Malware Analysis Report

2025-03-14 21:51

Sample ID 250125-12vcmstlgp
Target Xeno-v1.1.35-x64.zip
SHA256 9f328d14e20db68a02f42fe7f21818a0aeb9e0c368e1f9a98a13044aee7fd29c
Tags
execution discovery google defense_evasion persistence phishing privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f328d14e20db68a02f42fe7f21818a0aeb9e0c368e1f9a98a13044aee7fd29c

Threat Level: Known bad

The file Xeno-v1.1.35-x64.zip was found to be: Known bad.

Malicious Activity Summary

execution discovery google defense_evasion persistence phishing privilege_escalation trojan

Detected google phishing page

Event Triggered Execution: Image File Execution Options Injection

Downloads MZ/PE file

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Checks installed software on the system

Checks system information in the registry

Probable phishing domain

Drops file in Program Files directory

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

Browser Information Discovery

Program crash

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-25 22:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.WinForms.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.WinForms.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

156s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.Wpf.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.Wpf.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-convert-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-convert-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

99s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-string-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-string-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\base\worker\workerMain.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-x86\native\WebView2Loader.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4752 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4752 wrote to memory of 2008 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2008 -ip 2008

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Xeno.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Xeno.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\XenoUI.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\XenoUI.exe

"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\XenoUI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4124-0-0x00007FF8CFC13000-0x00007FF8CFC15000-memory.dmp

memory/4124-1-0x0000023CC3340000-0x0000023CC335C000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-math-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-math-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
GB 104.78.173.167:80 tcp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-stdio-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-stdio-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

158s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\index.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4100 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\index.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8344446f8,0x7ff834444708,0x7ff834444718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4051116819778468744,5497992098719924581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_4100_OQRJDKUVZGEKTLGS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58e84c4e3e14251d148fe1b181449c43
SHA1 3720d8b91b4f2ff448e2438483cbc21735c6000c
SHA256 b7e6da62215387ad996bad80e7faaf20d54a3b5072be44f205a6db1cf3b3c411
SHA512 01f136c75bb0fc9afb8884368421922f27e8d6879cf34137fd1380f9f6f8630be0f659c50cb253561f97c8e15ff6ec940b3f359f37b1b583fb81377a9d33820b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5857bbe27d6dcf1252879b8e9ebd4ca
SHA1 b230a5d58879f66e82c33b14749696da11f257c7
SHA256 76a8fa6ca96e518e3b8e4ef595ede2c76dfe7f28e8574755a9fbc2f8670a0503
SHA512 9f4c65804f3977214e23a813727473976e35fecdafb0ef42500d4ce6a63da7dd6a06652c210527ee3993dbb03d67364eaf5c29a03e34f57eb709b538370cff17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bca5b22c0f16a762b10a6ac4b4b938cc
SHA1 bf83a0b6e70e527c0127be101ff1250c6bc94bb4
SHA256 08b21e3235c62184fd43bd9ac68af135e081cf203f43a45a14197ed0a19018f2
SHA512 260ec2992b560dcc25f61a8098972cf6e9e1866c863e5ae93950833d98dcf5f52b5735a86ee81627dca5df9a58c76198266e733575b069fe14ca732dbb0a44e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 62fc8758c85fb0d08cd24eeddafeda2c
SHA1 320fc202790b0ca6f65ff67e9397440c7d97eb20
SHA256 ee0d15dce841e092ad1a2d4346a612410f8f950fdb019bc7b768f6346f2b5248
SHA512 ca97e615bdcac137a936c10104a702e1529ed3470828f2c3a2f783345ebbef04cac8c051df636c714151671efea53a9b8912b6b0d0b5eafdac5fae1dfdc8f85d

Analysis: behavioral20

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\libssl-3-x64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\libssl-3-x64.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

98s

Max time network

148s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\vcruntime140.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\vcruntime140.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\vcruntime140_1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\vcruntime140_1.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Xeno.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Xeno.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

90s

Max time network

146s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-locale-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-locale-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 166.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

143s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-runtime-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-runtime-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\basic-languages\lua\lua.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\basic-languages\lua\lua.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

135s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\msvcp140.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3884 wrote to memory of 1684 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3884 wrote to memory of 1684 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3884 wrote to memory of 1684 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\msvcp140.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\msvcp140.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1684 -ip 1684

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 604

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-x64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-x64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

111s

Max time network

151s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\scripts\UNCCheckEnv.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\scripts\UNCCheckEnv.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:26

Platform

win10v2004-20241007-en

Max time kernel

1044s

Max time network

1046s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.Core.dll,#1

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\MicrosoftEdge_X64_132.0.2957.127.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://www.textnow.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=907b9d7868989469 N/A N/A
HTTP URL https://www.textnow.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=907b9d8b0ac09469 N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AvatarToolsShared\RoundedBackgroundLeft.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\PlayStationController\ButtonTriangle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\SpeakerNew\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Emotes\Small\CircleBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerLauncher.exe C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AvatarEditorImages\AvatarEditor.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\dialog_blue.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Emotes\Editor\Small\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\api-ms-win-core-namedpipe-l1-1-0.dll C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\configs\DateTimeLocaleConfigs\fr-ca.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\InGameMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\MenuBar\icon_chat.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\msedgeupdateres_hr.dll C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\avatar\animations\humanoidR15AnimateChildren.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Keyboard\close_button_icon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VR\buttonActive.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\cookie_exporter.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\AssetConfig\version.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\SpeakerLight\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_11.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelistMock.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\localizationImport.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\PlayerList\CharacterImageBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\RoduxDevtools\ToolbarIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\xboxLSDirectional.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DesignSystem\ButtonR2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\PlatformContent\pc\textures\wangIndex.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\ScrollBarBottom.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\xboxX.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.127\msedge_100_percent.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\RedSpeakerLight\Unmuted60.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\common\robux.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\libEGL.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\PlatformContent\pc\textures\water\normal_20.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\particles\sparkles_color.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\RoactStudioWidgets\button_checkbox_square.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\PlayerList\Clear.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Radial\TopRightSelected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DefaultController\ButtonSelect.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\WindControl\ArrowUp.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_7.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\MaterialGenerator\More_Menu.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\RoundedCenterBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\script.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 133531.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Microsoft.Web.WebView2.Core.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc0f1946f8,0x7ffc0f194708,0x7ffc0f194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2012 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x30c 0x2d8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x30c 0x2d8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=12028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU9C4B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTU1NjhCMDItMkZERi00MjY2LTlGNDUtQTJDMUYzMkU2OTU2fSIgdXNlcmlkPSJ7NjdGRTRGNzAtQ0MxNi00RkEyLTkzRjItN0NCNDY1QzVEN0EyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0NjRCNkZCNS1GOUI1LTQ5QTgtQjNGMC05MDkzRjlEOUE1ODd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzk2NzQ4MTY5MiIgaW5zdGFsbF90aW1lX21zPSI2NjAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{95568B02-2FDF-4266-9F45-A2C1F32E6956}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTU1NjhCMDItMkZERi00MjY2LTlGNDUtQTJDMUYzMkU2OTU2fSIgdXNlcmlkPSJ7NjdGRTRGNzAtQ0MxNi00RkEyLTkzRjItN0NCNDY1QzVEN0EyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDN0REQkIzNi04RTM5LTRDRUYtODY2OC1GOUY1M0UzNUE1ODB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTczMjIxNDc1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12088 /prefetch:8

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\MicrosoftEdge_X64_132.0.2957.127.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.111 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6008C85D-57C7-4BA5-A840-422DCFC467F0}\EDGEMITMP_9C614.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.127 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6cf3fa818,0x7ff6cf3fa824,0x7ff6cf3fa830

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.35-x64\Xeno-v1.1.35-x64\Xeno.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16369980587831555313,9964783234678911774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10280 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTU1NjhCMDItMkZERi00MjY2LTlGNDUtQTJDMUYzMkU2OTU2fSIgdXNlcmlkPSJ7NjdGRTRGNzAtQ0MxNi00RkEyLTkzRjItN0NCNDY1QzVEN0EyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0MTc0MUQyNy1GRjY2LTQzQkQtQTlFNy0xRDQzNUVEREFDRTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMyLjAuMjk1Ny4xMjciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTg0MDQxOTA3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM5ODQxNzE5MjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDUxMDU5MTQ5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMmIxMThhMzEtY2NiZS00ZDVmLWJhNDItMzczYWMzMzM2MWFiP1AxPTE3Mzg0NDg2OTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RkdBJTJiJTJiRUJsNUgyNllVelZDSTF0N05hdnVjbWFmMURGOWFuRFEydnJqb2YyVmdCTXFsU29tNUdHY0pTYXJyQU56QVpVa1czWWo2NlMzcmdycWpsUzlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc3MDc4MzUyIiB0b3RhbD0iMTc3MDc4MzUyIiBkb3dubG9hZF90aW1lX21zPSI0NTYyMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTEwNzExNTkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ1MjY2NjE1NzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1MTYyMTcwMDE1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzYxIiBkb3dubG9hZF90aW1lX21zPSI1MjY0MSIgZG93bmxvYWRlZD0iMTc3MDc4MzUyIiB0b3RhbD0iMTc3MDc4MzUyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MzU0OCIvPjwvYXBwPjwvcmVxdWVzdD4

