Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/z30Ajx was found to be: Known bad.
Malicious Activity Summary
Orcus
Orcus family
Xworm family
Orcus main payload
Detect Xworm Payload
Xworm
Orcurs Rat Executable
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Checks BIOS information in registry
Loads dropped DLL
Executes dropped EXE
Checks whether UAC is enabled
Drops file in System32 directory
Checks system information in the registry
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Uses Volume Shadow Copy WMI provider
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of UnmapMainImage
Modifies registry class
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-25 10:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-25 10:28
Reported
2025-01-25 10:42
Platform
win10ltsc2021-20250113-en
Max time kernel
505s
Max time network
871s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Orcus
Orcus family
Orcus main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Xworm family
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UZI.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{5735E73E-4EE5-4052-AD27-8ECBB8D481F3} | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{6B5626C9-9653-4531-AE76-11F068E33FBA} | C:\Windows\system32\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\configs\DateTimeLocaleConfigs\de-de.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\img_key_selected_border.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\fonts\families\Balthazar.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Help\EscapeIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\AudioPreview\play_hover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\FaceCaptureUI\button_control_record.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\DeveloperFramework\AssetRender\hierarchy.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\Banners\MonsterCat.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\TerrainTools\mtrl_sandstone_2022.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\UserInputPlaybackPlugin\ArrowCursor.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\LegacyRbxGui\PlasticBlueTop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar mask-90x90.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\avatar\meshes\leftleg.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\TerrainTools\mt_sea_level.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\homeButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DefaultController\ButtonL2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\TerrainTools\sliderbar_grey.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\PlatformContent\pc\textures\water\normal_14.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\avatar\scripts\humanoidHealthRegenScript.rbxmx | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\fonts\ComicNeue-Angular-Bold.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\fbximportlogo.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\GameSettings\add.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\RoundedBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\FaceControlsEditor\face_sideView.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DesignSystem\DpadRight.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioUIEditor\icon_rotate6.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VR\buttonHover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\COPYRIGHT.txt | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\models\DataModelPatch\DataModelPatch.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\graphic\player-tile-background-dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Emotes\Editor\Small\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\icon_friendrequestrecieved-16.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\MicLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AvatarCompatibilityPreviewer\test.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\KebabMenu.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChatV2\actions_notificationOn.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\AssetPreview\preview.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\TerrainTools\icon_picker_disable_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\PlayStationController\ButtonL2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Help\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\FaceCaptureUI\Background.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\PlatformContent\pc\textures\water\normal_08.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\msedgeupdateres_gu.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\gr-mask-game-icon-48x48.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\CompositorDebugger\previous.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\LayeredClothingEditor\Icon_AddMore_Dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\TextureViewer\cancel.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\fonts\NotoNaskhArabicUI-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\btn_expand.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\LogConf | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\3 = 04000000000000000000803f000000000000000000000000 | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\5 = 0b0000000000000000000000000000000000000000000000 | C:\Windows\System32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\4 = 0420000000000000180000000000000000000000000000000000803f0000803f | C:\Windows\System32\svchost.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822747670701102" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\RulesEndpoint = "https://nexusrules.officeapps.live.com/nexus/rules?Application=officeclicktorun.exe&Version=16.0.12527.20470&ClientId={C88FA0C8-2511-4F5C-881A-DBE6EBCC0903}&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.12527.20470&" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe_queried = "1737800986" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe = "Sat, 25 Jan 2025 10:29:46 GMT" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 461436.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| File opened for modification | \??\c:\$Extend\$Quota:$Q:$INDEX_ALLOCATION | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\UZI.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\btlqmfks.lr4.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\btlqmfks.lr4.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UZI.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/z30Ajx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffd8b946f8,0x7fffd8b94708,0x7fffd8b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c55e5460,0x7ff7c55e5470,0x7ff7c55e5480
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 /prefetch:8
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,5353915284136522297,5752799750560663401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
C:\Users\Admin\Downloads\UZI.exe
"C:\Users\Admin\Downloads\UZI.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Users\Admin\AppData\Local\Temp\btlqmfks.lr4.exe
"C:\Users\Admin\AppData\Local\Temp\btlqmfks.lr4.exe"
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI.exe" /tr "'C:\Users\Admin\Downloads\UZI.exe'" /sc onlogon /rl HIGHEST
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI.exe" /tr "'C:\Users\Admin\Downloads\UZI.exe'" /sc onlogon /rl HIGHEST
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\smartscreen.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1520 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36e1f8ac-bbc2-42b7-a9a7-4935cc911a71} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d99bf7f-3850-4187-ace2-b467e321b2c4} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3144 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0d1b4aa-b5a1-4896-9824-8d872efed256} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 2692 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483ef59b-8401-46ed-9de0-6c9f1b76aeaa} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4624 -prefMapHandle 4608 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7987105-ddb5-4319-8c52-8b67bad30f09} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5328 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a7ace93-bb5e-4f9a-9543-e85da5003a6a} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5284 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea2a7bfd-ef33-4782-8121-438fecfb954e} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5696 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db406c4b-2f76-480a-a5b7-db2489bc6c97} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6288 -childID 6 -isForBrowser -prefsHandle 5744 -prefMapHandle 5320 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b81f0b1a-ea2b-40fc-bdc1-25c860ad5e4b} 6904 "\\.\pipe\gecko-crash-server-pipe.6904" tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffc9bfcc40,0x7fffc9bfcc4c,0x7fffc9bfcc58
