c8aad824977724
SHA512 4c779c4c5bbb7d8a054e24600fac9901011b7671efefeb9924ab4b859a71e2e0ff7d5b749a4f466b23dc24a5da5920a0195325caf72cd7546a8fc06c8e6f4960

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 253921d83e6361a04c344ecdf4e8a6cf
SHA1 738d7cb262528f1e239aa477f3899fa0735074c2
SHA256 45ff548b4d8ceed5c680900922133cae4a2bf2e3ad869c618944a8b8f85b4c52
SHA512 551ac22239963207de7460cbfad2cd30715d29a6fbd150ca72322016daa3c62e197e6f1327723705acaaafae6defa3366c7446b856c128a352e8eed0cdd413cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

MD5 9d7f2bbb80a9fcd5df7bc296c36f43cf
SHA1 970ff2ab7f4a3f04fed9bbe5045221916710b1ee
SHA256 aa4b94f055ef7b1ecc86a2e5b1ffeb87b483abfe3536804033ae4efb6ec5b067
SHA512 9e3c52ad3c6abc206fe72ecd888846350c0688f168be7f0b785063c1b2a3b8b0a6348338f6a8dd316734f3bf320af93c7ff1fa74a35e9aa5af3f9222df6c0638

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

MD5 e7accfc190de01dc53f2ced33c533363
SHA1 28bcb398784dd5f2543c4cc9194ae75722208551
SHA256 cfe902f8c44a8ac9b475ee6a99db8a708b34f8ec57281f6ab3639f1f79cb5477
SHA512 15aea02835df03370da476a04b3f37d8d90d8bc97c91d178fac8d4e5314f45ced6d5e4099ae630b214e2ef15a1becf36d21b190ce5f99f58ca5a9dcf54ff8e2f

memory/1220-5726-0x0000000000550000-0x0000000000585000-memory.dmp

memory/1220-5727-0x0000000073C40000-0x0000000073E50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d83158cc1da954075850da866e95964
SHA1 ac4f03eefa640670a20c30a84b385dc0cf445ae5
SHA256 a1eec24b29c89cdb3e62cf990a49100a4118c578d911eb14798201a3af3d40a9
SHA512 99f232fd721d9f28f4a11d7515505224247115d7caf3fb1a99263696398e4dc45e088cce05033dd2a225ee96dcbaafd175fe8ae7b57c79ef408d8d8486daf4f6

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

MD5 147422ec939231963d71d043b75f1727
SHA1 9d241c45c50c9ec84800a5f79c806a7e0b6f4082
SHA256 4fb0f7b3cb3eee6882a1ce5531e7627efc34106a4f98a8c1f3cafd2239dd0d2a
SHA512 e5befcb9fe6c0361a6fd2e2b71ef2dd0e53fed6c9a3e8c063d27bac6c857f8c892f7f4e05da83ea8407fc1dfa46ca5711a35657967fd525407844ff0cc0a64ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9a10e4332d7089b5890fd5465b4e162
SHA1 9a8a182d0d9d1d51e3d6472c4c71a3d76c6eb3c9
SHA256 b2b118de43a19f83815f7135a6258bcf4a002a675a4eedb1a804e949515e01b4
SHA512 3f4acdd9829605b3d8b7a3f87164ab3738c580d173962c39b968a12523d882eff4d7b023098fce44cc62a3440af3c5ff292c99dfac414b8ae799385fd7b2f09b

memory/1220-5794-0x0000000073C40000-0x0000000073E50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 400f5d3f571d7469498a8801c240a504
SHA1 6e97fe472bbc4d3aa2692699051f89444f1b2dae
SHA256 64ab345051f431b9dd64f5b216091ef9b217eee76222aed6219c21652e79976c
SHA512 378c064dd89edbab07f59155fe4f9af4610646327fe3846de97b3fc6c3682f8cf5910624e8191cc90859e3d514cd047ab972b8a499e372b3518d8aaf2e7a7156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd4b8610f0f9303b547c9a71e1b734a0
SHA1 8077843151b8ac25e2e7ff94f80dca17ac777e10
SHA256 dbb34c5ffbf17538991158b23b83082866e6ae7460eea245c85174847126c3df
SHA512 02114bfd50fe38734be408161679751b9de07eabbfa5418226bf2756e0a95c6c009e490dea4724369be6d4e8ff8ec954b9d320715c61d89d426926913047e828