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
GB 95.100.153.138:443 www.bing.com tcp
US 8.8.8.8:53 138.153.100.95.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.100.153.138:443 r.bing.com tcp
GB 95.100.153.138:443 r.bing.com tcp
GB 95.100.153.159:443 r.bing.com tcp
GB 95.100.153.159:443 r.bing.com tcp
US 8.8.8.8:53 159.153.100.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 2.18.190.70:443 static.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 2.18.190.78:443 js.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 38.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 3.166.49.106:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 106.49.166.3.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 2.22.144.136:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 136.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
US 8.8.8.8:53 101.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 arkoselabs.roblox.com udp
GB 18.244.140.29:443 arkoselabs.roblox.com tcp
US 8.8.8.8:53 29.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 usermoderation.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 sc0ak.rbxcdn.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
GB 2.18.190.69:443 sc0ak.rbxcdn.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.18.190.176:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 176.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:80 discord.com tcp
US 162.159.138.232:80 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 172.67.41.53:443 cdn.localizeapi.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
GB 18.245.246.114:443 d3e54v103j8qbb.cloudfront.net tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 104.18.161.117:443 cdn.prod.website-files.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.161.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.246.245.18.in-addr.arpa udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 8.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.178.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.130.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.100.153.159:443 r.bing.com tcp
GB 95.100.153.192:443 th.bing.com tcp
US 8.8.8.8:53 192.153.100.95.in-addr.arpa udp
US 8.8.8.8:53 mail.google.com udp
GB 172.217.169.69:80 mail.google.com tcp
GB 172.217.169.69:80 mail.google.com tcp
GB 172.217.169.69:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 69.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.100.153.165:443 r.bing.com tcp
US 8.8.8.8:53 165.153.100.95.in-addr.arpa udp
US 8.8.8.8:53 receive-smss.com udp
US 172.66.40.143:443 receive-smss.com tcp
US 172.66.40.143:443 receive-smss.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
GB 142.250.178.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.16.225:443 cdn.ampproject.org tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 143.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.201.99:443 www.google.co.uk tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 216.58.204.66:443 partner.googleadservices.com tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.179.228:443 www.google.com udp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.coupert.com udp
US 104.18.1.46:443 www.coupert.com tcp
US 104.18.1.46:443 www.coupert.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 46.1.18.104.in-addr.arpa udp
US 150.171.28.10:443 bat.bing.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
GB 142.250.178.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 172.217.169.14:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 www.textnow.com udp
US 104.18.21.59:443 www.textnow.com tcp
US 104.18.21.59:443 www.textnow.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 59.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 web-static.textnow.com udp
US 8.8.8.8:53 client.px-cloud.net udp
GB 95.100.195.167:443 client.px-cloud.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 appleid.cdn-apple.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 sc-static.net udp
GB 23.52.176.139:443 appleid.cdn-apple.com tcp
GB 23.52.176.139:443 appleid.cdn-apple.com tcp
US 8.8.8.8:53 stk.px-cloud.net udp
US 8.8.8.8:53 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 167.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 139.176.52.23.in-addr.arpa udp
GB 13.224.245.27:443 static.hotjar.com tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net tcp
US 3.163.248.4:443 sc-static.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 13.107.246.64:443 www.clarity.ms tcp
GB 95.100.153.184:443 analytics.tiktok.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 script.hotjar.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 18.245.253.22:443 script.hotjar.com tcp
US 8.8.8.8:53 61.199.107.34.in-addr.arpa udp
US 8.8.8.8:53 27.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 4.248.163.3.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 184.153.100.95.in-addr.arpa udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 p.typekit.net udp
GB 2.19.252.197:443 use.typekit.net tcp
GB 2.19.252.197:443 use.typekit.net tcp
GB 2.19.252.203:443 p.typekit.net tcp
US 8.8.8.8:53 a-us.storyblok.com udp
US 8.8.8.8:53 tr.snapchat.com udp
GB 18.244.124.111:443 a-us.storyblok.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
GB 2.19.252.203:443 p.typekit.net tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 22.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 8.8.8.8:53 203.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 197.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 111.124.244.18.in-addr.arpa udp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 35.190.43.134:443 tr.snapchat.com udp
US 35.190.43.134:443 tr.snapchat.com udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 4.227.249.197:443 u.clarity.ms tcp
GB 216.58.201.99:443 www.google.co.uk udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.46:443 google.com tcp
GB 172.217.169.46:443 google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com udp
GB 172.217.169.46:443 google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 p.typekit.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.190.43.134:443 tr.snapchat.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 tr6.snapchat.com udp
US 35.190.43.134:443 tr6.snapchat.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 35.190.43.134:443 tr6.snapchat.com udp
US 8.8.8.8:53 tr.snapchat.com udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.229.21:443 js.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.230.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.136.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 status.discord.com udp
US 162.159.136.232:443 status.discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 4.227.249.197:443 u.clarity.ms tcp
US 35.190.43.134:443 tr6.snapchat.com udp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.129.232:443 media.discordapp.net tcp
US 162.159.129.232:443 media.discordapp.net tcp
US 8.8.8.8:53 232.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 top.gg udp
US 104.17.224.169:443 top.gg tcp
US 104.17.224.169:443 top.gg tcp
US 8.8.8.8:53 cdn.top.gg udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 static.anonymised.io udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app udp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 boot.pbstck.com udp
US 8.8.8.8:53 z.moatads.com udp
US 104.17.224.169:443 cdn.top.gg tcp
US 75.2.33.117:443 sb.scorecardresearch.com tcp
US 34.107.217.107:443 static.anonymised.io tcp
US 34.107.217.107:443 static.anonymised.io tcp
US 104.18.35.13:443 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 104.22.74.216:443 btloader.com tcp
GB 18.244.179.127:443 cdn.privacy-mgmt.com tcp
US 172.67.25.151:443 boot.pbstck.com tcp
US 8.8.8.8:53 kumo.network-n.com udp
GB 79.127.237.132:443 kumo.network-n.com tcp
US 8.8.8.8:53 169.224.17.104.in-addr.arpa udp
US 8.8.8.8:53 117.33.2.75.in-addr.arpa udp
US 8.8.8.8:53 107.217.107.34.in-addr.arpa udp
US 8.8.8.8:53 13.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 127.179.244.18.in-addr.arpa udp
US 8.8.8.8:53 151.25.67.172.in-addr.arpa udp
GB 79.127.237.132:443 kumo.network-n.com tcp
US 8.8.8.8:53 api.top.gg udp
US 104.16.255.200:443 api.top.gg tcp
US 8.8.8.8:53 ampltd.top.gg udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 static.kueezrtb.com udp
US 104.22.34.123:443 static.kueezrtb.com tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 200.255.16.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 34.107.217.107:443 static.anonymised.io udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 bt.dns-finder.com udp
US 8.8.8.8:53 ad-delivery.net udp
GB 13.224.225.87:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.pbstck.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.21.32.1:443 bt.dns-finder.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 track.kueezrtb.com udp
US 104.22.1.93:443 cdn.pbstck.com tcp
US 104.22.1.93:443 cdn.pbstck.com tcp
US 8.8.8.8:53 gtrack.kueezrtb.com udp
US 104.22.34.123:443 gtrack.kueezrtb.com tcp
US 104.22.34.123:443 gtrack.kueezrtb.com tcp
US 104.22.35.123:443 gtrack.kueezrtb.com tcp
US 8.8.8.8:53 material.anonymised.io udp
US 8.8.8.8:53 aegis.anonymised.io udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 34.117.250.57:443 material.anonymised.io tcp
US 34.107.217.107:443 aegis.anonymised.io tcp
US 8.8.8.8:53 api.btloader.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.permutive.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 34.107.254.252:443 api.permutive.com tcp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 34.117.250.57:443 material.anonymised.io udp
US 8.8.8.8:53 u.kueezrtb.com udp
GB 18.244.179.127:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 otrack.kueezrtb.com udp
US 8.8.8.8:53 intake.pbstck.com udp
US 8.8.8.8:53 cdn.localizeapi.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 cdn.prod.website-files.com udp
US 8.8.8.8:53 123.34.22.104.in-addr.arpa udp
US 8.8.8.8:53 87.225.224.13.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 93.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 123.35.22.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 57.250.117.34.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 252.254.107.34.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 67.205.166.82:443 sync.kueezrtb.com tcp
US 104.26.7.141:443 api.btmessage.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 82.166.205.67.in-addr.arpa udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 images.discordapp.net udp
US 34.107.217.107:443 aegis.anonymised.io udp
US 162.159.128.232:443 images.discordapp.net tcp
US 34.107.254.252:443 api.permutive.com udp
US 8.8.8.8:53 232.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 00917082-71e9-498e-8343-00c3df06b798.prmutv.co udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 tag.wknd.ai udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 35.241.9.51:443 00917082-71e9-498e-8343-00c3df06b798.prmutv.co tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 34.120.253.250:443 tag.wknd.ai tcp
US 3.90.129.78:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
US 104.18.28.101:443 cdn-ima.33across.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
GB 54.192.137.23:443 launchpad-wrapper.privacymanager.io tcp
US 104.26.9.169:443 script.4dex.io tcp
IE 3.165.232.18:443 live.primis.tech tcp
GB 23.208.240.151:443 secure.cdn.fastclick.net tcp
GB 18.245.214.181:443 aax.amazon-adsystem.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 exchange.kueezrtb.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
GB 108.138.217.110:443 hb.yellowblue.io tcp
DE 3.126.92.214:443 btlr.sharethrough.com tcp
DE 3.126.92.214:443 btlr.sharethrough.com tcp
DE 3.126.92.214:443 btlr.sharethrough.com tcp
DE 3.126.92.214:443 btlr.sharethrough.com tcp
DE 3.126.92.214:443 btlr.sharethrough.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 146.190.185.86:443 exchange.kueezrtb.com tcp
US 146.190.185.86:443 exchange.kueezrtb.com tcp
US 146.190.185.86:443 exchange.kueezrtb.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
IE 63.35.110.124:443 ap.lijit.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 34.120.63.153:443 prebid.media.net tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 api.bounceexchange.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 assets.bounceexchange.com udp
US 8.8.8.8:53 events.bouncex.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 216.58.201.99:443 www.google.co.uk udp
BE 64.233.184.156:443 stats.g.doubleclick.net udp
US 34.111.8.32:443 events.bouncex.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 34.98.72.95:443 assets.bounceexchange.com tcp
IE 52.30.134.176:443 bcp.crwdcntrl.net tcp
US 104.18.41.30:443 cadmus.script.ac tcp
GB 18.245.187.126:443 rules.quantcount.com tcp
GB 108.156.46.25:443 launchpad.privacymanager.io tcp
US 34.98.72.95:443 assets.bounceexchange.com udp
US 8.8.8.8:53 51.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 250.253.120.34.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 101.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 106.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 23.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 151.240.208.23.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 181.214.245.18.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 78.129.90.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 214.92.126.3.in-addr.arpa udp
US 8.8.8.8:53 124.110.35.63.in-addr.arpa udp
US 8.8.8.8:53 156.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 86.185.190.146.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.72.98.34.in-addr.arpa udp
US 8.8.8.8:53 176.134.30.52.in-addr.arpa udp
US 8.8.8.8:53 30.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 25.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 126.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 geo.privacymanager.io udp
IE 3.162.140.50:443 geo.privacymanager.io tcp
US 8.8.8.8:53 id5-sync.com udp
DE 141.95.33.120:443 id5-sync.com tcp
US 8.8.8.8:53 200.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 50.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 d12c335976ce01facaea36bd87aa2120.safeframe.googlesyndication.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
GB 216.58.201.97:443 d12c335976ce01facaea36bd87aa2120.safeframe.googlesyndication.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 api-gdpr.intentiq.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 sync-gdpr.intentiq.com udp
US 8.8.8.8:53 static.criteo.net udp
GB 18.165.201.127:443 api-gdpr.intentiq.com tcp
GB 142.250.179.226:443 ep1.adtrafficquality.google udp
GB 18.245.253.114:443 sync-gdpr.intentiq.com tcp
NL 178.250.1.39:443 static.criteo.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
GB 23.192.17.43:443 ads.pubmatic.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 52.206.247.226:443 cs-server-s2s.yellowblue.io tcp
US 52.206.247.226:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 120.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 127.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 114.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 39.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 43.17.192.23.in-addr.arpa udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.33:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 8.8.8.8:53 video.primis.tech udp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 23.192.24.32:443 cs.media.net tcp
IE 3.165.232.60:443 video.primis.tech tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 52.70.64.64:443 mb9eo.publishers.tremorhub.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 34.1.229.16:443 csync.loopme.me tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 rtb.primis.tech udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 www.google.com udp
DE 37.252.171.85:443 ib.adnxs-simple.com tcp
NL 81.17.55.161:443 prg.smartadserver.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 226.247.206.52.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 32.24.192.23.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 60.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 16.229.1.34.in-addr.arpa udp
US 8.8.8.8:53 64.64.70.52.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
NL 89.149.193.100:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 match.sharethrough.com udp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DK 37.157.2.230:443 cm.adform.net tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 34.111.8.32:443 events.bouncex.net tcp
US 34.111.8.32:443 events.bouncex.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 sync.ingage.tech udp
DK 37.157.2.230:443 cm.adform.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 104.18.26.216:443 sync.ingage.tech tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 4.227.249.197:443 u.clarity.ms tcp
GB 142.250.178.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 34.111.8.32:443 events.bouncex.net udp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 networkn-d.openx.net udp
NL 185.235.87.19:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
NL 185.235.87.131:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 104.18.24.18:443 js-sec.indexww.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 23.192.16.30:443 contextual.media.net tcp
US 8.8.8.8:53 secure.adnxs.com udp
IE 54.72.44.2:443 ce.lijit.com tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 161.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 100.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 216.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 145.17.192.23.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
GB 142.250.178.10:443 imasdk.googleapis.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.200.6:443 s0.2mdn.net tcp
IE 3.165.232.60:443 video.primis.tech tcp
US 8.8.8.8:53 18.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 19.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 108.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 30.16.192.23.in-addr.arpa udp
US 8.8.8.8:53 2.44.72.54.in-addr.arpa udp
US 8.8.8.8:53 131.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
JP 142.250.206.227:443 csi.gstatic.com tcp
JP 142.250.206.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 35.190.43.134:443 tr6.snapchat.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
IE 34.242.103.184:443 ads.yieldmo.com tcp
US 8.8.8.8:53 184.103.242.34.in-addr.arpa udp
GB 142.250.179.226:443 ep1.adtrafficquality.google udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.permutive.com udp
US 104.17.109.19:443 cdn.permutive.com tcp
US 8.8.8.8:53 secure-signals.permutive.app udp
US 34.160.229.218:443 secure-signals.permutive.app tcp
US 8.8.8.8:53 19.109.17.104.in-addr.arpa udp
US 8.8.8.8:53 218.229.160.34.in-addr.arpa udp
DE 37.252.171.85:443 secure.adnxs.com tcp
US 34.111.8.32:443 events.bouncex.net udp
US 34.111.8.32:443 events.bouncex.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 35.190.43.134:443 tr6.snapchat.com udp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 4.227.249.197:443 u.clarity.ms tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 216.58.201.99:443 www.google.co.uk udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 2.18.190.81:443 js.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
US 8.8.8.8:53 67.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 2.18.190.75:443 images.rbxcdn.com tcp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 cs.ns1p.net udp
US 8.8.8.8:53 badges.roblox.com udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
DE 18.198.164.218:443 cs.ns1p.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 cdg2-128-116-13-3.roblox.com udp
US 8.8.8.8:53 bom1-128-116-104-4.roblox.com udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
GB 172.217.169.46:443 www.youtube.com udp
FR 128.116.13.3:443 cdg2-128-116-13-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 s.ns1p.net udp
US 8.8.8.8:53 assetgame.roblox.com udp
DE 52.57.152.124:443 s.ns1p.net tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 2.18.190.164:443 tr.rbxcdn.com tcp
GB 216.58.204.78:443 www.youtube-nocookie.com tcp
GB 216.58.204.78:443 www.youtube-nocookie.com tcp
GB 216.58.204.78:443 www.youtube-nocookie.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 218.164.198.18.in-addr.arpa udp
US 8.8.8.8:53 3.13.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
US 8.8.8.8:53 4.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.115.116.128.in-addr.arpa udp
US 8.8.8.8:53 124.152.57.52.in-addr.arpa udp
US 8.8.8.8:53 164.190.18.2.in-addr.arpa udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 sjc1-128-116-117-3.roblox.com udp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 lms.roblox.com udp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 62.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 rdd.latte.to udp
US 104.21.92.63:443 rdd.latte.to tcp
US 104.21.92.63:443 rdd.latte.to tcp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 205.234.175.102:443 setup-cfly.rbxcdn.com tcp
US 8.8.8.8:53 63.92.21.104.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 tr6.snapchat.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 35.190.43.134:443 tr6.snapchat.com udp
US 4.227.249.197:443 u.clarity.ms tcp
US 4.227.249.197:443 u.clarity.ms tcp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:64829 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.119:443 clientsettingscdn.roblox.com tcp
GB 18.165.242.119:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 18.165.242.119:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 119.242.165.18.in-addr.arpa udp
N/A 127.0.0.1:64831 tcp
N/A 127.0.0.1:64833 tcp
N/A 127.0.0.1:64841 tcp
N/A 127.0.0.1:64844 tcp
N/A 127.0.0.1:64859 tcp
N/A 127.0.0.1:64862 tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 13.224.245.62:443 setup.rbxcdn.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 104.21.92.63:443 rdd.latte.to tcp
US 205.234.175.102:443 setup-cfly.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 52.252.28.242:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 242.28.252.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 34.107.199.61:443 stk.px-cloud.net tcp
N/A 127.0.0.1:60370 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:60387 tcp
GB 128.116.119.4:443 client-telemetry.roblox.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
GB 128.116.119.4:443 client-telemetry.roblox.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 35.190.10.96:443 collector-pxk56wkc4o.px-cloud.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.128.232:443 media.discordapp.net tcp
US 8.8.8.8:53 frankfurt10046.discord.media udp
US 162.159.138.234:443 frankfurt10046.discord.media tcp
DE 35.207.144.0:50005 udp
US 8.8.8.8:53 234.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 0.144.207.35.in-addr.arpa udp
US 8.8.8.8:53 support.discord.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 216.198.54.3:443 static.zdassets.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 hammerandchisel.zendesk.com udp
US 216.198.54.1:443 hammerandchisel.zendesk.com tcp
US 8.8.8.8:53 status.discord.com udp
US 162.159.137.232:443 status.discord.com tcp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.54.198.216.in-addr.arpa udp
US 8.8.8.8:53 1.54.198.216.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 ekr.zdassets.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.198.53.3:443 ekr.zdassets.com tcp
US 216.198.54.1:443 hammerandchisel.zendesk.com tcp
US 8.8.8.8:53 3.53.198.216.in-addr.arpa udp
GB 216.58.204.78:443 www.youtube-nocookie.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_2024_RZICWCAGTHIYMQOG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e81c234dab2acaf55c3f8d2d591bbe71
SHA1 701cfd1211b3370813f2bf72a2b468679df21098
SHA256 98e63c123598342fda7447d98830668355bbe55945eabd37b7c8ca417843134d
SHA512 6cf13e14f5efe2f7629c2ac69f20d943b6b03595fc5012c7627cc3e1b8d5d1825812aaf7b1386ea72e15e0cf4b233beea7d2270829e5ca4dc04e9948844ff4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47385a2afad75b4e5ec140af7de907f7
SHA1 2ed906810b6e377e875b94824a226690bd3a1369
SHA256 ac1315bfe871cba7a909a20efb83cdd3c96670665fce0519ab064028318786e4
SHA512 2e0d99f28471a25f9a865a52f8914d3cc3feca1a2c9eac1669965bb93c92c0e1aa714fd28d1aa16fb5166143c5d756559db98daabd5bf5ba2d1ca3a16bf33afd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4f15f207d9e2594aa675ecc87159a68
SHA1 90a827eb5f5cee38013213cfcfff9a17fe169bff
SHA256 63b9d9e5f2a460992e70106eb8427d32399d5388acbb7d4830cab90678b80eb6
SHA512 c28ba514550e611d30361c6664d841bfa89d27acff3567c3df631731923fb2536c4c0776438354f83aba3b5d1c3e9b7ae0bd48bbe4a2d5837f7490825bda4550