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2200 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4876 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5064 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5632,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4568,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6040,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6132,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3412 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5012,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1152 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5856,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3668,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5644,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5380 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFDNzg3MTktMTRBRi00MUNFLUFBNUYtNTIxRUMzQTRCM0FCfSIgdXNlcmlkPSJ7M0QwOTA3NkQtRDlENS00QTQzLUI4RDktMTg3QjQyQTk0RTIwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRUNFM0EyMC0yOTU0LTQ0OEQtQUEzMS00NzYzOUZFOTEwNUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU1Mjk0MTkwMiIgaW5zdGFsbF90aW1lX21zPSI2MDciLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5AC78719-14AF-41CE-AA5F-521EC3A4B3AB}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFDNzg3MTktMTRBRi00MUNFLUFBNUYtNTIxRUMzQTRCM0FCfSIgdXNlcmlkPSJ7M0QwOTA3NkQtRDlENS00QTQzLUI4RDktMTg3QjQyQTk0RTIwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNDkzMTNDMy02MEZBLTQyMDQtOTZBQS02REUzRUZGRDIxNDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTU5MDIxODMyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E28F04A-58F5-4B6C-85C2-362736B9DD27}\MicrosoftEdge_X64_132.0.2957.127.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E28F04A-58F5-4B6C-85C2-362736B9DD27}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E28F04A-58F5-4B6C-85C2-362736B9DD27}\EDGEMITMP_7E686.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E28F04A-58F5-4B6C-85C2-362736B9DD27}\EDGEMITMP_7E686.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E28F04A-58F5-4B6C-85C2-362736B9DD27}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5324" "788" "568" "784" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFDNzg3MTktMTRBRi00MUNFLUFBNUYtNTIxRUMzQTRCM0FCfSIgdXNlcmlkPSJ7M0QwOTA3NkQtRDlENS00QTQzLUI4RDktMTg3QjQyQTk0RTIwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOTY4ODlGRi1BNjg2LTQzMjAtQjY4OS05NjY2ODRERkI1MEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMi4wLjI5NTcuMTI3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTc2NjExODQ3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU3NjY1MTg1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NjIxMDE5OTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzJiMTE4YTMxLWNjYmUtNGQ1Zi1iYTQyLTM3M2FjMzMzNjFhYj9QMT0xNzM4NDA2MTc5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWd0OFJKZVJrUUp4NngxM0NRdFdTb0Y5R2NGZGFaaU5ZNmhabjVIUUxUcWhudmFxUlBvTFJSZGp4Tk03dEZKcDJGcXNWV082WXFINWhTSEgzWHBLV0tBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc3MDc4MzUyIiB0b3RhbD0iMTc3MDc4MzUyIiBkb3dubG9hZF90aW1lX21zPSIyMTQyMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NjIyMzE3MDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODc4NDcyMDA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjYiIGVycm9yY29kZT0iMTI0IiBleHRyYWNvZGUxPSIxMzQxMTI4NzA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2MDE2MTY2OCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUyMyIgZG93bmxvYWRfdGltZV9tcz0iMjg1NTEiIGRvd25sb2FkZWQ9IjE3NzA3ODM1MiIgdG90YWw9IjE3NzA3ODM1MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTgxNjQiLz48L2FwcD48L3JlcXVlc3Q-
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3004" "976" "888" "972" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4648" "792" "776" "624" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 6784
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5568,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3356,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5488,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4792,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5508,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3244,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5268,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5688,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5332 /prefetch:8
C:\Users\Admin\Downloads\UZI (1).exe
"C:\Users\Admin\Downloads\UZI (1).exe"
C:\Users\Admin\AppData\Local\Temp\xizunna3.a0h.exe
"C:\Users\Admin\AppData\Local\Temp\xizunna3.a0h.exe"
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (1).exe" /tr "'C:\Users\Admin\Downloads\UZI (1).exe'" /sc onlogon /rl HIGHEST
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (1).exe" /tr "'C:\Users\Admin\Downloads\UZI (1).exe'" /sc onlogon /rl HIGHEST
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5408,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4516,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5664,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5092,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6308 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5312,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6480 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,9323287677090576318,11008838657442126646,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Users\Admin\Downloads\UZI (2).exe
"C:\Users\Admin\Downloads\UZI (2).exe"
C:\Users\Admin\AppData\Local\Temp\z0csbtyy.1dq.exe
"C:\Users\Admin\AppData\Local\Temp\z0csbtyy.1dq.exe"
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (2).exe" /tr "'C:\Users\Admin\Downloads\UZI (2).exe'" /sc onlogon /rl HIGHEST
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (2).exe" /tr "'C:\Users\Admin\Downloads\UZI (2).exe'" /sc onlogon /rl HIGHEST
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.91.7.6:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.7.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.158.40.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cold4.gofile.io | udp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| US | 8.8.8.8:53 | 247.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | 126.218.88.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.69.228:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.67.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 151.101.67.19:443 | www-mozilla.fastly-edge.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 19.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.129.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.179.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.179.238:443 | redirector.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.55.23.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| N/A | 127.0.0.1:56208 | tcp | |
| N/A | 127.0.0.1:56222 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 142.250.187.238:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| GB | 18.172.153.2:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 2.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.90.84.52.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| GB | 18.244.140.128:443 | arkoselabs.roblox.com | tcp |
| GB | 18.244.140.128:443 | arkoselabs.roblox.com | udp |
| US | 8.8.8.8:53 | 128.140.244.18.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| BE | 2.17.107.217:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 209.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | sc0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad2-128-116-56-3.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 108.156.46.119:443 | sc0aws.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 88.221.134.75:443 | sc0ak.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.56.3:443 | iad2-128-116-56-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.56.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| GB | 2.18.190.167:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 167.190.18.2.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg2-128-116-13-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 151.101.193.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| FR | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 194.193.101.151.in-addr.arpa | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.13.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 13.224.245.123:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 123.245.224.13.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| N/A | 127.0.0.1:58637 | tcp | |
| N/A | 127.0.0.1:58647 | tcp | |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:58662 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 74.242.165.18.in-addr.arpa | udp |
| FR | 2.22.255.156:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 156.255.22.2.in-addr.arpa | udp |
| FR | 2.22.255.156:443 | setup.rbxcdn.com | tcp |
| FR | 2.22.255.156:443 | setup.rbxcdn.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 4.245.161.190:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 190.161.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| IT | 91.81.130.134:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| FR | 51.91.7.6:443 | api.gofile.io | tcp |
| FR | 51.91.7.6:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.69.228:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 159.9.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rentry.co | udp |