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d5a1901eada86f78c162f21d00b2d93
SHA1 9dd62fc274008b06566340441012ca9f95c0ce9d
SHA256 710f2a66f7458af168219fa7492e98b16e3399e3ebdab04ff679e9731a6461c6
SHA512 07e9761da76d2db5928bb4aee6e7bb6d9f6f265f5cadcef294deb4800b4bdb67d72d9374cb500196ed56191737c739236ad7acf742e255db4663596b61d62b4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

MD5 afda53ef4dacd3e5c028b5842ef52cdb
SHA1 4f95da3cf5c5c0420fab4737a6404d1828616447
SHA256 fcc771e158334585c0378ef76e8b7e6475ef12245c3939f8333b84af33109dc1
SHA512 0fd8913a1f1fd1ecadcfd5011fc79be3a0f8dd6d5f69012cf9647c44e920f707b86452ce3aca226fca592077cc295e92015c981e8582ace0f40420818aac05be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2e39384814c57ea9acbf59b20cf8a9aa
SHA1 30b99a3038819ffca6492891134eb9b90e7b5866
SHA256 d4eb67597758691f54ad78da7f6783d41e6f0bb33ce790ab84fec7df66e60919
SHA512 8c3ab819b9c74c369c1cd11d02936f5cb15b7897dd5aba48bb1ec4c0c30300fc5479737888a66528169cf3292d77acd3551b92d9c05a57610d73199ce6499252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

MD5 4b6b49ff2d726219e7a202d177ba990b
SHA1 e92d330983326cef35ac927135f3b21362972725
SHA256 a2569c08318a9243271f3df8bbc6f92d66f2e91e2890dc8d474e3dab28312327
SHA512 a64afe0f236fbd6cf150df09db04be72cac5824ff12dd26a0cf67206ccdb665ed8871eeb7830c9339d33f7926c2bc707dbf2b4e7f136d846465cb453ac59c794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a809ede341303904aae33e32dd5d2b6
SHA1 4a8885f531a178aaf04fa5dbf718f551528d1934
SHA256 d3747261985782e375a67fca8a46c478c7613ca13e099d89cf808ed75d1731f8
SHA512 187c7e667f6057fceaf9dc57fa3cb839a06c98e19bf7798d124e7c154af4842babda5ef335ebb0f02e0ec40ce698bb507c435f5e24fbc5553177d55e49f45b57

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 61a5f1938bdf52b2a88f2c3ef63e441d
SHA1 01be00d32fa8c9fbde3bfaefde5d68acd19845c7
SHA256 936b9f6ce95bbbaa11ec48c9a43cd247e00a302cc1272c66c8daf70ac204ec9f
SHA512 269256e8b57e433ce7defd2277854dba202d7ecd198a05dcc765c228422b46ae5e9a1a24d5dc23282fefceed4f46792695db47d658de3a94a3fb0f62076b2d9f

C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Installer\setup.exe

MD5 c2f035293e07aaa688bc9457e695f0f9
SHA1 c5531aa40349601a23b01f8f24f4162958b7ab72
SHA256 704df2272e51fce395c576e4090270e0db7c7562f5b59779d36ca0563505cc91
SHA512 70228567ef097bee2b3e04a5300437adb3615d4217d3a2d08fbef364afbb54e43ffb5dd0e5f3931737d648f56f912ebe35121cc8421354d8c2292fe48f5efc51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e748873d60abb2d2bbe157eb76682357
SHA1 648065983435d8bec2ced196e20216662bb41330
SHA256 3b67c1c812bc27962d327a37eeb6cb8e3e3bd4c60d2832a3fde3603066ecc567
SHA512 6d3d27bff818020d35952a7bb3a537165d5958146bba193f92a3b74a545e349ff5cecc02a56c8c9cba73ec379b782c57712f01aedfad78443a43544020ff1d8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac16c3f4c40d61a5a0303159cb897f91
SHA1 bac72c8f370692461dd9f2d564f02fce16662629
SHA256 bc42b4b9bab8b758103fd2258793d5af2783832449b942a8c941eded33e07265
SHA512 2ef6bcfd185ec72dac15a836e28b7664f9d59fddd4e7e1db92d0d0dac300e4d0525b8f09a8e8737f066dd2f53db5c8a62fd348686ba1436178596eb85798808a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 ce9e6b354d3fadedc58f5c06be6cd748
SHA1 e8df3b22737f81537c717ed2686d2a9ac13ca92d
SHA256 fd57b2d78299fd7a27c6e400cbd73787359bb62c8aff393e26f097928b41de51
SHA512 14e564b87001820e1d0a995e2ed00f97ec720fe85317a99b03e03ee4e6b8bc1dbed528a6ab7aa684c54bc7ec9b126eab611275f9fbd7d54a12dc0c707f3829be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ec6d09be88636a0191f3d90ea0974bc
SHA1 95df3fc7aa4f995c73395aaddacf049994924891
SHA256 6a5dbcbbafd66ccabf277dad4644dc9109b63b0dcf50f1d71e8f8d8fa2a960c4
SHA512 887d2784bfcc1f53b46ec7dbf732fa4a2ee87340b9131c9747bb203d591f15b2609ce530c2fbd8e27959034ad33e7717fadd668571eb25371d3cd5d225dc067e