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c986b5311a141ade42b457be14850080
SHA1 5910341c68dba062e0e982fd0126db80031ee1a0
SHA256 7799cc01dfe058dc0bc2b8c010c46b73b0aa4b84753c064e7d9618285afe82f8
SHA512 1e4db684716391597ebec9c354ba05b83f57455ab50f04bbaa8078ed4fb780fe5af4e4bd4a7df668383fc5272934635fcdbe602ac341b29b536834f2b3654944

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583ec9.TMP

MD5 21c7144b67efc03358e0ca8debee990e
SHA1 ba06b0d67a5a4a6cf7c29f3676812dc3db2c4cab
SHA256 292535ab7259ef4687d550f7ee60d6c6ee50f87ca004fb4d7ee07e81fd1bdbf9
SHA512 f353ed7627831a369a1252f763847eb75bf96fbec600517dcc067742a9c39f860736bc1a9eb2daec8af9ba801f57ffa3dfec6b853d8620c1cf220eff392a9c32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62ad4a2e89fad68e1e99684fa297fcc3
SHA1 f98817ea776a978e24bacfc3a8a1b439ae31af76
SHA256 4ae0a41960c131b8ec9cb9fc51f56e41b83c02904d3324955657b0a1c2dc3c0a
SHA512 cecfeb0354c5b3436ca1e1ea0d83935ce87ffc7e7ab784dce880e1cfefcf3251501c7b6e8e560f7eb74eb796fca5d3e3d9d4cb0bd0e5f07b5a5bfbbb48a1ebcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 04c6cdf5b55b1cd80d379d268a880972
SHA1 141cd1d8a821463d7b504ac051d1db18f1692e99
SHA256 cabab8725c0d415dda80cb969e7881c515f4d2c0edb465953ae09913e23ae5c7
SHA512 175a821afd4cefe6053f225fed6ec35a41b9d01f155138d245622166d3c6cfcebfd6a746967649c73c73ea37b054d0eb8d248340a1f6f86cd5c9e66b4aae57e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cfa96e963a9192a86ea44437a05f2d3c
SHA1 ad2b7d2de993ffb30e61b4b800e6efc31bc55745
SHA256 e554c352af2496e84bbf11a565de8af76a895ad604cfd21f93064bfa6d14828f
SHA512 fbdbb2945069aae1ffaac5c95a39bb9828171503bfba30c4a6370daa3e78ad293ac820cd87b827bd34a6feec5f31e89109cb7f9b68f9ce3b3d97ebaad150572c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da379c1b0e5d894be871c8117807bfd3
SHA1 2158920e3023c04ff58ac66e6549009e5d43c89d
SHA256 634c975c52177226e46882d3d83272c0d5274244a060ee2794aba28685ecd738
SHA512 26ddc9266deaa8d71c28e8a8ad1e6270ac6b8cc6b82ec285f191cc420e246728abfe0272efb0397993ad0cb12941ac676caa4f1ded6d53df93b385c986a185d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 00fb746bd607d3a0677c40af5f2a15d2
SHA1 ba36e4dfe74aa6f23f1a027643a6080e8a428d17
SHA256 75a9445f2a3cd4fb5f714167dbebca9a2a793ef91f6a520f3922298a0a7a40e6
SHA512 f761bbe0621151aafc8aee996f738231ce6ee42f3111d018a8b70c1231a3e6b442d6fabfeecc6adfd50af10f2787115c8fc65af483701867cfee87e1e174f67c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74936ff8847b6f88ae3efe7a61557f5f
SHA1 20604b90281c7b1f9cf20d2f1d9929641be040cb
SHA256 fc5d40616bef9ed7537c9d66a90b3a503d934dd826b8f19213ffa9f6ad76d131
SHA512 f0e7ab106c75cf17cd506717afcca970250c3db8a28a5a6d91b472bcd1606c2095c66f4f582a6dfc2e395408cad833a3abffe1cfdc80a54226e77b350af85f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f14ec1822a46721c51885049fdcede15
SHA1 7649d5b2eeae35c9faa078f851eca899b7eb2bfe
SHA256 b6d78b7d30ae9f6f7f4a01932f2f9dd4b67cf88dc5e4188e8ec654d2cc7653c6
SHA512 de5be1a6c3a1ef4498458c5bb739e29a0be7405d7fa8a5fd101b98e4dd039fbbaef120247efd0c0307253380511b9435bc144b084795298877c961a4160be2a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 705cfe6c136f0b70af7d846ae4092c57
SHA1 18b20efd6c7a638c730b19e75e8f638f0d88f514
SHA256 a7cd5aff5c98e3fb7e6d06ea7658379965dd88c879f3466b4330ae9166935a0e
SHA512 456543108e55d8fe293112ad39d41ba7597ec7db45f865f8e9bd1995cd71bab32f576d5c71febf9a9664bc655d7d7627177e6a2ff2fc9e1fb05c4c31df5fcc27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c1eb553b087cb76d884c042674050a3
SHA1 cc46988854be466930b0d0ef6136f2b864fc7acb
SHA256 6e87f90b7e758a3a6a8e2b0ca4fbc6510a3c602430d52e0e9c7027b0f03d4d30
SHA512 8c28e2b77769081e4d078e7441a7efde8ff2029e06521f2169b3c62d8374fe4f7a243d0a7785c31692257b2aa1f99e6d7148024e109bba9472b0477f06cec2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d90dab7acd73ae76f25462d35a5aef4e
SHA1 ec3ba4384899e4ef8c6f61ac2b7c801359ae3ee5
SHA256 559606ef087ce3a37bd25161ff3c6e01512c76ef9c174a4cc029f61b1d333ae9
SHA512 f50de28edb96518aa1cca0b8d3c781a09f66f7f34a36c88078e379fbb6f94f3dc84b766ded2995bc28c242a1144a084b83eb49f869aba82fb77686dd93eaeb13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 08e7a3d02cc53fa592ce759b6f5f5852
SHA1 2491aacec7a94aa141363f618d37f783d35e4764
SHA256 1faea72e0957b093d664f105e5f52b037ed27514c7b806a46e4595f7d79e5c59
SHA512 4a8852e5df02b0087ed14317c6561e562dd84770a972ea059562a6c86d17e099813edf8daac420925144e2dc87822be21d087dbd963c97ecfc413c3f82eca2d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e1ab89025ac2bcdf05f716ad24e9d5d9
SHA1 7300d870f40c6207c1729184d5b135f5c02c50f4
SHA256 369fcd62357e5d6859c5e7a024f6b1bd302072c795ea1c8173a1a83c894f0f79
SHA512 24a93dcb7bdb6ef89d2486353f36858cccfe3d094cf8a6dfa5e5c996b4e9b6ab2fdffabaf4e14543d395afd035a141f9dfaf8eee9c477386cc91158c0627271a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ef822318b0fd39dc6cc55b56502963b
SHA1 ae4d687905dfef27a16c227b5b62b7eab9c6bef2
SHA256 318e3cc3343abedee674f20a34b1db1f6b2febe6aec47957f999a57219a472e5
SHA512 599d679275bd70e79506d2d03da087185b6b457edd914622493c5e1e8d7ffa6ea8185839959daea937d8a60c8e8a01db4e3436e9e577b9993ee146b97853ca1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b6e20f8c73303e588f021c1a8b327ced
SHA1 3c27ab6ec23f81ecade2fe75692b56a95be17558
SHA256 d36cb906fc0296b22d608215525554c4dc48688ef027c64a689f38074cda7563
SHA512 95359b1beef7a0f0795755576e97c30b5ae1b57be5242a2c60f6450ae2c302a8142cf19aa2be9b0c6d7bb8b992e3362e52603f2377aed6c14971dbc57989ebdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 69df804d05f8b29a88278b7d582dd279
SHA1 d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256 b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA512 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2cce6642049eddb8576aa4b2efbdb95e
SHA1 0699df1fef5b303e03054dad86b2fff2106fe285
SHA256 45ea6e6b4c2846a07e9cb9be007c1c85a448902657aa2e414424c7a04e3e7550
SHA512 59fc3ff92b650c24d4807e226a1660908cc2b93733523dd02ecbea467ca33c80b68e3c8115e9296130a852f7e7965f948bd4c8d3f2e971f0eaaaefe8f5cc1e0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b4c9683c46bba2d6fb51433f27a5072
SHA1 0c2637cf77b86b0d51c9513896df60b1e78109ec
SHA256 ac34792af61be91bc0ebde6315a41a459aa817bb0e1530e544f13f0edc24d2bd
SHA512 b1e6d53a0be610b5cdef8b2245ef4d091df674b14dba030042b022715f886905fe9200f16ba44075dd2f94854051100e8fd13bf0f9e0a3e45744cbdf29b9ae0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 feb026f6bc2238109cbe7611429a46fe
SHA1 e9e9d26843bbcbfdce309891421527bae83e31a3
SHA256 f41a353ba23b3e4f6cfcca5292179c91f180532647b498f38b218a6b88835a3a
SHA512 31e450bde281a245408572c0393853fa6a8cd19deaf6ca842a80266870dc7e87031b1aae522dcbf01e4436f5360313b082d655f3eab4be27d7fbb667b3461129

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4437d0bf2b3f5d79631c8f360a684cd0
SHA1 112233e146b006af10de86f9a4181345f2a67602
SHA256 fdb7b71a2bf5d89a51cad26846cc2663a45a35101fef6dd27ab32979cc3c9361
SHA512 c5251c5e0bbe6bc09072b9e5b89facd7550a76efb5af5b9a2094b89a2cf8460d510e2aa53d4bdf28f93ad0bf996347d17602f3eb9730fac09cfd784eabcd184c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f0c2191fdcc383bc1663fce4b2a1c01
SHA1 31b2b6e5bca0040406dfc8eb9d12e877482cba02
SHA256 4aee189eed755006433c98516142d2f805776c9887c0a3e614b680fa584ad379
SHA512 c9ecc12521492737a772cc3ca4edefc349344a7674ed1573a0aa61dab37e81a084c54a7d370421ecf13a49fc6a9052e1c10aef090d922b8e22564cf1e033776a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae638b384e57e58e84ea151f340b9ce0
SHA1 babceb36a7984c985f1c7323ff9963aad6c9934a
SHA256 7776ffdbb115d4be3550761b457519f28d4e40238b836c11bc7cccf1def05141
SHA512 c4ce63c8391d3c078c6643c91aa14a163c4732e5b01253f98accfe732846930087431c86ef51cc2eadabc0181c61094eeb430625957716d51f3969287a89619c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 58881e0829d7b0025768ad307c7f1aa2
SHA1 a579e5446663249d78d7d97a65d2f46bb51ee679
SHA256 4943ff56584313964793a3b97303442c63e911a190ee808ca85305f5f7db3bb2
SHA512 3d15f9cf0adbeaa2aa23e7ef15a2ebead283f68fe41000a2240260d1f8973d0f6d7b3b60447039f13ad18e920d858af80ccdaa7b94cfce9cc71048bdc154f6f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ffe45813cf724fe9130bc9dd25849a9d
SHA1 a5ea119b2dd36d05f3c78541cda75dc22ef58a9b
SHA256 b7ab0a197472a968de8f9f54d75a00b6f55a0edfa003638afd84bce0653d8cdf
SHA512 cb17b388299fee04a806937f107ef5e04dfc870b152a95076211298a6cf459f672d1fceece83f980eb7b9bb76bd5af4dc33a1ac900c4fccca3f6c69b233d8f16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 8ce06435dd74849daee31c8ab278ce07
SHA1 a8e754c3a39e0f1056044cbdb743a144bdf25564
SHA256 303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709
SHA512 49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 766f27aba9b9ce80bb619c0b38a2efb8
SHA1 7be449c8e8a86bee635c07ae01ef07f105ac8a19
SHA256 f405acffb0f0bcff53deed115803c6ad0e8c033ceb4139357019ca9b2c580194
SHA512 7c6db2b56d5f057fa9ac62f3dd78918af9cf6923aa51f9deec12cf3adfc24cdd1192439d3d2d2becf1c6787c0f75aadeeb1eedaf2dc60dd845931869a347d57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72252d2a3787f835963a159fb91f6abf
SHA1 b1484753561ce15acef82bc3cb62d890d9ab5380
SHA256 849f33abf0310c91b440ce2d879195c34e07825842bad550352890cffb186b5a
SHA512 4a0f4c8f22e5fc8ac8556e92c79d74c78abb75d519409f9b7ba5833b45fce846b7865064f816109dd402b6e7372589dbb60e98c41ebe47b9dd8f04d63925bd6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8e15d3f9b038296f893bfd2160f9fd5
SHA1 176139fee6e975a6ec9a5199b2af8a0f8106aafe
SHA256 b993f4d6f48362b62c6da04e171c23c8465a80c777141b4f37ed7bfe53869fc6
SHA512 245785e8075d007e93b00c40cff6df5cf5cb1c71e64dc25a96dc206b2e8e6459a473464deef96d731569d8a8524d9cd29d16bc021c3852313405cd0394eb3313