| US | 104.26.3.16:443 | rentry.co | tcp |
| US | 8.8.8.8:53 | 16.3.26.104.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 36.164.155.4.in-addr.arpa | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 92.122.218.209:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.218.122.92.in-addr.arpa | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
| FR | 91.134.9.159:443 | i.ibb.co | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5408de1548eb3231accfb9f086f2b9db |
| SHA1 | f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a |
| SHA256 | 3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670 |
| SHA512 | 783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8 |
\??\pipe\LOCAL\crashpad_3048_YAFUXMRTUPDGUABM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 254fc2a9d1a15f391d493bff79f66f08 |
| SHA1 | 6165d5a9de512bb33a82d99d141a2562aa1aabfb |
| SHA256 | 2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0 |
| SHA512 | 484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ad283bc-7e0d-4c41-b0ef-ef3af9bab058.tmp
| MD5 | 16e1fe7cca6a832e0616dd37584c5a91 |
| SHA1 | ffc2d81d3691fcebab352496fd05c78b6232d752 |
| SHA256 | d13e23840e00a1b9be6dde911d0819ebef6e9cfd3c8e18798d463a5ecfd34d9e |
| SHA512 | 0335891f48a387331f1e36840133d2d1d1439c1141af4e38e839cdb19b4566994144ade6c4761f5d18b506c3f4fc7dd378702179342a8189525e548fca444a8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 48febe0b0625901956573dfb2378e7ed |
| SHA1 | c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24 |
| SHA256 | f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0 |
| SHA512 | fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d897e6c4fe996b2f9905811a47c102ec |
| SHA1 | 67fd0945d174eba29efb3d7e01de6737f44c6088 |
| SHA256 | 38abcc1e9259b9582d6e9945ff4b9e8212126c62fe85fab9c7031c394c268457 |
| SHA512 | 0de6f1e9c83c9d6ad04b518f2de842c69e70c48fa7a164f6f905c88d8770d0fc1633e1e2aa25b8cfaba80260ab1359cb681bfd8f59f97c566a3462ec0987f1bd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 7a6e3a869e1d8d64f48042a07d765e7f |
| SHA1 | 96aeb6934ce447b71140ff23691fd39c8d33e53a |
| SHA256 | ac303119b30f203460369a60454f532c1c8df0b99ae5953987a97975edecd3eb |
| SHA512 | f6de98dcd6deee396ffc838ff1120314a97301ae0007749c3721318d94e6793ed16dc0a6fd09473cc61d150d79d76a69c762e2fa43edabc72913b9e75dbec414 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b3dd3388e411e91577d93789361361a |
| SHA1 | 51757af949b1e2ddf294b1408de2bfad2e0fe656 |
| SHA256 | d8946c5e1b37072941818a8736bf2b2f1b1fd03b567f82004f38aaf77fa938d0 |
| SHA512 | 1a7c823f142f7df9d87b3003405407ff9007682a14c96193289d40adf3fef93c4b7e2328e8f570c3047352ad48dded9f2ccde58d9e82b6136af133763384227a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33cb3be87d4b7dc9ebca587b23dc5497 |
| SHA1 | 21e86e6ff6d126d4db78f5340427692e0f2a1a03 |
| SHA256 | 5fab844da54ecb5e89362e88ea82440ec282f2134b9f5320bb7ad854b2f62c24 |
| SHA512 | f8aa1557c369ccdd8f4c4b98c88acbad074fa8782fcae9645bd55bdc0806b158573b6466b09ae22d9a6633d9e1d7c8d3ae019cb1864d20018112d59cc98cb18e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | bc3a0ca62cfef580ff9ebbb7afc92b9b |
| SHA1 | fde9832ce521fcd53850d0701a543ef75b772e3b |
| SHA256 | b0203fb7c3812937e92ac04ad6065a2129bc165a36a60a4d2fdb0accc4499464 |
| SHA512 | fc1f3a5bd2106d9b6ed5a678c2f4978550a0d7414172b0ce6954a835b0da01ac28c177955a48c2ef56ea3d517a6672474a9cab873aeccae3f22a45ccf2d070de |
C:\Users\Admin\Downloads\Unconfirmed 461436.crdownload
| MD5 | 53438f13efec4841b7182bdcebc4410b |
| SHA1 | 9483c1614dbf6e133c92a1d355a017eff4eeed2b |
| SHA256 | 6e5aa4eae614ca049a1b2c8b803e6610b2b176a8e009ddad8df221c5899bb0ac |
| SHA512 | 363eb26746cc536a351f176d17205305ac84c18f151d608eb3f6543bed9db9e6d6104b90babde74d780873ef092bb2628493b5486f4521d0f9e8d26b5b33de8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 14df4b67c4d0ff408eec380b7326dda0 |
| SHA1 | 041d48c873b2f34e3ae24e7f53f8af211f68842f |
| SHA256 | 9d87130f4b2315cb1fbb2e8fbf8b497ac61a9275364b5c3b8a191a67840383db |
| SHA512 | bfc6575e6770c43766e282cdc68ca9cd4431c71132d96a5b202e8a89181fd94dfcdb462cfe58e3ec485bfec6153f71c73cf9f36db3143485ed4a5b6ca2c4ea1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d4d9b267ef1dc65f6c18591fc87d788 |
| SHA1 | 2fae90fef93232ba3e623c49afe2400e5e2d93bf |
| SHA256 | da60a6bb5a2bde18936b73167aad783707b9a5fb2da6d24d9953f011ede89709 |
| SHA512 | f4b7923487495f6dfb666acd0b52ed1dd947a5804191fa72ab3866f13caf8564dbc4fae90c2028d0fb5d4c6b43065d161334dc568ffffed26a11590fc1d883c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8628a91ab6d7f47e146f92dff262992b |
| SHA1 | 97703221f9be0c9f74e4ef7d769528bf5fc3df07 |
| SHA256 | 8287426b0657403249c072a3fb7294f09600165c332a62e135ee67ee9de04af2 |
| SHA512 | c39558920e507dcba114bb3cee80e8f61e0462f321af3475fbc5383d4f140b1c77ddf0f948f06fee58ade3b895d7f87e8b45c51f989a892e05366a409c912bb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 219c9cf630ef7bd541713d3d61c0eae7 |
| SHA1 | a9b9d51bdd8c5650424616eadea53a8d0019341b |
| SHA256 | d2bd3715a74b5260586bbd83afce28a6c6a8192dbc0715d2b20923f115569b67 |
| SHA512 | 414b22fa00dacd293fcb1025bae42ab5e8eea797831eb7d2cf41c23afb5c89d1b8249bf321debeca75274864c4dee2c7a850f0f23aeb2871fd75b738d2d6ed7c |
memory/5656-256-0x0000020F0C540000-0x0000020F0C65A000-memory.dmp
memory/5656-257-0x0000020F0E2E0000-0x0000020F0E30C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\btlqmfks.lr4.exe
| MD5 | 94f1ab3a068f83b32639579ec9c5d025 |
| SHA1 | 38f3d5bc5de46feb8de093d11329766b8e2054ae |
| SHA256 | 879cc20b41635709bb304e315aaa5ca4708b480a1bfc2f4935fcf2215188efb0 |
| SHA512 | 44d5236a804d63302b21ca25ebc148a64605508d03c990a244c44ceb8630849da0510b7b2d0bee72e01ca6681e2d86d7e6aee8847674a26f0028d149b9abee0c |
memory/5824-270-0x00007FFFE6020000-0x00007FFFE60DD000-memory.dmp
memory/5824-269-0x00007FFFE7990000-0x00007FFFE7B88000-memory.dmp
memory/612-274-0x000001C734D60000-0x000001C734D8B000-memory.dmp
memory/1040-288-0x00007FFFA7A10000-0x00007FFFA7A20000-memory.dmp
memory/1040-287-0x0000012802150000-0x000001280217B000-memory.dmp
memory/672-279-0x00007FFFA7A10000-0x00007FFFA7A20000-memory.dmp
memory/672-277-0x0000028B12CF0000-0x0000028B12D1B000-memory.dmp
memory/612-275-0x00007FFFA7A10000-0x00007FFFA7A20000-memory.dmp
memory/672-272-0x0000028B12CC0000-0x0000028B12CE5000-memory.dmp
memory/5656-582-0x0000020F26E90000-0x0000020F26F78000-memory.dmp
memory/5656-584-0x0000020F26F80000-0x0000020F26FDC000-memory.dmp
memory/5656-585-0x0000020F26D70000-0x0000020F26D7E000-memory.dmp
memory/5656-587-0x0000020F26FF0000-0x0000020F27002000-memory.dmp
memory/5656-588-0x0000020F27000000-0x0000020F27018000-memory.dmp
memory/5656-589-0x0000020F27030000-0x0000020F27040000-memory.dmp
memory/5656-606-0x0000020F27090000-0x0000020F270A2000-memory.dmp
memory/5656-607-0x0000020F27330000-0x0000020F2736C000-memory.dmp
memory/5656-608-0x0000020F27480000-0x0000020F2758A000-memory.dmp
memory/5656-609-0x0000020F28FE0000-0x0000020F291A2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | b41e97f695278421232ad861145b8b98 |
| SHA1 | 2417faf1264154da09aabac7d9320e08203a3093 |
| SHA256 | 036591d048a565fc16d846776f51e7efbb571d9e0c4402332ecad98d1ef407be |
| SHA512 | 234f3b130346cb5102d10232028f2e6607fda0571876496069a57bc8d723dc0b041476a981525bc3028c5b29151233fe8447bb7bec1f9e4835608895c9add9c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7EF516642261549A23D49DB36FFE5F3F_7D86555341FF572186BA7D61FFE316F2
| MD5 | f8a831e9e54aa51d5becbc31b4358648 |
| SHA1 | b47f0f674650f73103978debfcb14f3e05c82e88 |
| SHA256 | 2e88aa154bec4e6e04b97145484846ff98cdf8ec51e0bd8fd8b99e6c166e9a43 |
| SHA512 | a3a7a2f24aced7e228d1353ec080a2c56b26050f4b3f28b0b3da868b2553aefb6c74b9f37436087f398c73a1f950d96b0eb2b03faaf5013cb90f25abd97d9a9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 9b1c66627c93ca8a05a44ccd69118fc7 |
| SHA1 | 1b7149e711a3975f8c32928e4ea0f96bd44599c3 |
| SHA256 | 2ceadaa3f9f8e6e27ae4abcef70aa9e157ff8848b352631102f730fc55a4d210 |
| SHA512 | 523b8bfe311b39f37ba8b7d4f09256615ee783b766478c955a84bcb7fb13b524cc7b80e2cb0f61a3b53f50678ae889c3ff6067e200a784ce7019b27990704720 |
memory/5656-634-0x0000020F28F10000-0x0000020F28F54000-memory.dmp
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\SharpDX.dll
| MD5 | ffb4b61cc11bec6d48226027c2c26704 |
| SHA1 | fa8b9e344accbdc4dffa9b5d821d23f0716da29e |
| SHA256 | 061542ff3fb36039b7bbffdf3e07b66176b264c1dfd834a14b09c08620717303 |
| SHA512 | 48aa6130bf1f5bd6de19256bbdf754c0158b43dd122cec47bb801a7a7b56f2da268bfdec24d135621764a23278ead3dcc35911a057e2dfa55a348bae8ef7b8a9 |
memory/5656-642-0x0000020F28F60000-0x0000020F28FAA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\SharpDX.Direct3D11.dll
| MD5 | 98eb5ba5871acdeaebf3a3b0f64be449 |
| SHA1 | c965284f60ef789b00b10b3df60ee682b4497de3 |
| SHA256 | d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c |
| SHA512 | a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2 |
memory/5656-650-0x0000020F291B0000-0x0000020F2920A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\SharpDX.Direct3D9.dll
| MD5 | 934da0e49208d0881c44fe19d5033840 |
| SHA1 | a19c5a822e82e41752a08d3bd9110db19a8a5016 |
| SHA256 | 02da4af8cd4a8de19d816000caaae885e676b9e52f136ff071a279c2b8ad34c7 |
| SHA512 | de62f629c2299b50af62893244a28895d63b78138c8632449984306f45de16bd01076eadbb0d75a700215e970c1df731e202ea640236c0f0da6ed15146193b59 |