memory/1220-6013-0x0000000000550000-0x0000000000585000-memory.dmp

memory/2312-6030-0x00007FFC29360000-0x00007FFC29369000-memory.dmp

memory/2312-6029-0x00007FFC292D0000-0x00007FFC29300000-memory.dmp

memory/2312-6028-0x00007FFC292D0000-0x00007FFC29300000-memory.dmp

memory/2312-6040-0x00007FFC288E0000-0x00007FFC288EC000-memory.dmp

memory/2312-6039-0x00007FFC287F0000-0x00007FFC28810000-memory.dmp

memory/2312-6050-0x00007FFC26FC0000-0x00007FFC26FD0000-memory.dmp

memory/2312-6057-0x00007FFC28E80000-0x00007FFC28E8D000-memory.dmp

memory/2312-6056-0x00007FFC28E80000-0x00007FFC28E8D000-memory.dmp

memory/2312-6055-0x00007FFC28E80000-0x00007FFC28E8D000-memory.dmp

memory/2312-6054-0x00007FFC28E40000-0x00007FFC28E50000-memory.dmp

memory/2312-6053-0x00007FFC28E40000-0x00007FFC28E50000-memory.dmp

memory/2312-6052-0x00007FFC28DD0000-0x00007FFC28DE0000-memory.dmp

memory/2312-6051-0x00007FFC28DD0000-0x00007FFC28DE0000-memory.dmp

memory/2312-6049-0x00007FFC26FC0000-0x00007FFC26FD0000-memory.dmp

memory/2312-6048-0x00007FFC26FC0000-0x00007FFC26FD0000-memory.dmp

memory/2312-6047-0x00007FFC26FA0000-0x00007FFC26FB0000-memory.dmp

memory/2312-6046-0x00007FFC26FA0000-0x00007FFC26FB0000-memory.dmp

memory/2312-6045-0x00007FFC26FA0000-0x00007FFC26FB0000-memory.dmp

memory/2312-6044-0x00007FFC26DF0000-0x00007FFC26E00000-memory.dmp

memory/2312-6043-0x00007FFC26DF0000-0x00007FFC26E00000-memory.dmp

memory/2312-6042-0x00007FFC26C80000-0x00007FFC26C90000-memory.dmp

memory/2312-6041-0x00007FFC26C80000-0x00007FFC26C90000-memory.dmp

memory/2312-6038-0x00007FFC287F0000-0x00007FFC28810000-memory.dmp

memory/2312-6037-0x00007FFC287F0000-0x00007FFC28810000-memory.dmp

memory/2312-6036-0x00007FFC287F0000-0x00007FFC28810000-memory.dmp

memory/2312-6035-0x00007FFC287F0000-0x00007FFC28810000-memory.dmp

memory/2312-6034-0x00007FFC287D0000-0x00007FFC287E0000-memory.dmp

memory/2312-6033-0x00007FFC287D0000-0x00007FFC287E0000-memory.dmp

memory/2312-6032-0x00007FFC28740000-0x00007FFC28750000-memory.dmp

memory/2312-6031-0x00007FFC28740000-0x00007FFC28750000-memory.dmp

memory/2312-6025-0x00007FFC292D0000-0x00007FFC29300000-memory.dmp

memory/2312-6027-0x00007FFC292D0000-0x00007FFC29300000-memory.dmp

memory/2312-6026-0x00007FFC292D0000-0x00007FFC29300000-memory.dmp

memory/2312-6024-0x00007FFC29280000-0x00007FFC29290000-memory.dmp

memory/2312-6022-0x00007FFC29160000-0x00007FFC29170000-memory.dmp

memory/2312-6023-0x00007FFC29280000-0x00007FFC29290000-memory.dmp