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04efb67f276b85ae19f5ac649fc49121
SHA1 1d6889d5428978f2a05b2cbfd6c6c57f026c685d
SHA256 50dfdd45b05ba20e57b2bc3746ac5e3d339e14e2ca263c39204d97c9613a531a
SHA512 8c7382444890743f5681e1d6ead8cb7c19f939cc59a62a8ce777760eede06f00af5edc6ba3e05ddda3716a5fdd9e4e813bbaabb6b0e91606f182f9efbb9a8056

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abae794204cfe0456d0f0cb7b7f236b4
SHA1 4f4adf204a9205325a982a73605e28f2cb6497c2
SHA256 722c7c9f76f70adafc8921eb7d73172857c45de5a7809f7296c382628cedb1e2
SHA512 98651ef35881454ce5c8adc302aef098754f88fb8b5a4ea3d55462f6d35ae970c558e25e0fdecefedd827469ad04866099ed2b9fedbb8be6fd1d558a5e56a6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000141

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001b3

MD5 92a29361deccad987acc9dd3ab519c1f
SHA1 3fb04d9cf592fe7197aa887c9b1251584985a2c7
SHA256 f19f621be97e6439e7193caf489ec0d0b85fd1ebdf03d17e06c2153b17f7d917
SHA512 2a81835653417c4954358b932d68213e5f264a09609a87ad8db6e8c397ba155e562742daa67e9650e18e26967b33bc98d27662360e9c560151ac86019d14ab29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000112

MD5 4fd3aa00fcb9ed00cf78a7b945c0a372
SHA1 9d42652558947b90454de6c487db98eb065c9742
SHA256 c3e4b123cc3ab07fd752cb07a7edb1411bab86ce63fdcdb3014b6c600437dd5d
SHA512 9cf390ef878be3293ec36c7ec153918799fc0793914495329fb9d92b50640f5afb29630d03c03872ab2f6a4c4294c69b41a42e4b5b1ea028508c2d67c2fdcecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000119

MD5 50b046e63e0327fa8c33293becb3813d
SHA1 dabcea7f3d9ac9d202a316cfb66626d967ce3663
SHA256 35182b1d1cd318eaef9c4f125464591e7ead8ec5f67cd1e6defa20cd9c7b66a1
SHA512 6e8408ce73e1e252efc5ffb9dd62c7f19a1f6f813f75450253abcea1442a613bc26ba31f644aff60e94a816cda8a15edccffbc1e47ee3613e4d553e46b479d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011f

MD5 dac18388ad86ed5ec1bd4d3bdedd4bb9
SHA1 1e30106429e1e84a697db46be2dff99a6df0f6bf
SHA256 0bbf84d7088148e0a398ffa522218b3e0c12a56f95c613cd5b205fa22414ad4f
SHA512 9b108ca9cdcf79577525ccdc752ce6c753323ca918a23b8f4e99041be4e5411f702d185884494b57fa2f2f58083dbe067c37312a6d4663d6d923990b0c4e499f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000121

MD5 f53b6d474350dce73f4fdc90c7b04899
SHA1 b06ca246301a6aea038956d48b48e842d893c05a
SHA256 28442a56b016bfade0e368929138aaaadfc36156734e8ec7a6325b3e58fddc25
SHA512 7f275614052ebae8876ad28fc5d48e4f63ed9ebc610ed981f81377ea3ba4c49a2031ff771deb12adabcf33d4789ba35354c1e52524c067a9e7ce078703683f1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123

MD5 29f554359bbbd907f84d10ccc6b147b8
SHA1 4599317817dbb289b648e1280f1fa2a4682a26d1
SHA256 4618589e5948a8d8ee3127edcf3c9d991281ebd0c4ee800948f189858d1c2507
SHA512 0769c0999cdfe078b582f6516051fde73901afa2761ad860b8e654f7463bf774e2d32e634fabcfba0ff7228bc7e2362b122a0913bda5faad61bbf42b248c887a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad542603d45f29fcbd7e04bafba5a127
SHA1 873d347c168b79b62ffafca4281c233a4e8608a4
SHA256 977f6df7b30979e5751772559c6203e97e529738726f810c7d26150a5c125470
SHA512 88b2c313ae572465feb8d0638fbb08288caf90c8dcdb1a59fedd699a8cc67bf1f93c2124ce58d92c1e5fa99a3fd344af19533836f6c5c9d647e0cc5a0a4e9e6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a348970faf2164246c3f8928004177f3
SHA1 975eed952b7d26bcedf52a677cab691122ae5b6d
SHA256 ad207c65994b957275e4ae4c24bbd2ca53dbb53106a5813fd60794ece01df59a
SHA512 23c9b2bbf659a82a6e71eab5a39117cbd9da665779d775108aee0d4125c525df83bc3132edf5e88f3031e324a70eb62cb9799ed29f68189083cd3f8addf67997

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ddb788fa3e6d5ce52c7f88f6f62510e6
SHA1 c55c78f534930f6ffc2446f0b26b31d5886129fb
SHA256 826e093690ab3834a07ee4f2c809d98a99c2d7adeeda01f1ea450e15d10cb2d9
SHA512 37258b5c7e5c5ba4049b37a8914f876f9d52a2b3b6016f216b307d49ecb6edec6a06ee7df8cfbd07e9bd5bb75e745056752654e04652ed0e24b315218cc3a9b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bca9f.TMP

MD5 c52c92af9f5c46eb9dc9d64abf809ec5
SHA1 1708fec9b19735198b3cec2b154f45e20cb9b6e1
SHA256 cf871f0cbaf975f19948b08250e10cd6e83293484fd45baf9a7df0e7d447483a
SHA512 ac06485c416f68990ae94f238c81f6db52b3b459eb759fb2baf0b1de7f8b43ef4be9443944dba3b8f011247231ed8d4f3343197aa260749e6af2c8bb04ea21bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76a4ea676c84c0730a712f0bb4b93c19
SHA1 7e2e0574cbba25f66fd50810305c1c6f9a125b34
SHA256 e76ab7faaaa0dcf8a468e823aa8cec01c11734112c2a1d20c395007d6134451b
SHA512 23684bc6747c1ab280708ba66322d450817379bf62e25bfeaf85ced448dbc92bfed48314015eb9f42d38eba977505b94ea6eed5f2e7c270bbec4cead2501a3b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a05622f2227accf157b5cc56f519a0f8
SHA1 e975a0adb78dfaae106b21b79cec92265ff2b215
SHA256 be8dd7d341af60f83c7f78f5e42e42c2577c064f5cf51eaef571134c70ef8619
SHA512 6f47b0cf845032b02f76406ff6dc767d08219aa0c1ea21b1878a3877165e26d687e5d520937bf752b704a473f889a66cb12a4841c60b5224f8b6409dc0d98c91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9cf30e07aabc04178a55e030dfd6281c
SHA1 da49a900fe1d73081058bc293f8446d81e75423f
SHA256 310a771763d6cb135219f6c668c4f7c534bb9b0d96fb8166fb2f41a992299151
SHA512 0ba74d0c01c9446f91df048b71933d517eb20d692dc280617aea6f8da1b3095af9ac4e397ac00c9c79bd2f5a6cf810f6261a319220a0a1eab7b2f3345ccf7120

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8116c5e0d50b5c203f4cb652f34b9240
SHA1 de5bf3d32695af68abd182f3b4cc80a7e4e35d2a
SHA256 632ab14d6083e4a3ca49f1a9c02401eaf5559725ac4c60947cfee4de7109422d
SHA512 4974964926dc9a0ae26eed5f12da6e7b0c34286b293c90b58da98883d8bec4258197570d4015c280715900088de5adbb7f14bcc7f4ff2b1938215744cce7183e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c4

MD5 e54545be9148b202183d31558d40d7a7
SHA1 04c525687d581b4da8d0647f193b8a0f9fff7bed
SHA256 ca4122b44f7ecc2c242c839c99d7313d322ee42050a24e9d39690bfe079aee65
SHA512 50426180b4e66fb760c3e90e26977aa72370bcf4985d5dca4c03e6688b80d5987ba015d63675b4a960f69a188c91924f8d5be344b31c94f0180de45bed955159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e9193afa07972d439f069213643e644c
SHA1 2691010eec2f906da106fc6f14ad35a56c370c2e
SHA256 6378a4feebf03d6d19f63162385bfdfd1a162d0f314cead3d079c901d6d2004e
SHA512 1fdca0e27a2d17249a8d3c728fa63e5363c312f0678d3ca9288df09aab4f308410582a3a5d0e81ab43c17236cd1762bfaee5d205ab6ba7f6746766a1e846cea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6708c69ea347ed1d23cbe0c0ef55ff9
SHA1 edd543b3f71376fa133f7408be02d7159b578f4a
SHA256 b1e1441a0dc8ce0bb0f81a57d9bbcd6e750ee987c4501cd43a695b519b227118
SHA512 86dc872f68384ee62bd33ae80e24b02170dc263537b417f6da8279270c56049bcd8aca5000aa6dff9830e2fdfc8cfc6f1e172b2760ebca6ddae26d8c0b7c0884

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c0

MD5 ca5dc65a35f849bf48e3995e74740fef
SHA1 ef0a5ecbbc677fd02eac190e1149ea23ed85ae4c
SHA256 2ff2cf76e0e4c33a5ea8481e4cd3cb30b29227c6524c82d062ee893951641664
SHA512 fbfce4c9d088dc47830fa6e7e15e90f25a342ea3ea450474366e1c2ec492d9b419ec82df49ab5aead31ede78266e5e23ed29edbd01fb65cf20b048d754aaa665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c1

MD5 a9b28e43711ad3d633c03db2393c33c0
SHA1 c5d5d8785e4370587e51a1745212d4d21b21d244
SHA256 69af2cb2452026edbb5e8ddc50e0e03a953fa5fcbf9f358fbba3b8b8a638f4e8
SHA512 2d323e395d29af6e5803cb607d8f7303facca76c37daaec02ed694fb9e22965bb9213d4412d6b28534556957268b05bb74b6913ad314b2c9c5b483cb8a22fecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c2

MD5 55c086029539b3810bf23bd5b7049880
SHA1 4d57d39f4070014b63075e4c7ecbd2f830fcad37
SHA256 40ae15b664309dd2cf780ad87c45db983b389c40dd8341cc5e5f2b35c98a8a5a
SHA512 033322dd788fe99fa9a955981df1f9d5c2e69d22a4ea0a6083f3db721a49a7e42422c35b046e73779b67cdb4db7aea7a71ddac41b9d81fe471f9167c22fcd116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c6

MD5 d97f25e1d6fdd5103dfb1655da37a82e
SHA1 87e8aeb9f31246b2d01b639a6f3ecca005083eb4
SHA256 516000aa10e61d6295131e7c67ae399481df5f8fcf1fc6d3d9cb52cb01afbdfc
SHA512 fd2970352edc77abfd2854f1806ce0f89e3db944d78da14c9a00a7c95039f7de2fc98691cc778df735c878defb2f6a33e6d84578b151c2b34a02978165cb7222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c5

MD5 1752326ce45c039f4c5e81ea24c27c35
SHA1 4a22a9151c3c94d170cd3d23659e8e1a5a6f0070
SHA256 13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad
SHA512 7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c8

MD5 120d859268d682389d0857756dc8a15d
SHA1 7d3b9fbd7c9733d2a2cf361f155729f518eb871e
SHA256 5eca69c6f11d360758dac700a328851821bf633b61fbf171c112e6cf5eea9106
SHA512 6bf00341cf66638fa175482fee4ea117042159ca5e74bddd13f51d1242609678753a4bc799813a13382fee8e052d1a3d989d9f7457e8c16ef6eb4619438398ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001cb

MD5 7307610dda87aaf8e90ad1b0b9c3a596
SHA1 9d5e3e8457cb2d72a6ae6889e5c72286bbf8fefa
SHA256 70244a36c8a24eb8f6dc72b5b1667925d1a74eaaaa81cbc90b081dbc344c2dd0
SHA512 0664dec38d71dcf4ccf3e3a55283a15d96a5b7f04c51e855de7661f0c3b8e1703d3362e902ff10d7a4c9848bfebf6c92b5d12281555d2785920b9bbc835198f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2fed785634f4fea8cf586b874bc37dec
SHA1 2cdf57628eb65027bad5ad02562f5b875bdb397e
SHA256 468f9d57fc052a699cd356c6b47a63cf204e03a77e3d21e707086cbd2fb2821e
SHA512 904436907b37bd6f23637d1665be418268d7534225894aa8a8562ebbeb6fd7794a066bfaf48bed8ecfcb3332607907904a8c833019a9275d719f8f9751282a84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2efa9ce6f67cd9fe84afbd319174d314
SHA1 2230766b72fb11dc305ed8bfc66570e460a514a4
SHA256 8d9fc328a1f8d853b5e24eaeeea778a70d8cc53d0ace1999cec9bf6a53d09c71
SHA512 f67860cb4fc5ac840bf8069a366ea6d0d556729d486cf4500c69ff19b796d4e859e8dedc1676df95950944fd8b513a7e4fd3d2f2ed6580558d41908dd8374a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9bd675b33255d1a16bb15d8757854b86
SHA1 d8e07112e757346df3687d31c1eb7abfadfa6eb4
SHA256 080b00a3faf3d340e403783728389e45d4846551a743e1ac5d1c1efa9ec6efdf
SHA512 47e01d3e230077267c95a3190faab70a9ae6ec63ca71b1be1df5b6bbda19f569f250f33e18f0924f54a22f260929b50ab617500ccb3d3f62e043ead1059cf580

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3b5d5d58db8df652d5677cf4fc965c1
SHA1 a72f18376ddfecaf87312b9decc587f737d1def1
SHA256 4b73d3beafde62df109dfe5a9d57293e3eeca0ad2cbac80c74b25d9a7202a792
SHA512 3a3c9a4bb51dfb2cdf326dc5b97e036922699c72dc4b3cf8b225022c34b884cebfd7ed85e4c87d311730aeebbfde4c724e3c3fb100041bcc5fc82d51fb50c894