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\SharpDX.DXGI.dll
| MD5 | 2b44c70c49b70d797fbb748158b5d9bb |
| SHA1 | 93e00e6527e461c45c7868d14cf05c007e478081 |
| SHA256 | 3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf |
| SHA512 | faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0 |
memory/5656-658-0x0000020F27420000-0x0000020F27446000-memory.dmp
memory/5656-666-0x0000020F29370000-0x0000020F294C4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\TurboJpegWrapper.dll
| MD5 | ac6acc235ebef6374bed71b37e322874 |
| SHA1 | a267baad59cd7352167636836bad4b971fcd6b6b |
| SHA256 | 047b042cebf4c851f0d14f85f16ce952f03e48c20362d4ed9390875d4900fe96 |
| SHA512 | 72ac8b8c8f27264cc261297c325d14a0be2084d007c6132ab8402d87f912fe9189cb074db11625d9f86d29a6188f22a89e58ae45c9131fac4522473567017081 |
C:\Users\Admin\AppData\Roaming\Orcus\lib_7c04bcf8b3a04c3c8433437cb1b3ce73\x64\turbojpeg.dll
| MD5 | b36cc7f7c7148a783fbed3493bc27954 |
| SHA1 | 44b39651949a00cf2a5cbba74c3210b980ae81b4 |
| SHA256 | c1ce9a872d33fb8757c59b5cd1f26c93b9eeec3e3cf57162c29a0783e6222a38 |
| SHA512 | c987c689ecc2cc57350c74ee22b66cb543535bc17b790016ec6407c3d02c539a727f5c38e1451a201e8e7ccfcb4d4639780b6e68cd38b7e67b1b28034ad738a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35feb1845367a7c553031e5ac4a9760d |
| SHA1 | e657c7ed9b34255adb51e19ad767cc0f64beb0b1 |
| SHA256 | f42e9c6744730c456d81e7ea51a67f2b7e79001cefb937161355a9516b465785 |
| SHA512 | eeede70c37c170730d8d5431c0f2dc9590df7f207fb248314bf71fa09a137c3dd54e27bdb10530ba420fad38d4fe05031960f640546ff3f1862c841f71fed304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588df3.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73d2eb644dd8a953f2bac4caab7ae3c3 |
| SHA1 | 196a9e954786fd28f86630bee85f2834af9421fd |
| SHA256 | 01cfc3ce5542f9130d284dab7e98c65876a704bec013192d3fc4554c046c1f32 |
| SHA512 | fa77177b9db421f7e6f8f7849ae6765cba524c43ed1133293c41319358686070eb5485c597be297c23239477ad91212f77dc544ef489c7dc37c1c7d6053e2a7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d9f95f39962edb4e147f9b34241b1e97 |
| SHA1 | 56d51825b98b4b7ad18973ea6070c973b98ee2d0 |
| SHA256 | def3db937dd9774116564efba4eb19385741c1881d1eea2fadd3f2fe3dee41f1 |
| SHA512 | 22660679a2ede94aea66eecb4f029f83432aac626e465ec38557da43469566ac8ac336d125a8266e217e79d6ab3308520a907868a4dbde441351c65c4f9ffc2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 4ebe8c5f1b70905cfb5cbe044bf80963 |
| SHA1 | 660bb51184fec3de825f5ddc633fd6c9a489bd47 |
| SHA256 | 27466866ed53e113c8e2dd394a637ac2e683829e3c131f611ee5468531875494 |
| SHA512 | d50cb0dfd58f1ac2591979686d220e9ce347794765aec2c80797bce84bd3d5732c2729a37c838478ec7cb3b30f57941886bf434cf433254ddee075f385c1267b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | f0fa94c8560aba5a0b4feed1f2ef5dfb |
| SHA1 | c3b48d774c09a23432c3aa8dbdabe7c73877356a |
| SHA256 | 49c203af237352d6d11f3ed82f637f669ce468a674cc07975ce3db6d3116b007 |
| SHA512 | 714b7805cb02e4cfcd3a5b9f1dfbf39fb155ec44cba94fe916b22c36b49027a5c90b8e285f0ef396fd22fd6d83e41e52c545ff4a185deb593d9b8531f873d330 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\4f6e2710-69ba-4309-b6db-793ba56330ce
| MD5 | 839899912de7ac797ac56460245433c3 |
| SHA1 | ff54becfab231649597f527a5ef1ee7153787468 |
| SHA256 | 009f6199ab59c095de692f32429bdd822c7a43dbad1dd4d6e21dc39df0899eb0 |
| SHA512 | ed051e14798caea85da3d0613babb8c37c2b2affd2a981c56f280bfe130c3e1802ccf4a62e46023193d03a3a6539dc93156bb81e1d9a8b97096660e587bcb1ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\2308b564-1ad5-4188-ab33-835a970bab5a
| MD5 | b5795aed8ac9b9a28ed55219f9e84fb3 |
| SHA1 | c97c807ed5f1e094f077b0363a2fa6f9d3c7b772 |
| SHA256 | 0d462df6f3a0ec146c868a1abeeae1eabeff59ea03ddde85ba03f28625369618 |
| SHA512 | 07ff67a790323fa67be7355f18c6872e26f02bfa5bbef83538184a2882d740f2643ce806a1f79a1094c75e131ea308ae5285ae27e63fd906fde155cae3a4681d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\b5806b4e-d680-4bef-93ad-5bb41aa980ce
| MD5 | f248e78df609175d4a8247ccbe242654 |
| SHA1 | 31e8aff56d84e0a0591d34eeb5c946903e87f36d |
| SHA256 | 5472a1ff8776bea26da0b0459bf5dcc20e80effdbacf99226c4e18a654a841ad |
| SHA512 | 821d5315d05e038b1cc77846d963f0c515377c04b58d46648e881198371c54714ea92fd7e922bbc21756b6f7d00667644b1e333b984671735221439d5bd85d1c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7041009c6b89b1184df90c8a66221422 |
| SHA1 | 8616f2b57f2f3226d3432ee9e83c4657a9922c84 |
| SHA256 | 2e2a79979d5e61a0fc14edb9a7da40b7b7c72b4a8e09a9b72c99c5a491157022 |
| SHA512 | fa1ae6ef280f1925b9348dc276b78422637dc34dd89097a9877fd3430f4e6795dd76e91102794d5a0cf966af16d4e1b5537fcfad81f6093e8effecb934955a2b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json
| MD5 | 36e9985556934980ebd3e63fc4059397 |
| SHA1 | 309e62ceb53de78c381008cf710c665634d99903 |
| SHA256 | e395d8f5d3b2adebc3e7a8f29eb70ed18e85654c032f420f104b2d97dcfa9996 |
| SHA512 | 13e00f2b28dc52321fdb1c28a96080037012c1c966797dc05b1cfa626f1bb1be5cba94649342754d709675f68fa672b9780b1631400f181e23de47c61cb6096c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js
| MD5 | 381967411076a75a3a123b9139587ec2 |
| SHA1 | a7ec0c09c2384d1f85c0bc2c7fb68937980b2bf1 |
| SHA256 | cc410cbf82011e708d0fb8fab570f42d8c6537708e9b8a335055eff56d7d9942 |
| SHA512 | b497447dee7b48c6abb2de34c6f7fefff1b33839b3b9ea53396e063c621869e6b11c3a1ea7e11b24245950c32ff1e8d21162530bf10117a14fce36a887b0e690 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
| MD5 | 638fe9ba60bf07a1088dbe1b55953685 |
| SHA1 | 9829909dd7ec24f67ffbfd9a951dd63ef93133c8 |
| SHA256 | c5cc9d3bebdccdcf0c0c6dc1219d5fab04618c4b4918bb36f3c5e8571467334c |
| SHA512 | 7ca4e1cf2223921833432f993176a40d3c7ea91da094784ee10cac163d9c400c6b145b0f0fad88c79d6d79a1f22fd23a2b638a8e83d075bb2794c90354d05585 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 673cacd1ddbe36c8333994ecb4669b1a |
| SHA1 | 5ac2d54e2d3ca316ef55cf919eb9f4f8b0775e05 |
| SHA256 | ac0611567b1604e97744fd4e41565dc89800b22d2dd540252e99307ac0afc336 |
| SHA512 | cf834e402735bc2727e1142c7f498656e15060f10d85c30aa8d345cdae06584d054f84859e749ae1b03d380e2aeca2c961726c32e05173ea4cab8f7c81bfc636 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a19a7785cd357ace4850d6bd8ec14bc9 |
| SHA1 | 808c3a292162276aecc86f695115a2e95898ac48 |
| SHA256 | 41e115894e7af44bdcb02dde61f6f9cd620939a877445647ffb0ef784d9308eb |
| SHA512 | d225a0dce2058b42b74c2f1fceff5cba0cad8b422f006ad341d613589bacc63a6a40d8ed35ba70bf075f4e596abd4e97993345fc4d3c7c557de3c2f6ff44fbf5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js
| MD5 | bdbc808684fb60f9da9f784751ed9e60 |
| SHA1 | 2d4c8c05eb96a22bcd2af1b54348b42c90a4c612 |
| SHA256 | 216cd336c73f4a72d58c87bb4be0828e7747c8863492ddce4a21fa9a0cc6f3a6 |
| SHA512 | c19cb4113fa5bc5f7d8e5770de3d9655754aa592c5b1e1c19bce24d274e41b3e41c0ae5a4cc134215cbd6a560223cf32eecce1d85867985ffb59bc8113e66ee6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
| MD5 | f1575f59a91bc47077ae8af6d2f77b63 |
| SHA1 | 6ccfac7c6b73dd44906d62f0f9700db01bdaaeb1 |
| SHA256 | 6d7fa19e07a034ec627a295c3f5262de5f599750198b4e16b4c2c023721b2cdc |
| SHA512 | 6e6d86a6589433694fc2b045932e0a0fa04db6b5bb5f663d11004a8abaab296e566982b142669b8b75977b50047685b96f18f1592a6ebc5c76e692cd7cbe2080 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e58f1f3c46a629ebdc6c4cea73aac855 |
| SHA1 | 93e4219809f79bc7fce4fe14f59ffc0f031241fc |
| SHA256 | f66b2b772d71d129853d2f0c705981f945a2aebd7863a3a3663536537e67e687 |
| SHA512 | 650baedb9cbc318a38b7378cc864eab878176250bf828f98e1ec20866bca3f239279e8aa5250743a4f8fa28a7e2890a881adb2ea1d9ea73ac2d11685af480359 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7cdff6b5a61f6afa2bdb9a30b400824c |
| SHA1 | 4de5ca615af47c2dde54d70ecc48306555f93251 |
| SHA256 | 0c4540f7fe7e0fac5a757ece25a0d6f22d1e4f10d330e82d8fd09fc7571cb51c |
| SHA512 | 2ab000bf0944a05c8a47cd1806a7686ca1ede319af3ef2c79227c9a629b13b916739391f9a4d41f8b5fedff395f8247b3ecbd888af91af0c6135fd4e2542bf06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
| MD5 | 809000e8fba0030335d5d9bb0837fa5f |
| SHA1 | db01d7fbe4303116bcaa70240ddef2a68566798b |
| SHA256 | 379603c0fdb14c30b59d296b9bd26a6d6d21d2c9a66d6b3e8a06c3f039e82b25 |
| SHA512 | aa2af5194579c104cb3bb2193279799e479db993f1d89d02e371aa72729d0dcaaf38bee0d2c9b492cb3885b3d3d30a4fddfe74a4f4a715087287717d12371eb3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0edba6be526ad74ddd5fa57b8e8e94b9 |
| SHA1 | 61d7984a5b55b4c31991b9ecac8bccd5d95c626d |
| SHA256 | 46d2fe6b648aa26732e0e3a3aee9a78ac79f46b3695c3441d0e7ee6e9768e2f6 |
| SHA512 | 8807dfb4330daa3634f5222d9f5319d8149384c12c57916bd87482ab2c23f211c740c4159ab88611daa9770fa26bdea02a01cdd7f8fa6f0b91ff545a11f6e5c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8738c5ef30fc25b67918c546b58d38b5 |
| SHA1 | cda77a39d123812993421b4a98f37d58a2fcf170 |
| SHA256 | ec2504cc46954d04485b11b9f84181b0d261b22818af2c191d369ffc5edaf428 |
| SHA512 | a280cc024dae7251cf8effd85d55779c20636f58e408393f9bd15f08c70e3b6299a1877ba07bd51b147076e10c0c262f5a9552f905d1201873e6eac751f724f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 4712056f8bd896e660ad002412141970 |
| SHA1 | 5e812633048f7069cb3b808f33f7b6eecb3f37c6 |
| SHA256 | b728a6367ebec15d3d4821d49546867cc8d58f12275e995c506ec97809b100c2 |