memory/2312-6021-0x00007FFC29160000-0x00007FFC29170000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 46d898a059d9d645e3dc8a8c2fbb8ca4
SHA1 c469692af6c9acbdbfdc37a02fd6d52027741554
SHA256 22d7d06300b8ea9f5fea05da319aa8f6bc644318e49da3481bbd46474ec8cae8
SHA512 6a162a926cdf688627219507ba6e4e7a4fce68c6b082d1cef23a6be599c6a89c64318ca76c807f905eadfa9a4a6317d528d930bd6ff59ce2b82523906e0a4c6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a5a22c2a18874413ebe2180a845a5edb
SHA1 552f2c6d6d0f7f5896dc8176ae9bac5b23b8c04f
SHA256 c8fa0c621dcb9d06d36b3b80cc4f84817e3d97f521f18e03df0dae4f4a4ceb09
SHA512 bfd44e0c10dfd3512c12c424f107fa80b7dbe56b2733770447bd9c2b2b842be3caf6063121639a17c292d3fb368f1343580a73d08096054bf2f23d8ac600f4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

MD5 d63db1dc0307fcf9e6e3be5845f0ea04
SHA1 1333aaa2a3473c44ebda2f63080656994996eff2
SHA256 ee217323ed9f2f9cf7f64be80c5ab0bb6f3f7172e36b5aff225426684b13511f
SHA512 a789c1ab36fe8748cb3dbcec3104a965a42fec789f6cba179f7bde56e9a6b3932afcc03444f4858f2622ce3f6c17f6cd277e11dd9d2cc2b2c73db8060fef86a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0dfa96a0555a619ac5ac02e957009ce5
SHA1 a6b1d0d10d96bd419c4b8fd9d46aa3c64d50d700
SHA256 dca1b64a9b18a73a1284a6d4e0ff7fb90eed714e7661eb6328b1b51b49fc8aea
SHA512 c33e3a0f2af4e56d13562dbfe3c20337677111f63cf1098fa1a27b499c83361a68a8590d93ae99175eb99f30ea0e6216cf58e18bd89edac79389b2f7191d15dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f9b78a60ee601b88a08963118516c9c
SHA1 cff732352f13eecc965530b7cf9a7ed9a64120a4
SHA256 0b4909dc329e3f4e87f905582b5fc7559aec63de3fba45efafb9f2843750ee6e
SHA512 48623b806aee7d641b0f998efd51fdb074b5d2d79314427fadd473886383e36c07a9ba33f3c504dccc0b74b079891e143f7a7d509832915a85a2ab8ba055a772

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84c3d96772cfa907db3f138aee9b6e2e
SHA1 4fbd9d3009c99c49399aa6d97ccb3f1a227633ee
SHA256 bfee00a326fa0f0e263a0fd6dadcc6942a6ad4310a9ac5f7a47e03db8358eae1
SHA512 60ea7700c1d2dee960106092311b65e907fa8b5cd2b50cf3e3762a27404aa11f192c770835cb5c6480118a01aab30f35e42365c17f0b3ea4a5538d1090d0f8cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56038fa8c0f56883882256cf737f3c3d
SHA1 13667715449037af7f6b9b02c9622a7eb490d781
SHA256 58dba0953708200b3128e1722fbb8a016b2c02a920d8c8891fe7ec0f179ff452
SHA512 238a0af0711366cb0cd441c58b95351f8c70fd9d95d157c5b5f1d91f787ee13b556ccd770b19392cd78f7d961bac6022369e2fcd28fc320907dfcc6fe8ff7d02