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f64ee1fdc57b208371f0067101b1ffad
SHA1 d567c4007fcca64773276205c5cb5d1c431757b5
SHA256 f247f52ae3c8c7b503ed6cab84a7c111df940c86fe2c3ec2e2d6dddf510f6298
SHA512 14ce42c449377547b41749d7a357ad9002d965643abf70960a393927449125e77c86155203b076fa9f2d32e9db6661e34d7696b15985a6cee235450deb529805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c6214e9548ac56c85acde2b66400381
SHA1 b20f406ef690082351fd00946366cd1fb1c89130
SHA256 8aa8c548d712904373bafdf571cc02b5afdf45560413fcc127ddeae0d723f525
SHA512 0c681235c3d92fa01e56740c034320598f35566e40fd4d5ea485a6a3dc62ee4b4d22fee2a7ada47ee47a32b0dfa77b4fd2ceb406173111b44c92dae50887b939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 109ecad1779144826ee8413a1136344e
SHA1 a48462a7b6fa99a6ed30535cb8a42f83bfe264e1
SHA256 25794d1bdac5f31971f4a8338e42e0e39e1366c17bb99fc5b487e92f1cdcf316
SHA512 f34b8fd57bbd48ee8fa601dcc1a12c916c1c346834f26e3539a3f34a474f43b69477da35ddb4624e2e6b0eb4756a69993412a08964d032c2d5ea562e7c40a6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001bf

MD5 bbcb01abf86b51a97ab06dd35ea1959c
SHA1 cdbcb7b34bf2d86a9db7f40f2cbfff1e08b6fc9c
SHA256 ea26ed5b4bab7e10c4a3752a4e515f483e5e41bb7dc445e4da1d22ef2043391a
SHA512 ae76f893cb91a936ebc79e0cfb0254ff7ee4c1ce37b7e4e30286165c9b0c4ad3d73c44942a4b8f78fe22f23bf6aa46c54572bf283631d84132aa0b7647e553ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001c3

MD5 bef9212e8e6bcaea19ba91d8c3b2ce3b
SHA1 90b32d7936d3d819aae82e69149874b6490ae4c7
SHA256 d1ab046c688baa0f752121ccb942537c3d3b8beee714aa85dea382e4ca0e8442
SHA512 1e7bb9fe596e16adfdd8ef5de18e1291ba3e7879c457d81132429071de0b4eb541e7d0d1ecceaa973062964a2f91ffa6628204b503e426cdc187da8e0eee5a4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 c96b45e7f0a9a08045629e2502c3a81d
SHA1 334fade4d1276dd4374f11dffb0564a6ae27fb6d
SHA256 e1707c6164e1a9e63a294d6160f97ea0e8cdb33dacd7bce34f556b45ada6c45a
SHA512 9b30cf08bbf7a3f4d0e5b25871e9d05372bb27f4b38cb1924bb911af035c8c2dc71bf36ce343ec4fa12df48012bfc4651af037232808bc4a839134e40d9552d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17d1ea2ebc3257312e8050fed86d9260
SHA1 74e4dcd79624069915df0a3fd2e65f85a07559d5
SHA256 0e047e7848c6f84ab2861fd665d9d306a2383d5634a3765882bd413c7912b2d3
SHA512 bbea33562bb88adea9b4b605c7131a7f78b7c46eff2610a29961aa71048e413b52a7287e154b6f114748a6d9abbe4aa426eafa9f144397aeb0dcaa98fe163ca2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee819bdf7bebbc8a53c90792d07958f1
SHA1 06f7798ec1a4ca7035aab021558b848080657c28
SHA256 e7b0715908373bd5110f049df72352ffec37fa1b0f26df1fe75b0bc8444e7524
SHA512 20b5d262c07f60689b4820dd333b0bddc8975c267bfdec90718a88d4f207073dbf4fdeb99b34092b5d1f0925813a0635fc5b63b6563171d82baf884fe02d57b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 81d9ab18cca002a4f20f42727ca74ed2
SHA1 495a19d82f091bc68b16cd01044fae0210c56d0e
SHA256 523d108d8c881c43faadd77e2abb49b88a78a694d78f1eff962da4a60285c023
SHA512 e1a998062ba464b4dcce7e1813b80db119a23ecd33aac2e7343d05493aaad6ceffc2787bd53fbb8fec8f4a40b60726dfbaa43f66a9548715b729eb1e262e176c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c2217fc52af0b350fe99aee08d7d16f3
SHA1 6068482fa69af3dd862d5a23b918a6f8cbcd5aae
SHA256 97b42ae66f72d63f3bedd7ecf1730de4cc1a2722eb4c7a25adf727b41a89b8ac
SHA512 41c23eb9035979c5bda0eb6bc2edf8df354a8e94b4cad1c6b5a095e102eb6169dac72589df0c5d00f113c13efab97eef89ad2c1b2a1331a429eeb508fb084be8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c96e60476d6fc684ff396a8043293a68
SHA1 e1ec423025de3043675cb620b7f63f8fd0da8c3b
SHA256 0b8ce14b1bf6b08fafcc7dd92ff7dac62969c8ceabb9dbbc71de23aa0e2b33d8
SHA512 2694435a262f9fe1622ddd5501d1e47fed000b45678d2e06da92927e8d3bb8bdb40b199d38ec973538395048845e07dd4e19ea15109e7310c7a48b194f590ed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 32f644bd7e0b9e5365c1ad4e51d87ca2
SHA1 2f3673c3598dcab584409177a8d723ba0b6b81c0
SHA256 b133e816e9f78b2bdedca016d62a7905b4ef904a0c49c66602b2bc2297c8fd82
SHA512 123b28d5e08e4107186476492bb0d2f079927aa03e12ecc8540a9be38e06f5ef1e0c0ee347233ac3a9eb9ebbc958879e3d9f059697393725b3de02ee27996cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a1c105791d5b22270d3ce4f64a8e3dc
SHA1 e7402e7a2338c1f8144578143be568490d754a7e
SHA256 a70037c60ee591ef0b81a6a1684d514b0eabf483e0be6094ad9dd2c0398954e1
SHA512 4002420f2151af547ddf9ab1da3dedd0caa17c43899e0eb15e1db523ab35a86956a056d79e5d681fb08969290c4a80034833e261cffffa342b899cbd36748390

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72ac9b645dbff15fd84f6bcb91fedd0d
SHA1 d88aaf2b710bf588a6f664c4f7bf991c9f248bb1
SHA256 cca5254a28f1ad8f19d5f0cee4cb060a42253ce2d8cfb2fc99374e6aade406a8
SHA512 e25fa44b37c88b6aeb4510656a28a7d6e0781198e1d87e50e79b060552d5606a3a2c7bd31db6cec6aa2b0566f7a1d62be6e809c5446d92b6f7cf3fc84480f5d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6483a16444eeb67011139acd157bd7b1
SHA1 717c4e503501bcf65ff10857c81cf74a6450e109
SHA256 f925417d0ff839b9af9ee1576b83c6a349e0de448b6035bde74b2644c0a76607
SHA512 3da02d88537e2952a0c1ecf1bd44c993b3fd815f510f1bfb717349ec0dbdad5cbbfc73bb3f6f54f8f89077781c7da17555a6ae4d87632eeadebb5962d85940f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3eb2708b890d5e427ad9ad89ae955e96
SHA1 1e9ac5ab78c9b4f70be540b66c613ac623bcc836
SHA256 bc60c338109906abaa49c37b0b975a3dac0f46cb6733725257a9909f41bf05c2
SHA512 d59ea1ae1322d889b4332e659cb6bac143344a8b73e22c2eb032bddd6991dfe0c1440ad2154e91dc87117c6bd4dcc25ecbb330251157bea45cb112073633b803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a09324671ae8a2d329a43d5b01be3bf3
SHA1 66dd664d0db70f021f0a944298d4041fb85ec053
SHA256 18e2c871807990159a8e70cae253cf4602cef29757668fb0998efba4e710a720
SHA512 112e4b626ab304a9dc6a89015bb4d639fc26164504b17ed258ec8a58b1e0a18d4ea5ec8207b0753853c676ca8de828d9e5dffd64c114ca456a5ee335b0daff80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6bfabf35109a2ff590bb32d17255cca3
SHA1 98a8328ca69976f56223e8bdf1d85f6f6d881d08
SHA256 953962ec99fa2bb1b3c0e496add06c43675adbdb15f3a0bcf8bdfbc9bbefef65
SHA512 5cdedbb21b0e1e6dc94358a6dac3fc0ff6571ae26ac32b0150b7f30b6c4049c0f65406f686558a8c5ad7576ca91082b164268107b284a51340aed07539f36154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ebcf7914dd79d55a344730d8c2c49e10
SHA1 6170626aa0e0f0931e99da3bd72a921c76424808
SHA256 d7271fe97c9b23d81569882d05bc8061d077d8ffa7db08ef4fe9e15b2032957e
SHA512 19fa81fcc90d17f8d9ead6728ca9d2f7b35bd132ec1e44b0400130c205efb75d8cf45089413bf47d2feeb2f9e9ed493d4885fc8b975e29629adb0cc23b8253fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90aa051d-e6e3-4f31-a71f-8120f64799f8.tmp

MD5 f75fb53c82d391416a502d322024c823
SHA1 bd4968217d6bb87e66d279dc8b088ec26d83d089
SHA256 5dc2f10b2a8e945139017c4ef1dc23addb3da2bc126822d66872932c5fc2e2ad
SHA512 9c6717c4c902c68f3466c5f9002fef37b2e436cbad5069be01dfbfca5bd0836d316f41df2fe8fac971d8d40dfbbcad68be61b901a78f482dd779a8d85a43dd7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a3d5415cda6275eb49c7ae8278d5c60
SHA1 b6fda2cdad345b4635d8d48327c3e5eaaffd53de
SHA256 b3147e2671191cd2029f3d11cff744de5ac2afa73139c641d48669ee40bbcd00
SHA512 25454b894f8f8481882f428ca3092232d0ff8565743414f09646a2bc65b2e9bf853da953ead391d8db8068bd39522d2f2c138433e0447ea30915572f290e49f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\42eca63c-c108-4b7c-b29f-a4eeca9d5a36.tmp

MD5 69211dc19aab0d911a18acbece2e9391
SHA1 37262172d8d5a1775ae2d7454d2e8dc8779d8ee9
SHA256 cbc32b037f84618a273fcd03fc34ef508dd965fa581c2ef842e56ef369849b4c
SHA512 7f9c3e5eadecc061f609792b5ebcb760c291449fe0204a0ff356274547743b94765b9206b8a493ba2c6ad886224ac6dfe66a67a9d730f820acb172bd83dd1764

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a9047513a06fe4561caa443cee10d21
SHA1 54604f23d582c4c008ae1c1736262523b86ad62c
SHA256 64729f5160af6b2e290c1a4887d991c68f54260909c461188f56bb9731f94d1e
SHA512 c2cf2dc5e29cfd896baa1f9cffacd29a8ca80dd87bf88aec16ae9d0d5bf4d36fcaf89efbed4e6ab23c3d858d549620655936239d4abbf89657319d833ed2b2db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75bae71240f2f048de5a91c7b216f236
SHA1 73177946734143da1d8b6fddb843a84e58d40b15
SHA256 fcab682f18763d86791f73fc21dedc1d0c93c026f913de3f1325418517113f4d
SHA512 f2527f4686e6f78986dc0a52aeab524023fc4ffad71596559c5d6636adc2928b663da26b65a93c44c98d0814b57d3255248fadf6e17a70aa8f2f688143d632bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 574c8ea5859752cec1f1214d9fa4a68c
SHA1 3985fd082d205e7c55a4791fa14a08958f64066c
SHA256 14843377071fc83699ff65e5c75731cf299e921005e2918f8bece8a9b6b5e015
SHA512 7f3623f336cc74a580174d9ccb491f9054fe3cff03a316a6de032d9e68cc9cbe92b206e0e11123d5f2ac26ef29990f91318ad29538e54e0bba35d915a38409f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ab99b4c049f7e57c317c62ab4fd90e14
SHA1 43daa216044dcd71f6edbb0d4a36b5f176d00909
SHA256 ebb8925fe3656d748df69bc62810bd94977af48fc44e1fdb63a70810d98b9caa
SHA512 d6d88418b63d7f3de33705ae4af8d13b06afb55e975e94b86bd05f9c1b17dd2038adea719e86e47bbd5afb624db38667a045cb46dc5bd4db43816c8f16b69478

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa5c811dc7d0d721c773b97cb7944125
SHA1 b30a3c19d98ae5fc523a711698f94a72491a8ce3
SHA256 bedeabddfd3533f1f147cde4b6126c499ef24de00daefd9fe620466ffc768ea2
SHA512 08d2007ccd7f6883c89375a68ba7858fc15ace6822f4ee32dcb2cd052e8e161ccd9fdb74e72a104038c5ae54c7f4eb85992c7f529f8d91e0244e5a8d101d7569

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca50af066c287094d616043a43e2f970
SHA1 df2a11892e1d6e59a5a3f1e72e59fc541ea48a82
SHA256 b546bcf3fe5c6121d039b98496f32fd2b7d28173a225e9034a9074bf23b0b886
SHA512 9488c1125055f4b4d8b85418a2792d846f2fceb38c5af0c90e914477d8670e3a05419a4ea7166f1591c984575f075f458ec5a14e5b72970caabe252fd48b81fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd87284248da510f7c72a80d2e2a34bd
SHA1 c001bd4fc4943424594c0843ec3e5942966df6ca
SHA256 ef7184a95d4b771d4ec6eb657fb79ba858bb292ae6ad9bc68ca2d9e0c53d7ded
SHA512 e375db6b4175d65a802daf15cc6f8798398ae5db39610aec32d446644da20594968ca26e23642b93e8624e81c608d6943f33728264f9467814bf00738d883f29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001da

MD5 d70c6749c7c3db14e6c0c6d23c52c536
SHA1 7c64770aa05e7dc35549eab08721c5cff4b8b4a9
SHA256 63020ae7f44ddbbaf34c4b464449666198a53f9ff4e801fd24fc6a820afd43af
SHA512 e7f5b1b7f335fc2f52fbf95da0f59d145390093539d0eb625c662a37c076103064ab92f94c0f21eb7d57c44ef2697caff50ba102bc3c858f2ac6d0d20e3bd787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001db