| SHA512 | 8b0f70c2d7f8fcc7dc3c022321af8a0b8c2408299d8735781a28d500d2f7e364748ad17bd474b3200500da91f850f1061a56a79630d53a676f7d7696666c872b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f8a830c7a8320e48bb9063cbd665fb35 |
| SHA1 | 6e7e73e4fcd10e7ed58bfbcebd1e57d5ba652c80 |
| SHA256 | 6fbacc0a8868930ebe6e4b64929afbc0f226ae0f99b6b5e687cc6cf0d036526e |
| SHA512 | 19e9118c07d247ca9fa45268d145a460276b11f837a1c19ccd547a0cacac65657e84e52343e3225198f03141eb2b146720f8da76f0d49d522ea4894e536898b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 10d63c8029ad0f5f20891f83cfdfecfa |
| SHA1 | 52d7f61c77cf7415055cf3c2bc77dc0ca42bbc77 |
| SHA256 | 1290aacf1588580eb110e2152839a85b536f9bd97ebe780a6c6b0e8f2f466d11 |
| SHA512 | fc15dbec94f46ed330cb83bc361c35dcf9cf93c583e400594582ba3c28391d468830e07a1b921a18598478d363417d8187ddbfabb018f97bcf94073559b64958 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e220b7e3-8431-4f9a-b1aa-7a9700605443
| MD5 | 5cca9d542f3bb494716b95f873b6192a |
| SHA1 | 625a4f937bbb2fc10f68396232b7136c0730691c |
| SHA256 | a8e7d5339d59d2786ea82dfab326e2c8dde26390956e1aac3ef905fcc77bdf13 |
| SHA512 | 0d4e61254ff47ed3fc28578a3ed4859a39d0ba1a7f5020a0ed6c5f3e222eb02238e209ffbcd22d56e32125a4a4c2cb0181a2b2425aacd9aa94a9853b99e4707c |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 82c337297f44318e885d3d7d63e38ecb |
| SHA1 | 904d0eb97c8cc27168dc1ba4f2422877943408a5 |
| SHA256 | b0fefc357889c8d6eafb384d87b4fb451194f7acbc18128a1992dbd0e7d6f97f |
| SHA512 | 8577b3805dc021b66fbb0a210941e17d19b6154303261b6591f8fcc18b23e65fb82c3711cd74bef1e07037477b46f6f0028d21f9ac2bbe7e9be9c1e7e75b3c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | ef8f992e0c4abecddaadae8897fd49e9 |
| SHA1 | c3387b4b50d104bc1ea0a4e70cc662cdd101b403 |
| SHA256 | 9ceb044e185d5bb35bcc7a1a11f4a4658bf98b35b92562162c1e10895ccd0770 |
| SHA512 | 2cabff92128df3b23b271d092a8e824daf6c48f1557f1bc13c3c72a9806f22b8a89a3a383f7f82e5f2aa0d866361d3d453091cb24f03af358f5d005cc18a0e65 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | 3805773556ec55d177e3e1b49ec003c6 |
| SHA1 | 3fca225a5d8e8c7ef981b5c471deefabc041a112 |
| SHA256 | a1f2e423dbb2d9fb68140d0d01dd53e9767c25956efff27f6b910a4622eaddb3 |
| SHA512 | b601895a459470c21d1e658e95447b2638830e40d6cfe899b833083720695a4a2422772e3b59ef04062bd1d4884e5dd21eab252486ca5071097ee3e3294459cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | e90f57504d0d431aea2dc655bd62c200 |
| SHA1 | 512640e93593dbfa4e9e27d1f672ad316d1020a0 |
| SHA256 | b7f394501ab0ef779891db8f2c735b2cdd0ea9af3e414033e7531841daa40788 |
| SHA512 | 3fad0b3c120bcca0f0fc13abdcfe725735e676f9da273e58f2c547689e9cf039344a8195066b25df39799ee522e3d2e8528242855e0e3406366c71f6e1a702db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 7b49e7ed72d5c3ab75ea4aa12182314a |
| SHA1 | 1338fc8f099438e5465615ace45c245450f98c84 |
| SHA256 | 747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6 |
| SHA512 | 6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 4a686349993965721f090d158a10a6c4 |
| SHA1 | fb0f61ba49cfd7e213111690b7753baf3fcce583 |
| SHA256 | 65451d12c37acf751e9f4732e9f9f217149b41eebad5b9028eac8bd8d2d46d8f |
| SHA512 | 0dc571487fd798b62678378c2dd514fb439f6c131637d244c8c3dd48d5e84267d21fe633c5b20578e621d5e8fe2958c5e58bc18ebe2d4731b18669fec4031489 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28bb011e70cd21f428f5e63ce840a4de |
| SHA1 | 2d15a39cacd8f5d7575ed4aecab7d433ffb76b46 |
| SHA256 | b8ad581db5610f92f3875e81ddd791ba66973d2aca923072495a248975e8726f |
| SHA512 | aac81570168f2761bc93e5a6628b7c99e156df1ecdddee9272f721ea15a2fe54746406629b5ea00331aa9e0d8c9bb0a3bc2db9e618bdf8e3e1b39f0236ad3bdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e44490f5cf3b61eb211c814ceb20c94 |
| SHA1 | d1030f0d8e7974d87cf71fa59502e2f42452ab33 |
| SHA256 | 79a301ef97f8c40030d8e6ed250568d9013171d8265c1851087ee6bb8d2176ff |
| SHA512 | a2fe75ad6b97dbd1beaa746cef7c61a1f51a0fd5cc5bc19b253f2dd7e1f1bfdfd3464d4527f37c8e13a19aad92283651d569d73e9326f885391de9645438c995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ee608ad4-4b9b-483b-b157-8ad239427ae1.tmp
| MD5 | 6ff2aa66a3e1c6cd54a4ded64cd17a38 |
| SHA1 | c452492e4546e463cb1c3d26de51a30db876b3e0 |
| SHA256 | 00c501a00e3913be2ec560fb73e062c36332e43fffef4d61ae66605fd65db257 |
| SHA512 | 557bff5b647d24cbf3a9d09a07e6f1f0074372e99102ddd34facbaa1f26739be86ab1ef7951fb42e9ae4f61701c268d2b9fc18dcfdc15f58477ade9e22509756 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5fdb80e6c335a4d86414e8a266e5376c |
| SHA1 | 3a030b4a41b72b657a6a5ef850a526fea6a1ba47 |
| SHA256 | 497b700e4d96e75729138eedfd81170509b0c2bc3fc8d7ed8c024b8b8e4b65bf |
| SHA512 | a544f10dabea9394ca2c414e58910257d65839438366d1d32e7951761ef9ca5066ca6786acd28e1953dc57bb3c941642a517d52c5bbe14c219e208f8c46274d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\01582035c170b32c_0
| MD5 | 0a5fba7281d496473c9e080a822dba92 |
| SHA1 | ff9ce74c8ff216d5dcdb84ad7174b56bbe54f553 |
| SHA256 | f0ee0e93fe238d3e8a32bd1ee8c8e37a014d38ee132174cc71865bfc9b0f2308 |
| SHA512 | 3f5d1f18af6e4489963de115c566e4b8ae0fe3a226dfbe77429d9e00058c13a83f23286056d5ee1e7d0ddb6e0b127727cd10800c4c6da7d06afb081aa2ea9a14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f1d4121669ba07fb_0
| MD5 | e42a05a77c9bb6a6c72029ddb2728168 |
| SHA1 | f94bfd480e85f54fab5f2773f93ece77adb9448f |
| SHA256 | 9e43000b16e70c08bca0b5a4754d84a818ab6a1d94a1c77d18e46d0a498e36d8 |
| SHA512 | b0c36cc6bf803409c2334e967c4446c93e5c0a2cec79031a89c9edffce3167deb75dc8eb0952b385dbc8254356a572be9ff4e51ea70bb8af13524528fbf66bd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6d206d319203eb567528ef376652c83d |
| SHA1 | 128d710dd382971cfe164775c7fc8852a1fe1d9e |
| SHA256 | 6e4aeef2de05b44eba770a7ca340a1fd0b36359e5fb7f893a766af6cfcca05b0 |
| SHA512 | 2e777f2bfca3ba99cf77c979813fc22468cd25902c627ff72d30b0dac8c315fa4c60884d0947a35212f1eadacb329bfd5d97b999b02623cc865ff40e9cdfcf66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d305802275373835020edf563e262fc1 |
| SHA1 | 5c9b82337ed5afc72dbff213cbfc69cdb6fc61f5 |
| SHA256 | fe107aa2cf98bfba92badeb4825aaa499e92e47a94e45dd27354b6860cf695bd |
| SHA512 | 7be2945a25c286f323143c8a0d79b7b13ab61f8eb3e2a8e7ce31f757f6dd1970a7163bb27c511ac4e8ae17855802856516158f968032854aaec38d0b3f7a1f4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27bf462e4052faf06ee0d2b5dabc5d06 |
| SHA1 | c1eaaa9af1f180489591b02f3774686230285df9 |
| SHA256 | 4e1f56530c05f1d7bbc2efe682b294ac652c0b131bc66f8359af93a0890ce360 |
| SHA512 | 2d25345f2edda958c0dc09b2380f44f60c6703c2ca2ffa7e6d5a8fc4fcc8874552e06b90d2dde24f9a77e3dcbc80df8e7e26bc186c1f7533f5d70fde04bff86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4d9236b6cdd10b2faf3ef367dbb75809 |
| SHA1 | 67b703f78596e4fc8306e70c2672333b96a1b5ad |
| SHA256 | 2aa791a3d6150e5783cf1220a8a6ebc2a48efde2fd72e06e0b140a34f6874a30 |
| SHA512 | 5f6b2f742571b70c711010a7076c985363658f84425a3caf612530461e6f3a33d330ebabfb0dc0ed62d2b6759f6a079d1e29bbcb0dfb8e426b8224fd0d0d8710 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4702dfeb7e0024f4a5ec91eda63a549e |
| SHA1 | eb1c2b8f0fce42061b7dc91e7058c3de3369158e |
| SHA256 | 6aca2933480652460242579286202f51da543bdaace689edb9736c25e650be6d |
| SHA512 | a85bbde849fb5ee4de2435e2cb7cad00223636a06900ec1b91ef192a1e4d81e6dd826947ad7ea26dacf3e81ce410f14fd61b830cd74a826549ccbb05a51d1c76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d55f0eee9d78364dda8a2328c9a7a3a0 |
| SHA1 | 3594f8a07506c8fa44ab938ca1c0b8ad8def93df |
| SHA256 | c1d50714b7a198c5b6620118e6411b07e5feed91f48627688fc17c10e09ce701 |
| SHA512 | d83454f907d02ccd4f9bafd49c5e7064ceb4042e654a2e3b9eed128dd0c2f1d527a7dcef431e31f87d5831b306e2105b30bdab36783277b75b74548d3028b780 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
| MD5 | ab79489e9704fc9cc9d8bee4f8e17ec5 |
| SHA1 | b2e19a89b43d537bb5b02ee9ca2418f027259c1e |
| SHA256 | 4d71760d6f3159849068b635ab4c39b9b747d899f03670533971a62d262c264e |
| SHA512 | 60d11ee023b9a045c4b59b88311f001fcf4856e27837a1ffd6ecab0203e5199ee077d85c5217e0f0b94e0bff93b14c3680816b6fbf9d42ee2eff5c23d9a13edd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43284ce2cff4a61c978d6d394c94b1fe |
| SHA1 | af3b75e6cd7777529e44b1f922ec6c719c3284dd |
| SHA256 | 5771c8b19705addc312013f1c081210a0c9ecac03631c0b8eea9507073473b44 |
| SHA512 | 6e830f95e85f9d4a379157ca9b18a434ba5e3fcd7eab515f3da2a3c303a7414cae47ebe1c5ab4ddf4bb10ea038023a37fc4eb9f3cb17c65c388a7226aa201ad8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c1052d32048279dde144eff995ea0c05 |
| SHA1 | 789155ae56ca2cdcf18bea5a50f35a46296f6cab |
| SHA256 | 9188cd4870669e9d7f6b64f49d05439e2132732432760b18cf0a781653120b2e |
| SHA512 | ddbc43ef7e864379e2466c501cecf821c1cb3741b0425cbd39c7f0912fcbf7f30d8308c665f81dbd67819d47ee8f1ca901bdd635b8dde6763e72f3655a7804b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 956d86066741680a6b7ca380e70f9c8e |
| SHA1 | 0d60c151ad9e74cff3597fbd35330a7694131c73 |
| SHA256 | 092491c3eb76a16f5a09830c01abf51d90e149a61f3a0e314365b600eb3e1aba |
| SHA512 | d6c7ddd056ea3e87a10458e3ef38121d824859c1790a71dbcf0f592bd78f6a3e12d6070b741a8cc78dcd8af38c04d10fc62f9c1daae53d46aaaa840c85248d4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b0c60b5083e5f22b55c6bd37aa903a0b |
| SHA1 | 746e0b2e4b4a5538a3189cda60d91f043985bc02 |