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 03e3e0d8c346431b5598369c40b7f3a2
SHA1 6b74bff222d28526abcaf2515e0a71794820049b
SHA256 2037d74c841b6ee6117eaa4fa9780e7c7efc2060ca24e3673451345f2586e650
SHA512 ad5b055763271470fd198ce26c5e4a2df5d33e7ec208245554329ae4d4ffe6efb42d7172914f7f17c19bb99bdd071b9ae71968431b87139e1714aa01a83c2aaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4078186e225f057886ec22a78dfbf9d8
SHA1 998d91daeb861174c23548a0a64d72bc850e2f5b
SHA256 302f8123bf5213644143e7773ea8b4e3be49a79bbc7b7dd576bce12dfa9e65d3
SHA512 8b23616dde5d5b6ba9bd0d2c7d4022704f8265b0a173ba6a6c28d9d2d273f8bdab5ff6b781c1a11f875ec26930dc93e33c1b59c81a918a4847965ee05c99bd03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 86492a3fb47db5bb746db3aaf2fff72e
SHA1 dcbed4d3d7d35e59ee9b7b1ec2ed002e3d2a76d4
SHA256 31fb80a5bf8377463aaa59617f627ad003a710e5de98c4dcec7f2ef234642b61
SHA512 14cbbd0ace2c80beeafb51fa2c029c754dec69871550251053616884b302cacd0530455212fc90aa24f4c2b0ed273f18c3cff90a353ddf589bf16eabccb9d799

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c3bcbaa132762da88241b920c3f944f
SHA1 2bb64d707ed8b520f926b28d74afe6bb5c47c541
SHA256 fdcd023b6e606e251ee2f4dc1a69aabeebc5d78eab1a6697fe1cc0e93250789b
SHA512 2fec506a60706d50c99ecb60bb7aa19117ca1a33cf2bdcda0b3a93e01a04ab121eceb8bddfa4c0bfcdd84a83d1d40f7b5c86ce73ace623cdbdd1f1455a083961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5801b1d4862089c6dbdf7cd9904b86d7
SHA1 d3d82955c93bddfda487cd07d7df87a8f6587eb8
SHA256 b3950abe58d0c0966a442e60edf4cec20db06ab60da1811b8a62343baa42c0c3
SHA512 e49e55f378b5929c45b15491eb472067bd0e632da494fca6f71c1f9a9b53c70759f351a619ffd75765150d9c0c780056be03e5736ef3c91eed8854ef97c4d5ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56d76adba5e47a18c1070e28acfaaf54
SHA1 d5e8a3b885af6559852abe226556ba789d5a2006
SHA256 f1efa757ebef67aa4e203eb7e82fa70d0c58dc6856b6f4c89d20d3662b06f820
SHA512 cd700d2174bbc1fce36ee993dc324a247f02fb5fb7657b3a77ec35fd9bc075bdb6504ead0b77274e06dd79d7c29c29685f6bb0fd53da5ac37af0d98853abf357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0e56304066e458396202c68ffd149185
SHA1 e24045f9c263be88bf8d560e5f411cb923a30aad
SHA256 06a84e183f68c5173279c9b06ddc639602acac23d7ed8e9f56d6c69100226102
SHA512 eb25144e03dd96dac67519a1d01b24756a1c745efdcd7edc7d32cf63868d57eb6af1995892a441fdf1146fbe79091f186ca3a32e41ce46756679e219f20d0ad4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e1e101e90dabd4b29072be2e1b13197
SHA1 44d964f50a4c5676e2b1a421acd2bd8b84801648
SHA256 cdbcc1e5737bc4b9e2ba364e5002b73b5487f8851643a58efc3bff316ad26a95
SHA512 111779080246662f427f0241d5ddde3a6624f691496814bf9934e9827258b23da6aa9ff5612d8462a106756ea8ce2cb19d8720d6a7e0267d828f78c18b5c770a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5645ebbdbf817bd8547808e53b5d0148
SHA1 2aee5a5b77b2c5889653fb147760896eae77d190
SHA256 e3bd59e5d07d7eb814e794aa845dc92acb9b8c789546a29239f49119d7041fd4
SHA512 f4f5c76f2b73988484891cdd7fd36912a98c4db24609d5ec684a76e39cf5686224f1faec861ef6837ba123df0f492fb39b9ea6c1371e79df3764bc9802bd4e03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca860c2c847c865affc49f6445bf88c9
SHA1 244e8665fd552f5abab570aab64ff2ee4b02932e
SHA256 098f2043eabaf4d28657f3642b047732a3b04043facfe393da846728a85991bc
SHA512 742add366853b7adb04f0de3e2891ad6b1ded394e4a4eb0f63f499952f84904f0b1a840ac8fa4e7a0ceeab5098fdd86e6ae526f3ad70a0a4221a2d1b8ac0c78a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 775ebad7280b440ab6553de5cce3ac3e
SHA1 b97e48b76b1297d71b1fd7f6cab6c5f3e664d952
SHA256 8d5649951769cc2afb92ef8b491c591096ac027a0445dc5b11f0e64fc1902b96
SHA512 330e2cd83609ea2654f7e1c08872bca050f48a0df82bb4e98abbadcd9b7f9ed9bec44c4a60f8d6db50530bf67a7c90af1e8428deb1d4f8471cad75931beca992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62e3285d94838911e5384fcac8014b1c
SHA1 81dec0e178a4c71fdde51c05ad3850f884b8e14f
SHA256 801f6da0ec7be1595125aaacd3318d7ba9c4749bd8387329b5c8768438286605
SHA512 d489897c657cd73f66b35477ccedadbf0074dbb9c8b897a768a2cab9df2d1c96b66ca681f254613803ec1d9fbb2d20dd02b4eabb4bbfabff60243648691d6c8d