MD5 e2cc072229b058a7b233aaaa6e4f6c15
SHA1 aaf115d9a849d8b22e5ae121eccc8f95550658ba
SHA256 748dceb6639856ff3d51d0ecd873ab289ba541b4219c1acbfcd56ea6faaa20b0
SHA512 e60f3b152e129513e5a611f9b75646aa708b7c9870fdf2d588fc7b48d923fe23e4211a6047e48648c042eaa65fea982a6d0d3b14164db16fe6f31100695f3270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 033bddfeaaf8419fcbbb70f10ce70eda
SHA1 a5deacb43e5e2ad314e8e8c8821c0c7923f38571
SHA256 ba26b7572759adba275af4c868e42d8d7fcc817a95d0500d05287abac33c2abc
SHA512 7b71fa6be05b954ce76d94b62424db68cddeafdc04d9afdf00d0b10c0541372192f4e8dc055d0808f4871c30d023482a19c193b0dfabcea203ee4a84d63400f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 49769ce9a5124e4ae896bd451d4eeb07
SHA1 915749262ee7aef6596da36277019923ccedae1c
SHA256 14373a4d8b89a9bc49818650a819a1c3109bb7a07edf3214a1a892431b0c8437
SHA512 3e51a751616b1448478781c6320592bdc1856f99c7e3c7796b707bce9a4b2cda66a18da7b2064319ac7a5a5fb01b8a5939f4f791178e89c47dab91607c7cf1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1e7f174ee41f821aac67af8876d88135
SHA1 8d394afc10560a9661363f5a20a74074d6b5f9da
SHA256 38df60881ec65e7bb3869790186fc752cfb83f1f2d1e43ae2dba17ddfced0f29
SHA512 5022ebf1dfd9ed35fb61e9018e0a6e3cc32c5f6f5e1361f909a1336b7461e70b51d5e186d1df26977e7f806667d542f6c92dfee10f3ff67dcf648e4387f3f8ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 500f497b9961e889cd7629e8c42a6932
SHA1 36b040578342fbc09c9718ba31a02a16318cdbe4
SHA256 99c7e55c5f1538ac0781ca97bcddcb726069f94ffce1bb9d5528e6c395e12eab
SHA512 30390b7b30a3bfc734878774b2dbae0ab39cbc969700888b0fa8439cbf2092b92c9c4e8338eb909ca3c6af1f06de2a76d09afafab819c9e13f4c46a69c473e4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c394d6593133f4e44471e5dc41f039e8
SHA1 2ece4acc14939e0169d355b1a2e8cd5d7f601ab6
SHA256 b6e4f74f8b25b293f1bf289f10b663c0d882b491211195756fb9a189019f29eb
SHA512 ab9ac50221da23c43e0378b0ff313830bcd6d38849e5e7421bc35cad8866f63f7bda2800c2fd2c2edb14d7f4ced50ed2beae0eea37d79e39c1f925586b006b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8e1a532d1960596eb2048c06a97b0a8e
SHA1 2fc0cf35ef9d0c77cd7695ac90ce50a660e2f22b
SHA256 655ca2ab4965bd63dca193779049674764a260a9fa012c05fe18165821b87b38
SHA512 d377516bf840715432f09a648bd517710c6c42353e7b735ba65674014c8444f9e6c176a02a19c35b9ad0dac8fe6b3438a49a96c2bad6b701b78203c8dab8b71f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 9670d7b65b7e8f38c7ad8f5daf8ab53b
SHA1 750c590170aa4e328253fab2db3f8a069ad667eb
SHA256 e2f1b5772ebb2d2d41ac3857491ff9c5b1055376014c5c95d5d653707b5d65b5
SHA512 18f6d2382cf61aaa3b61682750b0938d49b4d5fb0c241fd1254b5402136e0b9497d3cde49128652636d9a112560ff0d24d660455a4b00cd7a1be5579901e2596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e74449ffd6f0f04167fc54343d838651
SHA1 09bf3afbe94fa6193d7755798f3323a33f8f9019
SHA256 f617beda9090e922d3c959d3e199447592516a2b079e250aa92e5ed6b904a977
SHA512 1954cd54cd3cc2a3f241ae8a783d473e376e5fce6ff2cb67b9b9c86fd82a019a7b6a61e3e152932c8536a05c3d3dbc07eb613853b8c36e2a26a52dedc0f95f1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_top.gg_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7814643dae551bd5ff4e8d93efb6994d
SHA1 f243ff4aadceb30cee834044297c365ad71f5260
SHA256 9640d66b29a1e504f86bcb437fd1ffcc891eea25047a2791249c081a107bbbc9
SHA512 0e477127251d9281c669935f22e90a6ef6afb30f80d703e5937ba97d7fcfb2fc97141499aa21e306555281b635bbd774e9667dbf4c1af61df88ecfb046da3615

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c2d1dc93c5f3f170449a7a1909b8e262
SHA1 163c8df8b1322df6a7fb6f44364676ca51310801
SHA256 349688e171d639d8c19299c72d443977df9e975b4f201ce1bcd16afa112d0b70
SHA512 eb0a88698dc9ea1fe290adc3a7e29fc2be49191a927f6418ed9c4a1d897e7d744d2dc96fd486ccfbf168114546374d92993e63f2c285310942f45041cbcad17d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000205

MD5 69fb57a92535d11e3945c5ffe894cece
SHA1 63c43f0ca02518f5ea74f2a2f2a4ef99e67f8eb9
SHA256 ffb2208d5747bfcf41cbbfc0b73653bfb76e38c8722ba4b3139d6df1fe0dc252
SHA512 4819199a4f50de88fe7cb91f79cdb4588efbdc5bf76dd26481d6a41b5cf0a01ee7f707e260e8d7caf248d1869f1afc195cc6bcdaefa43257f9feecd12213eba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000203

MD5 1b867b86eb6e1dc2080c15c8b757c125
SHA1 5eaf8d6d3810e8dfd8f7b14d77021674e4855fcb
SHA256 5b4d3ceaf761f0a5ae0711a738738c07680f3396b1aea9ff42cd8892668a78c9
SHA512 04e319e7f794503eef1bfcf9f2ec57483789dabaf8a5f45ea5d03935746c0d85a492f3a0803704137f7796f1f609449296d15c64feccfab08b3b6da0da682d8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000212

MD5 75b065dc727729f69121936ff42ce43f
SHA1 f5c76b4a4263e4c98523109a08dccf0ed1af7561
SHA256 1c9d6e3d877d18f557a8ae74ff48410a37cac57c3a2aa5d26c3b184dc9e372e9
SHA512 467c663bfa48b129cde36b3980f4eeb1d5928836e4d94feba9eeadee55158161b8259d8b729215e496687c8059fe198f6e18a7f114186566bab9e683bfff3ca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000211

MD5 933e7fb34c4f4fde95d1820fc7ad04ca
SHA1 ec29f99165861a6004e8504f86389bb1d787021c
SHA256 2af9e8d8b5e477bec84213fac4f0d526842d6cdbf32191b9aa3dff1e9f1b6943
SHA512 bbeaef6ee22331393eb727556b5163b6e48df7f089577182ffc9bd30c8c12795f6d8abd8eeb7f8e0f57b66d2532f398c7d0b0c763b5c6b3f6adc7167ae5b34cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000219

MD5 3336169523f564fde218a9c36bf88a48
SHA1 c319e1b581e1d4f51f735bb0ef7a39984bc7e95c
SHA256 bb74657afaa3a55fe42d1a786e29a2dd3d332cfe19b6bfe1ccd85e9cfaaaef1a
SHA512 241299ce9bf9223fe1067299f307e78198aeb33184689f198052228da279d6814bc58a5bb9618b27167ccd7223fff0cdf5068ca77f459255b989423c9a17e0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca785ea6b88237bb3e5795768fd02ec6
SHA1 1c2be8aeaf2ec77789168d031f1fb6e00176b041
SHA256 012208371af798a47333ea6fa626240006afd063b032114ef787a5a7909657ab
SHA512 21be563f660c3e4ff48b804eb0868b9462fbc9689a5d8f35762df82e655bae6989a45aebbbc5d6afbb07796a68f67dc4cb73bd5f87bf1b581cb8b10541d4b4a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b631d55dbc03d280e0355269120fcd67
SHA1 d088b860875f405b91feb7077791474b63c56a27
SHA256 013ea583543118e8156619a1498a2399f65793023f3236cfd07d20bac154ac32
SHA512 5a516ea48ed9157e2b59598a511afb6d6fb98aacb86f4c051b0ef4c2126a219c05ff76c778778d5e57ff60dadac558bc3e6cee0ac53955217a48dd21be214509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 f4e96bf3ab16dbcd6a9aabf128d78ca6
SHA1 787848e14ba9caf0187bb5417ba0a1e262c10277
SHA256 efbeabc1b9f07c282d293786790ed6fef938b8fbf8ef6e2e11353d419a0d961c
SHA512 36de3fab158c7191703ebaf0987bc8a3a4d65174a40da9499cd9d1e8fa262e02a9fc7f323e929c3259cfec212b78f9f6042bd2cd55c8b4ad8c741501ea9ccae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d75fb6e4-6d37-4878-a9dc-210e0cffa419.tmp

MD5 91cd49c3da3fcc0a6a9c170b20fcca9b
SHA1 c36310149d1d6aa03bcbaef74970dd9bc9e81571
SHA256 174556a76737f2791e53304c3402be37e82fb8403d559d774cf7d14512edd675
SHA512 4621024fa8b0c93383374e30b1f6ac616e8e9bde4e332a25f53b749d86de727a900df1c7833dbf2d3aeba800d20c1302891f5a396e78fa4e8b5b3d1d98483490

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f0aad2168ea83732ae7b8caaae8b11f5
SHA1 ea51ede45c1485e2d140bf15e88a6501e29ae870
SHA256 b23554088b4fb862d7a111a7ceb3e508176aa5dfd69c40ad5751d3eeaa308e50
SHA512 d0f3c241c9b78372ad83e60dab6e96cc1689d155dd654deb01db47ac1161d9fe995c8068bf574dbd93ccbd731b7916ca4e70bcfc5b3792dba11f5c317ae3ffab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 783ac410bb05edcfb082b6bd78d1996d
SHA1 071de06bfdddc7e3183ed28108a1bfb14b860a81
SHA256 9e6bcd1107d2cb628f1c61b725a0734fffc09f330cd2e1dfa871a4ac622ab371
SHA512 9357626a2bf0ca625a8dbd808e80c3d5282076f1704d20af001529735d2e9688bb1920eb3fe73b8bde30c153671717d9490a32a4bb1d3947d6810270bb304eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c6e672103760d14ebe56d96a2f24ead
SHA1 a77deaea09a23050ed63b81c9dd732623abb488d
SHA256 7df7f4504abe4c4694d03263d58ccc83b7a208b83229b12da33b9e1a68c97f0e
SHA512 5a124145cd0073b845de11f7529805fb431a478719d5235f476fa4ee9bc0d939798ba6af5a4a3333c1158f2fe5070a221e4a1dad8838f31344f25d30fe4f2ca2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 47b116f83c2476a88ec4b8d8d851a255
SHA1 a0be0b0319e813b22a156904fc9ba8b15b9ad655
SHA256 33520fc1430390a3da2c3f36110273daef98826aa2af68d6498f4426ca638b0e
SHA512 24e9006d74de72ff53e0a7a5625cf4e3b50bafe197b5f2fd789c4d07c1c933cea266eb12663bd6c646cc8809150034cb3c13cbd92cdb6f1c9acf2900999f5e33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1cd27a5c8eb330032afc54b13f92b57
SHA1 171a98a3192bb0c3d858b5fa6a4104c1ce840612
SHA256 da10c1e947c3a1289395efd1902a204026e4f4737d8fc96a533fe942038a3fe4
SHA512 356737b5ab9b546df81e516309dcb485c0b26569868c3579ecc823909015b40f459f0673a3bf96142e3a282b01397544ea56c37bfcae46ce88d97af38069dfa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3631da9fab5195c7ab71fe6ae7828135
SHA1 2a0b48b8dcbe4c402e321cab71b5cdcdc25410fa
SHA256 82c18d285d203942f038fff4b820bb77c47eae286c664d6f3a870fe2750a795c
SHA512 591bc816f7a9ae71183b473ffcfa5eb0cde9a7be67d4dc575d27303879ec679ea1f240a6375a71f3661469d0f030d62cb414bfea92e01b6e60f1d559291ed0af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c1893878da2906ff0158357a3b5af2f
SHA1 0c5e215c13352adf02438124186389f02e3fe7ed
SHA256 b267243ea72bb4da563fdc7ac2624ab766c97b39e325b52ec33a7ac2d6cc574e
SHA512 cc1ea74b235387e13ab6a380365e415986b9d41ea049a40a85ca23199e158630834118a5b053286b004d908460052353932e18eda519c6680605b54e5e419a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 12a1f5821a7496f2305cd9dbb6c68dc3
SHA1 62f5638aeba529652d7b5138f61f8d142b946b97
SHA256 bdde6bb2b4af0458aafaa48c4d261304cf0d13cc0df7227d46c58e409b524601
SHA512 f91eb875427029fbdb06b2b59ca8ac3f2a337ef70410fb141bceafe974a8dbb6c9e88a7e9c3d93c1dc7bde04fcfa4bce6a9a3bf7ec451188ee2467fc7f6a9af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 444a1ffef934d0f08b67c40dc50ea5c7
SHA1 7f463d96db3ab9984418df7a54248c246be4ca32
SHA256 d97955b4de90366dc41fcd897927731e13a75d05ca4ee9cd4e3d30b71b4b7e55
SHA512 7acbe81ef81fb3ed2c13f4ff0063e4d5c809fe2ae97102b3643890d97b12a12339c1bcfc52feecae0bb23bc5b9a644d50d74fb1b8874c36670a2e124f7e92eaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe648b2a.TMP

MD5 4d839ddcfec9d13e746e4195da300714
SHA1 4ae12e6c2c155a0070a7150b3784086ce21931f1
SHA256 abbddff1a6ff4324157f61ee105485b1e8c98d80d3d51462032d6993484fed03
SHA512 39fe2af9934e2c4d51591a84e565607b1903e943e4bcf17040276a26aaeeeb175fac200e11ca8e91604304c0db04ac4ba09c654a4c49455454f40695b5a5d112