| SHA256 | 536987042206b5c1f6255459f2e3696ab7ef6c078ecb9b7456e988642c855625 |
| SHA512 | 58cf4e36ec147a6eed5f595e6594a9fd646398ba7d5daa0edf49604220e22c8ab29d68627b40e1aa57fb8d2cc28d5805e0b625978b7a7544ff05cb3a533675f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac8fa35b2095eee81e80f447655135a9 |
| SHA1 | 36f4f34475c25fce3eaab87aec1a7ba255199db8 |
| SHA256 | d2b0ffe28999dff67603dfc3983d27bfe8194ad132781473272ff81bc38b4214 |
| SHA512 | 7d1a7f57121bb2bba3499d6953598d7be7db2cd12fe7f8d3e6950a2669d437123d599332cea9db8835d893532c0fff24fb3d9c6f4157e44562ef03b773bb2b82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94c35d2267356107d0fe2b6217174bc5 |
| SHA1 | e508e9febdf636ed39394ccbbaa63393d4bb0a58 |
| SHA256 | dee5d21a291763d78b2c99b29cb4a559722fabf4f24b3500386b3e078c6db97a |
| SHA512 | 68d78e565db8277a5ccb9b30b9192197dff0f9e293dbfc7f4b947582a636eab24ae6fe06e7e70b0e2d830d686b7ae5f3d0ee2ca35cbbd4facf27f777f9ab0778 |
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
| MD5 | eddf8107ff73bbb71b500d3c65c0ea20 |
| SHA1 | c44afcfa611c21e29a530c0d4420ff3f6239c7d4 |
| SHA256 | dd2d90dd6c0447d7126dbd89daee339ea61f62853817101775722637fd875025 |
| SHA512 | ac629ecfab393ea77e6436784cd2e648bb9ab460a41351a8260de36cdf31391fa51a5a9870861195a9f2bd42e12a1c07aea4289a30f3819d5fae9b47ee8adca8 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
| MD5 | 6dd5d946aaea50304d993417222b1c81 |
| SHA1 | 67e87fd91c11374df8f38a47cbd42e2efb661aa4 |
| SHA256 | 23211fb75d3df809202e978296fec1efadb19e8161e910cd82db97c3f3beeff1 |
| SHA512 | 963b2e3ebd32c8ade1cd1334276e70c7e9813ab9b6a6d7655ef19e24b73bf0a353921bf5f661fcfc8df022b54d7251fb14a0eb34f3f3a03ddd6d9c0c6f7b0190 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | c1a0041343cee04ceb9c33ca930d4b62 |
| SHA1 | cac473c458e071466fa1a95323f7faf4af7b416e |
| SHA256 | 64533d8e43866904fba092d4900e8010a9d24a96c81bb2e0d554dd99bfaffdbd |
| SHA512 | 332dd065d06b8d752d6133e0dfbc3df16e6e69df974999f7a190f7df49c80ebe65e2056cb80558ec1067f3f8f3663126256b8058b6035f9ea904cdd78b4e4fef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f5951ae62d802a8c1e078e5436289d22 |
| SHA1 | f43fec1537edc92083190272336ca5ef2f4d582e |
| SHA256 | d7d5b35014b42f9b4c59e715659ec7923452f058be3155eb02d5cc03e2848b13 |
| SHA512 | f77cef084c39fc49f063b49e24d0acc5ada15a2173032db44f39488db91e4eaf24e787457a4b765798fd5451988112641258f9766d857d5418410a04f51f87ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 634925b81d1f43dd9d3bfa1f291b7198 |
| SHA1 | 0d92cccdfe18674e06144a0590d0d4bea11a59af |
| SHA256 | e6c1c78541bf117d92dd7831015ca4576499a5b524e91798e21bfca7ec550ad1 |
| SHA512 | 5cfcc3c925e7f67cd0a9866f3bdda63528861a08188be1a2e5c5224f5e87e082e60bdba80a97719d6a210b6dc1ca969ede3fddef9ab41fda56765867904be804 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 773a3f5fbdb9952569cc6cf7b9c09b1a |
| SHA1 | f237a6c4f840f51782cd74924bad942f1c084203 |
| SHA256 | 1d6ffef002f8d0396446f1a0f116a4bf1261843fab9a2bd48a26b48e4e82a001 |
| SHA512 | 141c2be8d58557631b56cdbc2d8638829c70d26111b0818357fddbabfe25962194ba4789ae519bd366736e5dca4bc8182db3709e0be6bb9e2948413eb79671e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47119e95d9c5f26a80d77ea7d45d8a2d |
| SHA1 | 559b3bb3beb9a31382a1c774c3f492c5b0da030e |
| SHA256 | 6d6480c7931b4e1ad7690e1fa618888822ad29890e553ec0ff0ea1e4edc36e89 |
| SHA512 | 8c5e61ebeb0c1b3f6d8f1a88a8afe8aeaa73bd00e2c60e47b30bc2f105fe833a53cc0bfcddc20e3c48135f35810c3d1eab8049e919f4818dec37123751da4a3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6d465319939ca6e159fb99e2e0a873c4 |
| SHA1 | 2216201eab617e00ade64b454221c9bf18d97e99 |
| SHA256 | faad40dbb4bf41dcac71f120b5f00f67202b695b8ae940647b006720bd1bd335 |
| SHA512 | 84825a4b4151597794050893e6d857a1f8db0ae8ee017f9a56551b0cd257e70d1055bfa98063a176d57ff2fecb26c16008e4109688ff95f5de586500e626adf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8b7c00580a9cb3496f6817b35dd43733 |
| SHA1 | 9b93b7bc0316779ccbea1a18e29e9fee37dacbe1 |
| SHA256 | 5287a763ff72defc1eac012c1ae3a5d01a78bfb1e44faeca7e2f9030ad98d02a |
| SHA512 | 2d8b1f9802b23df3cb4136843dc56068a4227a3d1b56d25600bb16ce031073633398fdb086d72c4c05be4f6ee730e8be83ccd2fabc2444252ef2fbc92b97b431 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 24a78505c6d0d450da69a5bc1d64f7f6 |
| SHA1 | 7b0fb5cd1489efad6dcd8e23733982bfab0922a9 |
| SHA256 | 23a11bd04171aba2ede7bc943fa9e71284a5ed6918b0c846e3635d1eff179d7a |
| SHA512 | e673d165e84add39b1ec1179f8f01a7a43686efcf023761b5c22fa0eab395844651cad70fc789684b9fdfeb6cef7bd7c2995b1d391e5fc58db47e5e792a93548 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 78d0078ab4cb2df48dac0273be68b36c |
| SHA1 | 5892649003c122ce750a6f1a290552eb02b70063 |
| SHA256 | 8befe041ddf9ed9eb3eff9c0095ccfa8bc7a529887f5ed91059cbc4a9d258bf1 |
| SHA512 | c0a5cc8f56cb910be8d34a3ad2a06a6f0089aa093dd40d81f7b0c63bd10ddb54fdb8faa7c84d84b5c8f20d5a9b632a8a74c4d6066737a10f0dddc2ffd7843a25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c44b2a044f7d99660d5f1717a8fdfc0a |
| SHA1 | 3e2e7611456d7a1d2fd467c073af09d5847a156f |
| SHA256 | b5d7e91a20d6351824ae069a49a981d13404db6600b12568743f9aa5ecc8cb0e |
| SHA512 | 887fe5a2bc9f02fae7573442845f16694571694b8c27eba88019f0334e50e917cf53c01216e55f9498dba5e7c6923b323e40054152cc1f7e9c9720cb604f2682 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 838312d4d8b790b594854aac0979c9ae |
| SHA1 | b6f47c8a8f865c01f2c331e225b787fb2fa57ea1 |
| SHA256 | 4aa4ad217905877422b526321c410e3376c86ceb878c8426bb561b921570f881 |
| SHA512 | 1b0c893dbbdebac922de7b1ec9fceca3997ab33159acfa0ed04822f6c9de10891ac0e1880e13a6f3d9f32b0e82858a697daef7cf8e7491eaa68fc06e3ed8f123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 53a94fc80273447c09576cff5f051792 |
| SHA1 | fcd294f4299854197559e441987ef824c6595f5e |
| SHA256 | b23a056f1891d30b56cabc6363496fcbaeb378d903500ff988c277cd0b92969d |
| SHA512 | fc5e4eecbb0f6bb0864f3d2050bcdbad0f72ba3ab0be16b978914364e85597c3a83cf9551333d588674c2569f2083304ca50056af4aa2ec6256f8648019652f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3de526d56f8535bfceae7321a5197c57 |
| SHA1 | b1905bbcf40ef7b1a0fae8a37ff05c5d7e8295e8 |
| SHA256 | 36f57e9c10de536c8bee11a6a3c09186121348b7872c349bf8bf5d2bf8d59de8 |
| SHA512 | f39aa0065a89581819a36ac859b87375111e14e2b18517e9a68d3058ca324009743e7a6783190bc15bde2751bcdea3f7e402add9b1b36b92ae41579aa52e941c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 8dff9fa1c024d95a15d60ab639395548 |
| SHA1 | 9a2eb2a8704f481004cfc0e16885a70036d846d0 |
| SHA256 | bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb |
| SHA512 | 23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d87a05dba284381b3c69cd946c8f0686 |
| SHA1 | c5f6e7d97771ad2fa31ce8937d12e0be81bbfebe |
| SHA256 | 68420eaa2cf8979ea8f8d567a5aaf0956c8b29888cf338015800636c7d567a04 |
| SHA512 | 01281bbb00c5d701745f7b8cf989f18368d1454bbf1ccb12a6a5324d50994046660f0bcd9988bfe2cadcf20feaf6615e5cae704ce4d858ba4c419f01e6dbf7c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 5f9d09923528dae705e7a56fb90e9e59 |
| SHA1 | f0eaff40f2b88094c86a73cb5c1788e22d2b9104 |
| SHA256 | af0330400175d33b541b4ba439915cbc10dd270f1bd1d87278ca22cf39e255df |
| SHA512 | ef7d40045a8b9a73760be36ea3b4ab747e09dab536322cdbf8907234e8d00208d41c527439b5f8c57cf3ff7c38a0c2f1baa1ead9fc1b11857a3d9969340c6615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e5959.TMP
| MD5 | 1323684cb3d07026ec35ccbf5db8cccb |
| SHA1 | 16ed5f3f3dfcb98964026a822fd71697e37d8ba5 |
| SHA256 | ad1dfcbddd0c6a585c7cb45051bfcb0e243ced56bab035a858f44cf8ebfed5be |
| SHA512 | 4abf8b372be9c241ba0697952ecee74b848d63096566c4fad62b30a1981ea4cdcd9127e147534317fd1d133f5e60f2af60d981f3d1771e7653aacd2d6d35c77f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 28dea9a5a4492fcd5011d08eb61c4542 |
| SHA1 | 9f3fcb422f5b77f49fd093a9cca4882f7e5ad6c0 |
| SHA256 | d0ae48f70dea07ddc72cebfab98cf0613552750422affa3d157e7f66b702b5a4 |
| SHA512 | 78a84ddee64d5cc2155202c7686b126d44dd4c5affcc939f992e0a39f55bbf577c05ace6df3ed4e28e7f05b3dd1c8712802442704465dd2674d58348b0ad1cd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc119518034128aa46f8ce28c5d5c3e9 |
| SHA1 | e1df26ffca536d524200d1e5c10d6b6dc2de4ac7 |
| SHA256 | 04aab87d1f882c33219705045ec7be8d24a4628958274227f1188421bc03bf98 |
| SHA512 | bd7b662e6440aac768f2a1e34da02b196b1be974d8151f454aaaf5cc4106abdc701afb491a7f2d2354a39541fcf4ce21046e8f8fd644ec83be9d02c80df9ebfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d1ce7d589438113524eb44a762ac9b80 |
| SHA1 | 6ad7098cfef833b1585912dd7de5dcb8edb1a543 |
| SHA256 | 121078fb08ecd1dbbce1694bcec2deb4518af6bcf29347ee8cab0a90e1ddda9c |
| SHA512 | 63f0adc879f98e265b52f786feaaebbde7567c70e19649a4f2843e506f0f844a83d57591d0088905b245ff7683e62a5ae05d284826b681a65667731c9d8c372d |
C:\Users\Admin\Downloads\Unconfirmed 386672.crdownload
| MD5 | 027183c8f1be3ad3b30d3c8cf7332988 |
| SHA1 | a7de0320e768d2f737c30e77be4ca5043c3dbe55 |
| SHA256 | 5f02e34dc5d7a478675fef3b4bfa9ed321bf6b6f8d6804aef7b243e360fba2fd |
| SHA512 | 66aefb4f2295d66da768ada2849e498145ef0f8d1e2e4c4bb7daa1745b6937742451c2f1eaf3dad35833096179e4b9d123487d744106a709f34c6a7bc8f589ac |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 88eea09427500e5e467be9010c4c5afe |
| SHA1 | 8ff433300eb702e6413262cfa8595cb07d22b06a |