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe

MD5 83f7907f5d4dc316bd1f0f659bb73d52
SHA1 6fc1ac577f127d231b2a6bf5630e852be5192cf2
SHA256 dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819
SHA512 a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

MD5 35f1b298b4b2caeec47637ececda8872
SHA1 c064747dce174c1eacfa8094c624e00ed81cbc09
SHA256 06cb987b4bf005ff32fbc224c3317881d96c151ea94c2bbbe818d00f7e50f28b
SHA512 b40d1794a25778c2812d5c55478028bb65f69c34dff865fb60efbb67a0ee17006f4f56796243e5154479e923fc1489231f026ce2da6264669377479436db0284

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

MD5 63a7577195862edc014b4cad8189dc97
SHA1 2ad6a8d758c4a9b5df67a92147b6c479a587b812
SHA256 c1d9cd7f1ac602503ec67894377b44e11eeb1b85ee799395acfd9d13a4c3fea4
SHA512 d64c9b4419ffe25112e2769dec423b8745960f77fdcf92d0a51fe15c01bc0fda7408282776b8434e02eafb6fc7c78b382775c1d11e575f1a7a260c3b8287ed20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 bf908461ad11cc80ca5a1afd42f00546
SHA1 e9bebcfa2d6a3bbd91cc66d76df467126418545f
SHA256 d2c202387e652d8bc69385da1e436b6431adb9940cf5719040be989d27279bcc
SHA512 bf5042a2e9b0e73d028b0fb741ab059599f0d67b4f38d987f2b2ecd2209020af6d8ea2f6a45d2086e7c91fae58d3b03eac57546fd86089e68b562a88cacef718

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 54996b127dc76dadb5663204bc7b3033
SHA1 4ec3292b9d1344fbec417b34f6066cb224b547da
SHA256 d5b392607542808c0faf766c98c9b2280c6c541d779eb5cc6c0da20e335f24bf
SHA512 e5657de515f3fa25fef1ed09aae27cad27af6eadb4ea256884759537d433bb553ba59a6b4817ac2ba03833b4e9ec9b8f0cd21e35435773f66bb50e20c2130021

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\D059FD0322F695507887307109721C11AAD75FFF

MD5 956c54f6cc592b7da34f124795ef9e49
SHA1 e600819fc4b2582e9bea115afb04dc38e50c3b49
SHA256 9ab0498d6cfd13ed5ce7aa58d4f211786ff42a684ef13706616534a7b96f11ca
SHA512 900ea20f96dd4ad5cba384a9bf9857d6066248e5a6f5a9b5e903581908267a49bbc9d2433ecd17f8bf5114422709573d72156385f79617bc8ce647ff9ddc7ae1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\825298C29785E3F6AF4C3484828F681FE0BA43CA