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ec599ee509c16af33c5ddd2d27ff37f
SHA1 cc454a7eff759cadd9cba5e4b1f914e08db168d8
SHA256 f3e6914b69e2c23b58a569277cd2f0cf96de3b1b744006ac3d91d0a735151648
SHA512 19313b75c57769c5fbfa3a693a9630a0cd353dbb3466e4041660dfadc1d837cfc66e2c261acb041f3f9d0afe2eae4edbcf5dfd04149069585f7d3245bf287473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe64950d.TMP

MD5 713c5936dc9e3eb11219b928e5de681d
SHA1 5494dc5d888daecaa62e90e9f17ec8e8e420b916
SHA256 b1ea28df244eba60e03709a6759502d0dcbe5c3572fb4a29e36a70278325688a
SHA512 4223b9332a8beea0df2c9dd29d0e859ec35cb05294142866956644eaf7db1db689dd6be0315867af36168549381f3518e8abee2358ffae8a977efd93a8d3bdc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00025f

MD5 08f9985e49aab1e6c5e9810ef6f8afad
SHA1 c0b6d51c227bbe3e7ae6151536b633c007d4c609
SHA256 ed2477616a2ca75ef014c2dd86b28c1d9a042c8df9bf72c76a61763d430d7f18
SHA512 80cd2c3133e37db5be277b48a1e3b1a319f305e52bff72ccd73775bed04ed64d7fa0a2ae24ac7ef5937257a31bfb7e19c2c95a851a52b2ce398bbafe4f04993d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 e2896794670f13dd2d4d13b86817b168
SHA1 58089c9c0955e754f116b29243b4c834e61e1570
SHA256 7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a
SHA512 2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 45aacaa4775a243623af7a9d215ce710
SHA1 e651997a7c73f585fce9922be6c8566c34547f7b
SHA256 a7ceb16adfe490b061220aa5f6032b3b54f58cbf39aa443e955dc2c049c08499
SHA512 dfeb652ca0cc9a7816f8b64b4bb2eb68ec8bd76ce7ea28fd084ba70fa20a8de095abed95f650dc0cf3a45ce551f508d203bd08c2d25dbd0017034c170b4416c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67c8628cf3878d7f6b248be624691877
SHA1 8dd2d3c975aeea90bcd3dfeb796d5b647f0c0883
SHA256 87d68099666fca22be6e8937b172289dfc81143a427ea5f423aeee5e171c4596
SHA512 7cb136c677cd431c3d191e181d6d62bc3e4e6073ad363ed47187ac1d62e73e11591dc7e138dc8f10ca2b0e6c0cd624ad6b50a7ab5eb82aa79483bfe0a63ca9cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 329cce6622f7cd3ec1b5ca98d4ca63c6
SHA1 d5f1267f5520fe4ec46a1d38d4e59307bfb94061
SHA256 f8b6f6aa99cec3e0e12db322ffeb0d289b814ee52129b9346073d0a67d3b3719
SHA512 400d7fa473ee89a0a17d3425ec5a9fc7ed36f571e8d54bc377f439ef95d16c06ba0f0a97b84dfecc6601c4a20b4281a63453221b67b9e1d15ac17378bd032510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001fc

MD5 36d700c518a7e72dd36e614aa1255d8b
SHA1 72da7d803e0ac1cf68ff7f452efdd2838c783ed3
SHA256 3db0a915588e735661e23b07036c64ff5e796139ed1476168541cc087e81265f
SHA512 d624f62a74a57565ab6bb2219f0a33818a9bd22fff0e1382501de42ad9b643d80aec9e4eecc3f3aae5114838ee8c8b14e0733a8f7a51e0510bb8027b9cf6a7af

C:\Users\Admin\Downloads\Unconfirmed 133531.crdownload

MD5 027183c8f1be3ad3b30d3c8cf7332988
SHA1 a7de0320e768d2f737c30e77be4ca5043c3dbe55
SHA256 5f02e34dc5d7a478675fef3b4bfa9ed321bf6b6f8d6804aef7b243e360fba2fd
SHA512 66aefb4f2295d66da768ada2849e498145ef0f8d1e2e4c4bb7daa1745b6937742451c2f1eaf3dad35833096179e4b9d123487d744106a709f34c6a7bc8f589ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001fd

MD5 e1406aa5902d91a237addf5bb1acbc96
SHA1 7291b9d2a74fa999f7472169f8a08c988f560cd4
SHA256 9acb397496ddb11b114d64d2d781f8da687afc6f17748bf1359f68f365aa0f09
SHA512 a4d81423c126865d8a79a7b050bfb8aa6b10c54ff46cb91bd7c4452788daf8ac856dbae90c31332ece6260c65031d506bdb1db9da8b79829bbb306049c021dbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2370e857f91eec60b8da5a99edd612dc
SHA1 36519c4ae33bc9879964ad6f509a91c0bbb89a17
SHA256 de812901c42c8b14a5aa2ad71d4699d77f78b0e454971003d28a4b9c0db54202
SHA512 2ad6396a7e02503f9bdcbfa81bcb5f7c36f7254a56873fc192b8da90b110c6a9163bd078f697338005e39ad41a0e56acb8b772efbf0bb84139c953baadf2e9db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001ff

MD5 11a74db75150025dba34ffaf06bada49
SHA1 b5cbe6be9be0e1a7b10388508e8a778a924c5440
SHA256 3a53542e646ab99e9b40aafa7a6ed55d7cef5e4c0ef45e3cb69ca3f1bf333570
SHA512 252822360e7d17ff663cfa0b77c71cedb9bf0424f4b62b19ff2cd2269850d75a72973e7c020d4bc5e9aa8c6fe7fc9a0cc1bc2925b9f9103a6d9a4c59e2e41f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90f3c37fab23239fe32e029ebb645ea1
SHA1 fc88cd4d44ae135775a8dc6d7eb9bf3940d566a7
SHA256 972289d1ca8918f7b85e6deaf75657f9879191bc52e6dfdad56ddda4f2319c55
SHA512 2b697946960b56a08ae15e3b2ff30acd71e5d91be06e8e757e667855268c5d9567661d5cb66dc69cff882f91d37b0608033b76e67a087527cc2c401413557b6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a049c6c4b52be400a47538d46fa2e951
SHA1 c8d55e9ef54ae1eb6f1a7f9746e0ccb8e511ea75
SHA256 88699d4378710066cfb655f1b9cae69a3cf28d3facc83baa6e17009ca71fdec9
SHA512 219e2574974cf00971ae3d27340a0a8fd7f487e30494be777611693a0d1bd4d80ebce35443714c231dc3701f87cfef9e31a2870037673c1cd21430b2d65d0710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f364310d5f8490cc305a5944c05437c
SHA1 52c05a2e212a18357222a999ececd03d9fb3a909
SHA256 59e9b6e90e477c7b42aefecf60eda585231dcf23984f17bf2423c26b46266e95
SHA512 75796963cc4f40e6455fe3e887782611746b73faeedb0a53270eb5d349c6b3a1d759019dba338d2239e90ada12df820d8b2438dd3425cb639eee8ecad69c6033

memory/6956-4740-0x0000000006C60000-0x0000000006CA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 186715f7507af1442b39e3d81e2e37d1
SHA1 33111f9e662d9a885680d1ccfdb7424a7296d0bf
SHA256 1267d118197cce9b48277fe3e7d83e40cb891422648b59359c592e7eda0a8ea7
SHA512 e291ec6e7f208ad5b8982631a919223b194cf908550efb00750203a98d042fd9528a53eea5e4b48b863d37abac6690a803672e6fe54e8035323e257df12a9d9f

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 88eea09427500e5e467be9010c4c5afe
SHA1 8ff433300eb702e6413262cfa8595cb07d22b06a
SHA256 f5aeb7f049e4e44b414d68b06e82a22ec3fe08d58ff2991191ca4d3acd9fdbae
SHA512 feb5ea900dd4611932d8ca9a69b8d9449451b15ac225da41d7a7d060fa69ff7c7671f75f6aa37c00720f4bc24c7e19690fda00090f94a7431748de236b583bb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 df214342813f0c6d1351a0c65b3c9714
SHA1 1c6e2f06a7f231aa0290f9e8f6f77f651dc520c9
SHA256 015b6257e44fcf66859a5ebcc00302254426a01ab593151b88ea840ae0b4e185
SHA512 f2198bf3613de7abd8fd8b44dbb295017b01a8cb2874c827f7a0d71bc21930ca19b2190db5713af4b0e2b19db5b40d287309f9c13bc86fb3d48bd249f6849275

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 bd88dccef80d5d8a24676d3ef35fecd6
SHA1 0e73f9002ce0097dcf47cff6538526a16c55461e
SHA256 bc5b402da925d7c04786aba3ad0e7d54579668fff94e038d130ca6c550be42e5
SHA512 8829b2890c36b9cd6774ea6272fa3ca73cc1678718e1d301de10211dddfe10f94b6bc05d3f58a709b81aea87a5330cb5b4977f1fcec9a51646a538f07bc4e26f

C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerLauncher.exe

MD5 342d1af7296519a909dbf9d57f966893
SHA1 ef1191f64533bbdca107d88619008fdce9b65fca
SHA256 6c4f27f31a9ad78636a2588d28a1d7ac32f66e99c39d28ff04c420bf6a0424df
SHA512 d4bec44d9fc51b03af005acba5ea79cb6f8b09b58d07390fe9cbbd6c5c89a0f29fd01631a223cbf58c27e6a849019ba0b2ef4d67828c407035c7b85b1c20d707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026f

MD5 32622161783a33a229827a2a0261cc16
SHA1 0816cf0b1f0425e501b949dd36ba85704cc01618
SHA256 631125e9ab228ccc5ca7cc723eabc683bafa245f2e63b9fb23a55073df017c12
SHA512 827cc3ccaacb04df9fae9e8edc4a83ef7715bed19427fba872762f967fc918505dbc08516f3a613ce711dc443ad733bce9a30963c5e6adf08b03aa6796c680ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000270

MD5 5cb202b0a8724cc9973298371ea2e69c
SHA1 f842312ab227bdf0b4ea4bc582f2b48edfded651
SHA256 f9803b78e61ab0df724ba36f31e7da20904b347561a0bcc0ad12e99162f77200
SHA512 5942bdd8f6b65a6a6684afba4ac61a097eb4cda9996c825b66d03b60260bdc7b268e56aa821a0a73cda2bcf9b0eadeaa9c064995120c21bb72e7517f6f3b7142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026d

MD5 671fb1a7b360b7f4281af5e52acc2c84
SHA1 8ed1a2b9c734de55eb0514785097c95718a8adce
SHA256 b1a1e1e797e1c39277153b76df1dad2a8fe3edd1419540c4fffd3574a4485436
SHA512 26e3cc37f83142521bfeebfd2262b127e321e949a6e4477f17db793c8ad65bb23ae7ea8b45a433d2237fecf6d8447e907b25feb4fa3a26098ff481ee502b2a06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026b

MD5 15bd216e6fae9ca480c21db01ce4ae3b
SHA1 ab44f299978d6ce76b573347f9693e80a2bced7a
SHA256 dd788f4010754d48447e50c1522b5a1e8ccf4ea457c7d80fba4f6f6b7f24633f
SHA512 1af9d9ede7147b338abba275225fb37655ef1bf866ff1fec1a9c9316c423feab1e6b33079c4064ac7994b9452170fe0cc6bb8f20d76591cf9b3df10fa9512a32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000267

MD5 f58a60a5002ad1620c16c6533556cd66
SHA1 3858874a91ed903a1b800ad5a94ed04336f9c912
SHA256 b68cd55cff587b6ad92f1cbb3814b0194c14f83e9704daf0bbc370c8418c2b8f
SHA512 885e2eeaf53c322d657a0b59843c5fed4c8d96532e7eead37ff4873cd1374f34349a4c78c2baf129dc01cbd75fdcf84b140b0ad5e55b9d1139977a335e1972ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000269

MD5 8956576b30a16412013fc1f5b3303fea
SHA1 22dc41046adfd4a21e6e2bd2fac2987e5cf9b3a2
SHA256 9ac49f5203bcd72663444fb86d8f4c0befbadc3f0519452ddb0e150d14c067e9
SHA512 8b2e0e8dfb81ba491067ca6f4849be4268537b6bc086a3e5680d379653e55fbd8a3472889ca898db7d0dfedc961911e0a31e4706cd962fbdb383c49f860c069b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000279

MD5 1a528f8a27f986a82ac8746140cae211
SHA1 444e01ae247a0664e446dac79af757194aee7438
SHA256 f813cc95f8d6bfd6463e0d81f050cb680140d9a90e1d582f2668ba7217847f71
SHA512 a64bee28fb35a921c490128ac2b8363869363f6ad2a9a82eb41587a7ddce530e99c2ff00f80eb222270b219171289999876643ec491e6691e8537551b424a5ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000277

MD5 8c4bde50e4b58a0c914b6b040d976113
SHA1 637e423ce6ac8642005195195d76009e9603226e
SHA256 d7ffcf0f4579b2788080197d1e7767e73a928b2bb07b518b413110bbdcbd5497
SHA512 3ce86cedf3b223c590304a9d36a29c4711023b61da8d0a515838ce067a9afbe1863cc4de0b7b0183f94543ea3e4be26373f60f9e839db2ac3fea9cfd312d3d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000268

MD5 4f23103d6f2f80089fb6cbaf29008349
SHA1 ea48d587f8321bd1bbcd7f0ecb42c9d2fa47245f
SHA256 35f8ffaddc2f7e70317708dbdb2666d2364b348a9f01c28e69d442838168911f
SHA512 621fc4b03bcb4ff9f065c815a8d50515cbf82ed9273400f923d35adec96b7b9343bd51f4c19ceb314e73754a57750000b2eaa6973f113a22f6bb0d323052d89f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00027b

MD5 c9622ecfbec2c14d30f390909c563124
SHA1 e29362819705bd8c4605b587802e428f49e64385
SHA256 ac39ef36dd53c77c687dba333b3c15520e07d15b6d5accdd6fd97722e5541e54
SHA512 0202139174d294ff371bf1eebd23ecf6ff30ee43f771ee7f47d1ed86601c2fc727a19519facab355521ff73baa8f99589f0456dab76e160f3895c073d0c78832