| SHA256 | f5aeb7f049e4e44b414d68b06e82a22ec3fe08d58ff2991191ca4d3acd9fdbae |
| SHA512 | feb5ea900dd4611932d8ca9a69b8d9449451b15ac225da41d7a7d060fa69ff7c7671f75f6aa37c00720f4bc24c7e19690fda00090f94a7431748de236b583bb2 |
C:\Users\Admin\Desktop\Roblox Studio.lnk
| MD5 | 194f0c3b80b7766f0eac453db91c2843 |
| SHA1 | d309a94bcbe159c6b3a88219c202bc57f3eaa508 |
| SHA256 | e0850abddfce7074c5acffdc6775abd2bda17d010c03f157e35e39498c5d8e57 |
| SHA512 | d5fceaa9e27d16cf967fa0544afb5bdb64555acc30cafa0a7dfee82daa8a4fc7ea723038d355f4e1626e4171fb3f5efde8ef1f9e7848c3f245142e95695ac6aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b69c4ada54f1b0d1ec7e1f34dc58a2d |
| SHA1 | 0aab7693028ce3d5603891e6ba35c2de639c0ccc |
| SHA256 | 2713455a12061536ed06f16a43219a51e28f90d0e36443d6fe0d5da6eef901e0 |
| SHA512 | 3e736446d7edb58d77f2502e45fc7a6c6a992ffdfc15ea83af2a604a382ab8f9b0f6045d3d77a5034ee5a02b8e859c5fc391e1295f443cd00062cfbfeb04f4a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | a6d22f659e82f93765a1c4cf588cb808 |
| SHA1 | a193da2b4e77160a1c8254d18acd539a262bd769 |
| SHA256 | df7e470fc35ed68a1dc09eef7d0be4084f00ab07a6d07f5eaad6ffe87c9a9883 |
| SHA512 | c93fbfe84662fb3c1001bb5c685a5424b83cbdda350fcbfb32a131df6c29d3ed466a51c82c3861fc39d05e0ff6aad0413fb38ac681a6816d19a7e72499194351 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bf697fccb64ca3de6e8c0729ea565fe |
| SHA1 | 993c84a1919da7f220b976ab39c00a6149e9b5a5 |
| SHA256 | 4fb9bb4c17dbb57bb0d76058058c43dbc5dd2f708984fd134fffca351678a7ca |
| SHA512 | f143c84ff8c87d252b446c066128485fc51c9a03ccfee476db5bd477e9e2739c6a590c5c08f870c41b21a5527f213a12937122c220faad7d4e3b0f1746451196 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnk
| MD5 | 36ece6ea5e1676eee586a896d64645a1 |
| SHA1 | 5c2cf16eaf95da4ac48775bc8d4d55670e9610ba |
| SHA256 | e4c70ca0051e87896b7db8e4ad0f12e56ec1c789b6c8712c21d216d60cbe1296 |
| SHA512 | 60f9817796a682a1834ecc482e4af95554b7fd949f3ac761f10b80b9ad33bf8f0cc56562598cd2ab86d733c4070c2c64ef681ba264508737c50a455ccd55e594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b42504630ec7ea1b913f25603fbe67b |
| SHA1 | 1b9f14d548deaef287cdd0f1ee378a2c4e37d441 |
| SHA256 | 382a2d50f5bcce011daffa0b29d4a05a41ffa624469271e0412977ef65720b3b |
| SHA512 | 17c81055528f914ac796e3db83a72974a59a3433ba821f29c02c617e0231d459571dddfc523f9ec1356944c1056b2a5b6a2a978edce1a1dfa6a353db8d3b4093 |
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUE1E2.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 0c1775f5d541fa6f64ddbcf078e9499d |
| SHA1 | fb915c03ac55f98cf99d6ed9c1f330e9b1d402da |
| SHA256 | c2bfe3acb0b956b70a0e7907cb1019a5d8f9fc8416317e700bcc193a8ff14451 |
| SHA512 | fb9ae4b981aa586659a01083404ba6fa951a41286f478e2fc96582dd48a36358bc5c5ee46299b4c9b6f2d3b10271f5ce3291cf831cb9410efd1b7259a9d0b086 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76c0fa24ee5b0fc75281eb662417fe26 |
| SHA1 | 024c370a3faf21a6e409fc44c23f522c5b3a1e5f |
| SHA256 | 1d88beed898b88b23f39756397f073203b34ad08368d3458f49650457fbfb871 |
| SHA512 | 82f05e6ca0e3a10d92dc8d20b8c23c03cb4fb7da2df3aa2391d92b031a312e6a39dde55262e1270a59d7106170f800cea5c5874ef4e448421303e67934126551 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9db12dddcd48efef45ee8577e79d3904 |
| SHA1 | 8c4a09269b6958e848e4e99ece73927ef85b2afa |
| SHA256 | a7a58ec706ef10918cb2bdd445883010e33cd3beb9a03e8e37e52a0f965b7e99 |
| SHA512 | 3b3ef348be464297ca093863c514bbe3a0f78e64ef4f28335f1de8bfe0701eee638ddcc6d35039530e3202149897d4a8d6aa7e774351beebbaaeb86cc6be2cf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b477508e2bc485f5a0f661b7bb845578 |
| SHA1 | db9a6e387369a98592c21d832152259735bbdefe |
| SHA256 | 2ed79b6eac03511f367e1604d2d34117a6a460d6f1de74234535e1e1abf7d7d0 |
| SHA512 | 207582b0848b125a16e0ca00bbe4258d470b9bdee96eff29bb396c15ee96cd00babf2c861a820fe30f12eee6f3008376c8f92f5ca8c93ad17f73d3a661d31d4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7ea3a0f9c22df5d0a4ec2bf40100f759 |
| SHA1 | 0afd520e70a5eacffeb6a46f880462a00ecdbf51 |
| SHA256 | 478b360805b46226c97a7decee67033c23ff5251d58a922ea8368131855cbffc |
| SHA512 | 25b0d2ced755f2f75db564ad64c038227dbbec561a4caad3db029a2efcc3ff2111afc074074ab992f31e72d72c5b56c078296f1fe5e6131cf4dec7ec7dba5fdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 24da558f95e099d651238f1d49d79980 |
| SHA1 | 6eb84be2d68a3611cbe7b0e6a5aade6c5a21550e |
| SHA256 | a1d459563a155d4876afdadeabb71a1d1816aaafc1415982487c9cc685b3cf55 |
| SHA512 | 9d943bcc28e2a3b0040cfba79088e2304788ef2505163386269e3a4c263edad2022dd93c88cc0fbe611cc6438d19c8c9d7b079102292b0fadce2911d65a1dcee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0af6e6f6fac282b11f1670768c61c8c2 |
| SHA1 | 72cdaf48e4fc7852d174f01696754b81bb9971f6 |
| SHA256 | 07acfe56050619b05de156a793c7edeb8951a48093c69f15db1fc717c6cdb7f3 |
| SHA512 | 7d4a0ba7a08a9157ed8830bae244b4fea320bf6b85dc2427ecbda650e98b3fef0b2eacf5e991afad296868e98d94d696f46bf07f80411c1bbe2c17ae2c257d8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51910150c6aefe1f3f4785757959d049 |
| SHA1 | e1790b0ebf34f949cddfcec082dd8761b5c38721 |
| SHA256 | 928b48077d0c79746232cd7b67ffa560e23e0b9023478559a827e0106e6e9516 |
| SHA512 | 9467b1c81ab5bb99069c039db35c3ecb6fe2d176d77776e1a1e9b6608ec75b427bcdab8c4b854ff1ea39a91b06de9b7e569c4cda68373975f122d4c10b2d6017 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0fd1659f288a09e331d5a2a2bfdb30fb |
| SHA1 | 959eb9055a94083100aece3ee3d71b30ee60fec9 |
| SHA256 | 8427ddf62f7f3576f7b3a1964e13bd6eadb1a64de2a5fff2af22aee7acd52f5f |
| SHA512 | 44b4e86501963a86e42f69f3a6f7dc69180096180c98340a8d6cb66240a102f36f271adb866c2e9aa4d2c5bee98d489fc19de97a4dd76b7306ac8b8759784277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13ce45b049144848704210506247cee6 |
| SHA1 | 7d0b2543bba9563028696836ea8f0d1ed1c72b91 |
| SHA256 | 2a2df3db0c79f1327d7b7b3c086ad31c9e1ccdfeb0e6206c18261ea331f7b936 |
| SHA512 | 799e0c28dcf7a93b26ba49b48004ab2b3a4e05feef0a01209ab5ea45ce502428ed34897e699a0685d1199e92746eb111e4e563f06ed67989f1c3d9a6f600104b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8714b40090f578657f41d5649a47ac43 |
| SHA1 | 8232c03dc286126c3741d815d0e201f3ed0336b1 |
| SHA256 | d72a93cbe1d0f61db388acbe6acb861b84efafecdd16534d76aa86e16bc11905 |
| SHA512 | c3a6343a2e0654502510185f53367b8164f0b22b3eb25ef42beaac02c539949de3e18b95d12a6efaeb97dfc01468307050a8867fc734a90d09204841499b57df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43ec228cabd102129f1914405e2c3b58 |
| SHA1 | f36cedc2d861f4a252c215390bcaa58d9525bef5 |
| SHA256 | f316901f157a5e1e4760d10eb9807a9a0f37744cd4142716aa6e055190f0c308 |
| SHA512 | 738600b1fc6842d40c66bd566e55afa02ada54376c317a48985ee8d2f240d50b548b167a00b74c280c84aa9f2044116a613e8a15b8bb0f6051f50d9a6d418abd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d048e1c1e81250d0bc5a04a83ccf3c7b |
| SHA1 | 20fe019664690caa0be6dc07492f0bd0f7b506b8 |
| SHA256 | 775db905b8e2f67b89987f73a0eac6ad2d9719f0aef120e945a6e5f9ad80e51a |
| SHA512 | 169c0ed7d4a063e993c0a6c0adbf68a1e86729e82656b6f9da9d87c0e83c8f0e8754c13b9d1a67a92a8574b226491ae1ae8a8ac08f1afc6400643f96c088f615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b4dd587441ab7a326cefba012ab3aee |
| SHA1 | 8485f1119e4c0b8d501a53dbedaa3809b358a263 |
| SHA256 | 882843985317e0a4314dc6420040e825c96044387979a4afc292871f72e5ca46 |
| SHA512 | 7152334df2e9e912b283f6dd1a86e921092338bccc115e7ef232275e381906c29b30431a01a45acf5383a6cd3c5c8079d05a16e988128297547076b00a899bd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 936b2c151fbec624135689b389188273 |
| SHA1 | 0c3326ff6314266227f813c35843190bc06c3770 |
| SHA256 | 0c50aec3ac0bebc58a5dc60a79d0303a7408d9f46c6fd4491404a28c39581009 |
| SHA512 | 73fede4e45e5f8bf89dd55d84e97059dcb1b4d48b7cd6bf57eb87d4722849642b6e6fd3cf87de6794307286ef5b2ab496e806b7f623d27dff17d6dbf65d1912c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ca460ab57db80858b96483664fd8a2a |
| SHA1 | 68a47878eb65927182028922db776c292d4e9e14 |
| SHA256 | 43f512df14ef35885a78ed8ba14eb7742e5a0d0daa5f58ad9f5924c30b9b1cf7 |
| SHA512 | b52cc0155a331f165d956966d7841efa9c990113b723dcce863271185c64781a3247997d9284f267005ee2c040371d1ca319476af1812ec50ce34257b8090f4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ecf97dd7182ae50a02d4df5e4d994a65 |
| SHA1 | 78e2f54cbc67cee34a503115f569a88682d559b4 |
| SHA256 | b7268b3a658b5262bf75a6f049a7bf8db37462ec6ea6cfcde6e4753dc99f4962 |
| SHA512 | 43d7b6270b41d9a1cd0a232114b344f274819899e5143a75407b8921017258b378007613f9ca872a980f0966d4e5db992d676e590e7c3eca4c95f6a1bff58ef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ebfcde26ff5334c6527f0b17d2343f6e |
| SHA1 | a3dba11b93247d1d44939c2f9287fdd14675d571 |
| SHA256 | c54870c241f421f794da2bf1a4a9cf129ddf0ea436b9c3e10718014b4c052c67 |
| SHA512 | a376de2cbd13d2279562652469d74274ab3cd8c16b544f7c3c3a3d280c63706157a8ce244fd9ed976cf9f6cd03530c02537eb2227a3aaec9fe83104e8fbfc74a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a5df2e7dc304d42a94d189dc8d21d13 |
| SHA1 | e2eee6b1797be46041d239b7263af95986fa0806 |
| SHA256 | 7209bd3e2ce48b639506ee468b9b214a4ee23dca80f34506000040da681c7d3a |
| SHA512 | b58df40feadc2f8c84c030bac7f9eff980b509fa02af13a63350028b95091e1612d993572655978ef02c361fc9f824ea63754a7f548f3150de8c991bfb0a6a5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a880e5611a775d9e51a43860940322e4 |