MD5 c44f0cf8f208f304d372ff566df226aa
SHA1 9f0d7832381c9d0dbf61c869b28c1402325108db
SHA256 e363a4ee3def95e3777d45cefc350fb84ea7f6f76d2801d8b2a68531920eeeb4
SHA512 3aaa541653f53b758cea97fb04f3a52258c2ba179f9b756d803736a6ca146bcb555567c125297507d8f5c8989bc199a3b1bff4baa51076d08cc741256c99a94e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\AEA9BFF7CEC00D4B526DF934581FC40809985959

MD5 cf73472f8692c1b5818e627a50c58b8f
SHA1 1fa26c3a2948032fe51a47498cc51cd1c291fd59
SHA256 ea4f4b31cbc5427bca45563b87c6aa9160ca9f2ccb63e98c8e8cf11d58ca5bc2
SHA512 6589310ca9f1e9701f428cb362b33c0b666e20f5b55a1437d44b8f4d1bb8918dea64b4ad17a30c3648fb5bc2e634cd15ad250c69b01e4ed980f1069377501556

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\32027373AB514902694BD2F13A8E08513EAF1DF9

MD5 5e4bf19ae7f091da11ae5e984fcec059
SHA1 54cb1bf0c701757b6ebe96e52d6a0d10c899db81
SHA256 1f5d973449b2999c8048f1fc9b9a92545ddab184bac071a6ea93e29650305ffd
SHA512 d1f858f0a2c4a6be514d155ada5973480db1fec628354be397f230d45b99ff1fd8240d2b4c142c3882f5b4d0ffc878b697f888dc68e5f3700ee216a92bdd6033

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\552D7E776EF97053734643ADC0C74EEAE5E0BE4C

MD5 24069ad8e13c005fbb2e3ccc80a2b519
SHA1 1cbe1869c8565aaf7520b713d5c8a007c5e3a92d
SHA256 ec756a46d7d45815912e0dc6ae26c4f551fc41f5b8cc6db8a9e3f40c2201dc2c
SHA512 d702f0ae94bd1c5a543f9e0e7070ec2a7adfa499fffd4247c69e8b1e8a998721a44c8f319c13a9802871fa5d96efc20e9cc9feeca7c6c0c2704dc47740dd9b66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\EB921352F352981E1630D05B67EE4FFCA81B0519

MD5 9402d10632f499d2b3cae89ac571cc98
SHA1 7340c20dc7c1052bd89c6b624669a48d706cb3f7
SHA256 568a17a333e19bb8e0338b62b96d15784a10f4dc1bf47d68553be962b5c4c426
SHA512 5d6f02c987781bb5e3090e4861fbbdad9ed41e50c0074cb65984ade3268fbe298c7c914ab2e49c7e54ec47cc6cc8f1ffbd33188d0106694bf0fc28895ce8e6b3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

MD5 69076a74528fa91dd9e922f3f0878f57
SHA1 d4554b908ad9148ec97ebd0d1e5d06a37b98912a
SHA256 3bf2a08e5990a9d639d11f218772d96869fe7f9af7bc5b9036ca07e5f940a361
SHA512 bc719c7a103cac208d7a94f49f2063245faeaffb956144e0a04e6021e78126d3008753dafa5026d95e5b725fc1bde181deb375126914c51788e852b3ba8cfdd1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\05624CC981C1E09E289ED3A0053F4AA121CA018F

MD5 a4b61a4ec7eec92d8c5058c1c5581518
SHA1 3b4cfd314def1a0a99fd969d83a95095abd79c2b
SHA256 fafb4f9a11f3da0bcb2715a28ac50b1ddcfc60df506cdf46faf28b7228c03d6f
SHA512 7cd78198da6fbed1bafbc9342104d489885071f821863532de8ad1894986bb1eae8e4816912ba9f8640220354e7a9358e3996312c8505b99e019b30a43bbb0d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 5680ed60b19dc042f658d3fc89a0471a
SHA1 a32b9e577d829b8adb82eb74dfdb840546ca2c5e
SHA256 2b487c424be3a588c299cceae8f86626141f14e295b2cbe98e9b89ad1b6e8893
SHA512 87aca39be79f38008578ef3a6ea427dacd4a1b684845e4ef4344d4b933ee406feeaf3e9ad3be0959a9ea52e39b94da9d37427d397ecc9ddfa24b99af8e80a12b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\B97431ECB62DCFE30A83D657611882A3B361878B