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000272

MD5 1d0390337d1a4a58e5514be1a9481ad6
SHA1 0c09b611223f335af2a42dbc371dc95ba4f18979
SHA256 c79f0eeb2bca4905c585c50333db3c6f727a554f5db82e64948f93668fbc18aa
SHA512 382e5d7a61398d54bf15bcd928ec7755817fe92a860840efac6f6417229678cb1fd1756c5a7c82e02754a23732f63882c4a640bc6d73d28f30110d0028ae6fb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026a

MD5 ab09515e1aacff291290680ca9f4066e
SHA1 95f60d9ab1a1a714f8853474128f453b3df6b7eb
SHA256 8159326db5598107584c0b9e06b8e7ae6c581c90199f3e5df7eb474df2b32964
SHA512 251a09d0e4d4e80c22b14e2a193310d3fb90a2607c9b78014d12913695b205713974d2ce14810a81fe2a4b03f2c96dc8696d78e6a9bac44776b7ce3f6d5b8dd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000275

MD5 909f4b9d7bc03a926d35e84d0c99ffbf
SHA1 25b684ba69d5704b6238bde0291991aa04b8cd30
SHA256 c139ad55acebf739689cc1e29f84ba7731dc7ffc03f70bbbbd16929e3d439ec0
SHA512 bb494e2af43f76ced9279dd01ee73a0326b2d67ce543ac27d0b9977c26ea2d59d5ef082e326eb3dcf164b1fa19b150412e942e2d0c007a2012d68bcb76a2a896

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\5af4685be2a700377ec7b86f8db2d145

MD5 5af4685be2a700377ec7b86f8db2d145
SHA1 699c3059473043ea3b4a774ef32c5e5c2cc839e1
SHA256 3aa996a89c7cc35c138d42b368d401c64118e6944d957d88c20645d6b1acc8c4
SHA512 c0657b09a2d5c43570000948824d59f81cfbbf8816d647b418c5b22ccf68a24d942a99fa2d6b076054703819704da572be1afde5195747c28ec6cc51c8ed5406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000271

MD5 30c885074d0320c0932e06bfd537c915
SHA1 a6346d950cc00d3c75ff5fb40e00038aa4f5bc8f
SHA256 4c732976972bbec8b2b0c579067f6ab4a143263637e6f9a6e2aa1fe7f9a68e7b
SHA512 64a69f91076e7f27ddc0da1a42791bbebd2b28f5f05ce39d070a177c415e6830b2c3631d392b3dfdcb6e299ef4828079394bdadf0bc4062448f0bda476ec79a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000278

MD5 0a462c5d67f8da8cb53ee167f790ac4a
SHA1 baac2060ecc37a39d18cec391fdd6ca06084b991
SHA256 9d666b77bcef5027ddb0ff5db2f0bfc74a2b3e8dbac2f278cc56802138c08f9c
SHA512 b64d9e86f75c117f797ad352429303555bd2266bce4fade4ea938cc37f636c20e77d96872e5a32979a5307b72942418302a44c761602e2bf8c59c409cf92f1e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000273

MD5 8d28c7aa90d34ad8b5ebae2ae39c2ae9
SHA1 8a4496f38eb2133584081ec29cae0d260b3e1675
SHA256 01f79778527a4d8a315ff99326947cb74314fe67103a3a6ab0857bbdaef96e72
SHA512 2f478a5d56574f32726cbf7778128108e8159bf63d150f6c8b6884fe95f43aed84e71eac5c89b6b3d626105dfdd5de4da63d063e39f932da55badd5b12f3b127

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000274

MD5 8fada370c5c5839080f35d3c12063754
SHA1 3f02c7d7b471a66454d227b909b63ae140781985
SHA256 42ad22a8cdd4cc66e8693826683106d9f39558cdf186e0a8f6244af315732322
SHA512 3b78cbc2f07b8b33dce380490cb8438f4aed5c56c7d407e6f8eaac9f4248db589f3ffeb1e40b53b46f931acd8f486fa7b25892d701fd80ae979eeca2cf0110ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000276

MD5 8f379ec2b22ff106b837d79f7fdbf0d8
SHA1 977223c04f192d8a157603c1f18d6d6a301e88b1
SHA256 6620658a6288e6b58b8d86aaef4e7734e10778974e9a01d364fc7aac4d35f10b
SHA512 1aa837f64e2d9652221ed5bdbf78c353e04a0536d09a3502a230b7f2f034dd404bef0e1a4ce57a42cd03f860f64965d94c2b638aa0994a3dd41fdbc6d751458d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d66e5db2e6219b7168555e9070b36131
SHA1 d1b09f35097d40d584e133ad66e19aa7fadbded4
SHA256 3481f6dfaa21f981c6b2abdb58b64b9f4ba0535a51457f147c3db4a88418e721
SHA512 53bc647128f5e88156b0fdd5c5307c8cfc541add7731be90fbac0226154649e1bf60185c18dc9f46d1d2a549d9a2625546cc0c5871eb5f2f0c4f9e0572aa7f51

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\dd6335eeb666d2de73a83d397429d6ab

MD5 dd6335eeb666d2de73a83d397429d6ab
SHA1 3ee2daf1c2acd305624d2230620a98357653dc4b
SHA256 a27882e1f18717bfc9c51f83eff005d2228eb9c6df7ffaf4026192c80c8a0f70
SHA512 9eb5e68352ac6b2ca02d0e749eb08a157e0a6cedc4cce3c7d3dce7c69c8ffb11a01f65d5acf5f5910c7f7aced7118cf16d729ad1badebc37a57108a604c2ab45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34dca533f2e672da67dc8e8282ce0f11
SHA1 5a6abf3a578e1511e05b8c7dd8f18cb47bbced2f
SHA256 c72265c855fa183b20c5f2aad55971b1c74fd10995a6e2189b559a7d848e026d
SHA512 e6839afdae229bb59e641c4218a9b80ec049801893d1e2e29a78cc33974797c7e053f2e3dffc63d99d3b4b8dbe10d66b3cd89d2add6f380041bbf848ceb9408f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70c28fc772ad338ca5c4c410dd75484b
SHA1 ffbc247efe84e38e0458f8f5886eae15ec46dbe7
SHA256 3719cf99b499357caad0eeb8b8097470942da5784ebd3ea3dce33d6f967cc106
SHA512 12038943105cc77491777cf6f20d8dd686e7256dd6592e18ca20cb8dd21723700df9e62afd35363e35c0d148a8e8f8b85bc0154c7cd43783ea0f13d5238dd5f9

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 0d566ee06fb9fcbf77bccb911ed9f167
SHA1 2e20aa493bb9fe9b593b6d783bd0b1a55e5d39c8
SHA256 9df70867852985b30fd2ede602eaff6dffb46d6d33ee127c536a8c57f786d7be
SHA512 92d76eb713e810ca397bd8fb6c77b8d5ce82a91254623200f1fcaa663b27d0c0bff64ddbe7464cf9cfeccf6d6823172da2e6e78a2795f0cf255db031908da0ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c36aacd4d7ac8741d8a53a996a1e4a8f
SHA1 f494fc80d81cc40451d526ad1452e691d55cddc6
SHA256 5c628267717e46ada76640e67623f6f76487d8caa70fa38487f9d398505a67ac
SHA512 afd21d9f6155ddec93122bbee4f9fdec9b4b4302e1652cdae043bc5057cabd84b64c28c7d17cd46c62f0fbf4f7f8edad1685addc93a7c0f3c5333a8352ea7220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d7d4716adc8b41ca85afa887c54c2337
SHA1 269555d69b643cfed23972314cdd4d638763e7fb
SHA256 79c3b1b1a9149ec0437f5f5e4a3e64030760300823843d64eefb3d2d75630d52
SHA512 529b2b6e64ad61002cbab0b1544fb0b3c20234db6c39c4877bc1912d937c2d48b6fc4228d2c4e804d8cd5b6aec5745f6c4945390d50d7e04dd8721ecde5be9b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 26c121ea035c5d8505cad3c683a33e26
SHA1 39b46077b67002339e0e777bb4984d24110dbf27
SHA256 3e9de42246dfae7008af0981f49f96fdc720ad6efaceb2112cdeba238de1dcc9
SHA512 f7b3adf23bbd9fcd4498b4d7ae4534331344dba338d41f313f477695b733aba7c27c2523761db7643d090af674bdf9e3387311299bc547597298df80738c9210

C:\Users\Admin\Downloads\Unconfirmed 963368.crdownload

MD5 5f7548663f208cb2fdd2350b916719a4
SHA1 689f5e7275b316892c88438d3bcb1ed2bf643697
SHA256 69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f
SHA512 4ea59a095cdb5ddc1aba1a4a46b717799012cafdeca795e84bee6c5f5892300c82e7199d1e3f70503d87f6fa4e8382137d0ffb738776785fc2e71d2037a4b961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2a3d2ecf17fa8f27628e5c5023d0bdc
SHA1 c2d64d6143b27f8a233b8c253814f7f42dc6c2e1
SHA256 564b2ec009c71fe931ea69d8db4c46169293f6f4b15bfc14edd1e818e18721da
SHA512 e40eae83f4eac69c3fdad2eda82e85b2e763fd68f1bc2f38592e1bb7ad24b196477bebcd4ad517c71926e07ffa09565bcbbd21826dbaa74bcf9e3f2d58d71a87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 948be33410554fb5acc139560b8929e0
SHA1 5ec20e2eb94df985979e24268b716fc0f1e118b8
SHA256 b2364c38253c91362706f5025e66044189c358a887f3bf356554fff097a92a80
SHA512 f3db525a3cf125eb2e51ed47967058b339a85c0d553b86984d7f6a3e507b4211bf956d4c126a1dfb7d7f90f92eb44970d2871fcb2c814c93d599ae093e0532b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b19b9d23321788f80e097a205fcd53c6
SHA1 5a8bd626bdb5e1e625768283d70ad3b6c6cbcaae
SHA256 23e4eef930e96a7957670a6ce234fcf6a270f38656c413e2b2c3c12740697162
SHA512 6a35c13a94a6c0e7d502e312b0c4e27360528245f33cb4e310b71dabdff8d3c02db6f6ceda920e5ad020ce693df86cf632af569879f897ec436ecf6a3a873c51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c119cde511aa586b59828fc9d2f27f4a
SHA1 2855bda6e242e8a0683eeff70b2adf98589f8227
SHA256 cd2df4ccde27ad91326dcf506e2ecb793d56b2940d37c62ea142e3aecb4d07e9
SHA512 7f6e53eb1c3d8d954377c12a61ce94b08a51e5c6f532528b53b9741bfd1ff0f25fcbd79c45436744228690df67336a33fe31e6382328ba7df3dc4a6e1054e0f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cff5b349b967bd678ee61f9aa48cbed
SHA1 c26b8e5d7e413b9b5341d7a4e15283471cdd46e5
SHA256 c24953e823c226f29969697eff0ceb0d51211420f068c87b0c5acb273de842eb
SHA512 816d6c1ec0f99032efd5bc28018960ec049bcf2a272d01c85d6cc6573c06900e33bc6350efcfb9ca972b0857e739e3c5961cd1010451a38cd8ad4d503fa0f0e4

memory/6916-5218-0x0000000008C90000-0x0000000008CD0000-memory.dmp

memory/6512-5231-0x0000000008780000-0x00000000087C0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 badbc009f17ad8ecb140bb83fa3fadf8
SHA1 1871141465f02c38f87ac7211099f523c2c13aa9
SHA256 a52283fe30f3adc49e61fe8b52d25066207081235b9f8e1397076bf12b56840e
SHA512 4a47417108e6eeae8c8a21b4771d4feebf138dc5e4d53069b1a8bc597f797b151ae1ff446796e31cc87744540aeb5ece20bae4b475f6aa24ac694cd16fe47a35

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 302a4c83b063f7a42c86c200601134c7
SHA1 d44ae1da82f2caae99ac150ffa5224c229ab6e0a
SHA256 df83853c2ed1a7c89370c546bdb80bdb3e09a7de08d29a2549fdea7b05e29d6f
SHA512 1b3a0ef59072b39588b85be6164e81ae7a15690bc8082cbde5f39633509255e97dbe07bbd5af77884a2eef645705081021c890e2a0bbe57712350855e407d316

C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\Installer\setup.exe

MD5 4c7718620e1040338dc7b6c62c16eeef
SHA1 aee8016c2ccdc8ac24fd66c4e53556ccc7f260ad
SHA256 7b1b38c6df6fc88d42a3e89da478803bcf3ad49f771b86edc13e4da247097747
SHA512 9ffd144658f2e9015d4c0a622618a1aa07ae7f2959d63b97b0817426d43ca2c2f16d7271844db8ea27b691df53922e135cc8a94fdf1706057169e9d5887fb331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f8390aa3ab8cab027814448d9583803a
SHA1 4b81978a4e7ce627d426628fafe36c749c9376ad
SHA256 63c20fa18da1f89286fa51417554f6e047f286a2dbe14c290551fd74bbd80a68
SHA512 830499d5b27cba09bbf80498e71066415c5c54767253d9d6bda8c09506aedead29ec4419569ed6e8b01f9842f2b0ee5aa4686f051865b705e6b018ddd11cad4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f3ce2bf88afb2b2f0bd68076108e5c6b
SHA1 f1e8c9097639588e2bb5268efd825b597e407582
SHA256 50cddf79643ca37ce5471abbd907f33c572bdddde67e6aabb3bee689679b95bb
SHA512 bf20df45e22b538fff5591233e388eac019dce802c6680f0a40191f8690fb5441cfa87cdffca9085798a9bf76df6f295d3c0f6bc239e47c9d679cda6ccf98a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c49e21a404ba735ed02b86a8eae735db
SHA1 94dfa873cbdac661a01166ae7367c59766a5430a
SHA256 f9331d40ab3ebe54845c1533ada95b57ed07e73546a37bd75628828468f3e637
SHA512 8f12983578d8e209cdaf3e61446d5799a7e65d5544210e6920b61663f6bbaaa786a12b926f533ef2a8079f66d83ee4513a008ec4137dd82352c60b06f5f4aefa

memory/7096-5483-0x0000000000CD0000-0x0000000000D05000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

101s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Newtonsoft.Json.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\Newtonsoft.Json.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:11

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-heap-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\api-ms-win-crt-heap-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

146s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\bin\Monaco\vs\editor\editor.main.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2025-01-25 22:09

Reported

2025-01-25 22:12

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-arm64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.35-x64\runtimes\win-arm64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A