MD5 2c8b12adc2cb67ee432c51661fb7e9c3
SHA1 e3a5ca85d98578c0c3236492f556560cb6801c89
SHA256 11641f8a034be0946605c00ad655c440ce8f24ead485c1599e851bfa95ecf95e
SHA512 968bb26873c507f26ba980cda5dafd2f02a3cbcf2f0cb952b98ce33e3e54ce36f0f40562d5ecc231c2c40ca8b80a010b0c0007db34960b46247692ee323a9a35

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\06CB61A49454E8527210B835873B3EEC32F93FAA

MD5 bd305658a5f571f99ee22416228deecd
SHA1 8520217f01a69bfa595547a31ed69073558c7168
SHA256 76772357cae2d623807c1984a74d21f4be158eb023e2dc4b26e7a0a1504eaf6e
SHA512 31b3f2424bd28cff7b9c23cbd3b0b161edc303c3e2355c1aa51ad0b82a7c6625c0012b9ba3c11276f60116106a313b74cf361c4ed75c69030685c02a69e8c6e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

MD5 df6f39bf3c9ad4a8775d7309016a8b25
SHA1 9d6b9140497b79c67509ba4d27d02c4d76ec783c
SHA256 90d819cf7ea399abad3b3d09a97686ea9966dabba6c44efc2960a1ddd4b67667
SHA512 914b5194160c48a00c7a6b7c52556b430eb7c6fc288ee1ae88b2afac786429335f0e1b7b08d5114aec63a4e801d6d9d4006e885c066707995f4e2a36e27e8711

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82

MD5 acbd2902d40459c46fe541959e2b141b
SHA1 99e76053632d344f8ff34a6dd6fd8dac74c75394
SHA256 df13f98d1cb48fed5c730b5714b7191b135c05645325ea7a5d86cedc8dd29ccd
SHA512 2973028dfb1ad64d3d5802036a791e1a4b554402a9999f2e209beafe4a4ac112714f42964f38ff14e513663384e4919c0d2039f013fefcd6f2055ce3de824977

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 85ce868b910845f937271fb502f389b8
SHA1 482184ffbc0d9c538f60299e9afeae53fd0bfc01
SHA256 d926907b3d52601e94a80a69b6e28c8460c359c2f47510610eea25ee26056127
SHA512 ce6fd26b61e654d84a65ec45925cc8ed0659326494d7099e7c3793a7ac500b5f213e2731d98c70cbef76ddb102be60e6ddd53aca0ef92e0c59ae62505c188ae3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\bookmarkbackups\bookmarks-2025-01-17_11_8VjzqSwmtqWutgfS4lkHNw==.jsonlz4

MD5 d09e0770c9a6098005e20c4cb7a240f7
SHA1 1ac27e5428372e8a3567fced290a82ac275ed20e
SHA256 64385dd70b96360672a2d630a06b7e08f2616a225b9af955825836d9c7b73262
SHA512 57f293a8ec263128d0e9c7aa951248695a7b92e808107b1ec442ac2cfdf06b77e21361a3c0c9931f1590bb18c7b8ea07932873ef5400cd495c909466789604de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7889c06c6bc847af78eb628a01eb9bb
SHA1 009dc3c33b04e634edd052851f54e651639cf5b6
SHA256 5cb5fa671dc5484dba24b62e37a65c1e6aacdae99b09713318558d63727f40e4
SHA512 befd5d73dd92397ebe6e503fc6582372f0943ab302cd83132643f742b695bdb54866bfe1121082d33f9cf73f439b422939bc80f148b2add62583936bc6744fef

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Installer\setup.exe

MD5 e8e8b726812f34db032aca8b97d8ae7f
SHA1 cfc2f7ddc42bcd55bc1de597dbd228faef9573c0
SHA256 46e9e7a54c7cb4b0f6f3eba955827af81cfd62bc7ba2b374c21ba7e802d820a7
SHA512 f26ae84b91c2f3cfb8b531c4ddcee86e3a95744d4d52162b54b055827952c78c3fcd138f1508babbab68c04b87138a74d9b81ae7ccc6919b2c4f482f71dc1d6d