| SHA1 | 56ce11e2f14bdb52b57c5bd7385ea1c4b35d5f93 |
| SHA256 | 184e7781e1ed375c2e7750b935a9f44de3178bec4c29f81fb1517e05ad2a8512 |
| SHA512 | 354ef06cbc2c4213c0982d7d3746547ed49225de166dbd0ba065c8994fbb46b406a3005bce6c05b0bf11f874d71def7219b0d1899c355f51a21133542ec386a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3fdc5cca9b806bd42c69d312b7bd2d6 |
| SHA1 | bff018e1b66a1a7fc6dc3ff77363743675415ad0 |
| SHA256 | ffc15da9a595ac24da6dc9051c00884a131bd8aa15f3b374750b6078ad0ca1c9 |
| SHA512 | 5a5683b910747ae36b74f41edee65f9ae4a443b6642655780a5aff8e63017637750c206a6952889651002ce834fc615fdf25111d159787210f9723b8edac0a16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3077c956e55f216680e18e08c6e5cf55 |
| SHA1 | fa69c96b322aec9da7f2c4bb15fea216c86f2aa2 |
| SHA256 | 0badfa844448ff9a8a99d84434755d03b8c7496685f635819af934e0cd88151b |
| SHA512 | dfbcf38d854a5bce4e485460669c30db63ac2cb62cb786942e937fe605470b83a536843ed1247f6864a3905e856d2a79214dbe014760655642c5058a67e1980b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3151ae607cec3740bba4a20c11cf4c26 |
| SHA1 | 61d1caabc9fc0e413f3aebfbe4b798badaa3faf3 |
| SHA256 | 8617cf0b35716746b1ca2e099c5b08afd6584b1686113c6dd2bab1704177af88 |
| SHA512 | dd028dd4b527e6a62b0aea2b6ccf4a908f71331801e6f6f041d8ce8fc5e35515e9b8215c11b944053271b03eb0ee4b6505c1f9d3286cbef16739af7918900468 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54302db16e9b6138cc505d678b4d627e |
| SHA1 | d83d07786f000e2bbc7524aa29612079ac277d8d |
| SHA256 | 5639d5a531fc036db38a4446f384deea93a631561087d5b5aa71db26806d221f |
| SHA512 | 1389a9c83185b3b43732e46153b03cb8c45c5c5be175fb2cf13e3d1de9bef27172c2ecb374dd06129e36db18cf9207883131043c95ea0d52e16e09e6c9c86aa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 246404065cc87805537d42ea0563202d |
| SHA1 | 33ab22fdcd5a82ecad4b7de34e286a579d72b7dc |
| SHA256 | df3c178579214df2049cb17060ec5dd4ae3e69fd0b772501b12049987ffe9c1e |
| SHA512 | 063e3945b7607fd92116ce20aba5e1bc2b5a0a8d80e8fd0b16b7eac64605842e25d5eb0dab91af3f95ce4a7dec177fd59c6ec824a09437ccd6371a53d15c1116 |
memory/5264-3895-0x0000025AD9D80000-0x0000025AD9E9A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 58d91fa45e8b2408e3bce6b49207eea9 |
| SHA1 | 8993185d0cdb9c328f54f2d7b3e58b67ea99610a |
| SHA256 | 064a2a9f81a5fdcb5241503d3e3fc075d8571b5b8643137734ec05d29cca556f |
| SHA512 | 26651b5ac6ab646aba5d45e62afad8880a5819b058e348e704ae4aa4d88bf9b9337d6a97c8cffa66bda89721cc5a7df1eccab180361c1c77a649b1c21758a69d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7589e520bb96861ab2436629e1af61ea |
| SHA1 | 49bf04d28bcac7edade43476cc32fb8946878875 |
| SHA256 | 4540e7bbf689f424f8c5a50f50795f337c53a2c3736b9f70ba947a348b50976e |
| SHA512 | 68aca2983a08a26693187ee36ac5576e6190a244592e7dc600ad1f137c68a7c66eda727af929f9448ede356aa04dd7be8b57cb9590f9805a42850442a2dafcd6 |
memory/5264-4113-0x0000025AF4690000-0x0000025AF46A2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1bc6fcae8cd57329140bc35d12c09043 |
| SHA1 | 21d4b671bbf6d1c930f33499cc182f0836d80774 |
| SHA256 | 98bfedb9e2edffbd19cc088b253664d8a5dc86c5e81f683f60428e5b5b06c326 |
| SHA512 | 51fbe38275f934c05e1d4eb39aca96d6225766030b009cca3d40378daedaed3079e938313c9fe9ef806d001bd6af86587d857abfbbcfc7646832f76b91c40586 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 36653e8ea0971e4cca7a687938ee9fdc |
| SHA1 | 62d70306374a52b31f8986f8d126ff27a9764427 |
| SHA256 | 565daa72f75b910f3739aec740a07536400eb6f90ddd65b28fa04c3661528c52 |
| SHA512 | 06e5c4a77a4d17fd7217caff86fe994d5087564c7b4e2f27316a078ea343bc0daa40b97b9b391be13733ef0d28e0a39b19da0e1b9c2439ea714aedee413585be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37a834dfd1b60dbd911cfce2d5374076 |
| SHA1 | 082a7bed726dc80e653189e918db254b86c6a5a8 |
| SHA256 | 8107dd02786d5ef85916835de06e61e770194990e5e00df845a66b439347bdab |
| SHA512 | 5c930d1c4c883c5bad72d45250904e266f81a69008f6e7e4077204131fbfb838e745dd516e527f1a3b35d133a34d7d7499a86a68cd1c4070a971d843729f6636 |
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
| MD5 | 1b0dc83a934ba8fad55bd1a2da3111ca |
| SHA1 | 864548c0d184eac5965b7b432f67f3c7f4790e00 |
| SHA256 | 9729a17dcd45afca29c232564f09889e86583736771fccdd7d1150aaf675c378 |
| SHA512 | 655ae7f28a17bd382a7362bb29cf16369f10a4f47e323cc7a29f53ae1d88654a815cc7f3829e95e48e5c63f0bfba718865124f4b9fa4c47a78aae417acdf6aba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 88f986693c725c9382704725aa6834fa |
| SHA1 | 5cdd44c8f4ca05c0541a6a949ddd1b91f1508f3c |
| SHA256 | 6a51d0a5c546d1f911348d6646a9f35e90cf0e731e524934101dda66dd68da4a |
| SHA512 | 3e9407ae94bec9b10b1d1dc5ebb74944b067402928fc4defcd35a61eddc9bc11db62ae993769374a3f3336c4efa61226aba1c473f3f2456619e74a84e6e2502e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 303d84ce9b584bbd97d5289793c7ff93 |
| SHA1 | 8b7b017233989d3665558d37afeed86c2110b177 |
| SHA256 | a66dd88fad95aa3395319d14aa0d238b28018ef36b2075a86ac936d25cfe6224 |
| SHA512 | 9a7345bc0978f2937746f58ff0d8db431bf4b55eddbfc1bdbf1db3848298fdfcd029e270274ff7df7c8ff9d9e0d52f04d7a37373fda1eececfe9d795fd695a5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37e9343387f96cc887ece0eba74b041d |
| SHA1 | e8034ae220b1bd5a441faeb8451b0f321278d456 |
| SHA256 | 76714d58e8f383e8a8268eb36626e1a90eb6229d56f0a73a79c1db416180a9c9 |
| SHA512 | 328b9a425ccdf6b69e66328fc922b0e374d25f8b7ae246493bd12c312a9d6fccb03952a393b15fa101be18f691a6cc184513b9b69339266e092a62c291003ead |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d1cdb1b84d2fe32151cd4353e92b313 |
| SHA1 | 6f40db951975de321c8bf63afca9f730fce2dd69 |
| SHA256 | 8666880ca6316b57cd95303c46b2b22d4d331ada9890f3e2a31a386848f7349d |
| SHA512 | 4ca55025c983bbe319a87ae75adafff97f5c04ccc89ac6f603e5e9c71b38826603bd4e6915cfc378cc79d7f20dac426538941716966eb870be3e6c0e41e88af4 |
memory/2140-4432-0x000001A55CFE0000-0x000001A55D0FA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c5e9a3ce54e346b7079fa60d4444266 |
| SHA1 | 9cb05d03e9042bb331fd346d47da3036e67139b0 |
| SHA256 | 27521769709fe39352d61422a8bbd1d7fa31dcb3b7409d609ac21b90769a06fe |
| SHA512 | 6b5b4557ae34d9bb8200e5fc1e57f9df9c2d6ec76bf077265a757d992de3182937c722df19e1c5cc44052357e406c92b6a530bcacb519c218beb16279695b15b |
memory/2140-4640-0x000001A577DC0000-0x000001A577DCE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc96278d57b38928780b3b252d5a0b55 |
| SHA1 | ddeed782a6fc96aade41166a48c2b6e3665f5938 |
| SHA256 | 5237e5a6a4a96016a7b5676607780ce2ed69a11844dd83ec5af98694f19b46b3 |
| SHA512 | f4cb6a8cbf2791be3e600711af87ae0bd9455c438955fb1865d29cb48f112aeeaf9e14e2eb4d9e9ea7d1c96443f7ee69a1eb8fed5af656cfe5ce344b05166c14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6be59ce3714f88a5d29b2b4433a128d |
| SHA1 | d79fe64be3929b1b1967de11a654c4ac51d8bfd2 |
| SHA256 | ff792d8fe156b85d7abb861abf4e543c7489900d5d2daf2a273383dd6a2eb5b0 |
| SHA512 | 91bd563ea7b296afdfe15d4f5f164352f511288cfa2e6c55c1cd0f76a6438950a79637bf86f0b3912a58e036a17679e6be846ee6ce717ce429a56192beb70f79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5fbaf3a3e9953e926a0b8a25d2e1038 |
| SHA1 | f42551b7bef53b005f071355f3d690d8e3a71213 |
| SHA256 | 41b6cd149196964eed743a0f39128d3b6d8bbbdcd9a2d39c15dbc73d67beef29 |
| SHA512 | 5a4d7740c676c0c0e087980a5556790ad422ee69e1a73f6d2ebb9f165c4738079ca6d535dbfee79c0a445cd33f1324b34e462f414552a79f4e956af4d1813c55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c1fd47f201ff47a514ac08f5dbf5295 |
| SHA1 | 7c246c338c64d3036ab14a473f070c2f0ece2d7b |
| SHA256 | 96f83efb208d59f4fb2534c48d3f428ecfad7bdc3d70209296b3888a61e50068 |
| SHA512 | 9526768cc3fb7e47fde3d52503a36a3297c9177a04fcbfa38b547cbba29dc6e894972b5ef321d5b4a766622d3c5dd490942730292a842395e2761a805e2530e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 19641c884c74daf86f1285dae6d1479c |
| SHA1 | b706079111432a3e6631b0468402d477ebe8c062 |
| SHA256 | b3cd6970c7b8ef2d334081594f3f28a0b08ce448f890300ba28663729a6d0528 |
| SHA512 | 39c21feb59e3f6ee4de210f03859cc52d0d253a18eab90bffcfa07bec3a7670f4362d4f58314484317c979b3ab6c80d45b98c4a61cb42688e2a507a5571e27b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 991f309be6513b779552c5fd7ed18c48 |
| SHA1 | 2a0d59804d72cd4e309361411e6cf950e7414e03 |
| SHA256 | 76d209435b0e818987324bbf4368a44d8d5aee901c33f674636537331e72e0bf |
| SHA512 | 6d2515194ca7920344b40ec723dbe51c6be35f6a2373234205c39a2bd856f2e70b80e0b2c2759e0023288d12b004c98ca72b643e89fafb75fa392d43fccc5903 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a9377c1e624477df0d79e748e072bd1 |
| SHA1 | 141852b78ca6aedb903704cdf56fdf5275b3b2e8 |
| SHA256 | d5bdba92f6edb1462cae62765992bcd68f0d7ba60ec269429b33fa9bd6e47754 |
| SHA512 | 3db760b45d2d8328a9ffc74c5bc70aa96ebabcefb3bea350fc2baddd5c08386c7b25f1e0e044a3cc574d5fc2a0c35c42fdb3cbf0e6cea2f49e45f857e3f3f309 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b35a42209d59a2e89a85fb792e13c098 |
| SHA1 | 0d6e439a60a5caa511bed3717af368579735aac4 |
| SHA256 | 12b3f4ac572ae03849455db0b2d9dcaef77456e9e885dc7cc61aa2439b8292e2 |
| SHA512 | 387fbd6265182ef934d7c5f31b3847d0ea4e62a02c3a77c4d4148aeb63e4e1e3c869c2d2a5ba76531fc101bf638e9f530be743e6f6b237eb1723b5056b1826bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23ff7c1cdd9c72948dffc7fc5c2961fd |
| SHA1 | 4de5c1c81906e60a357ab6bc064c7f057d609d9c |
| SHA256 | c3ccc3817e8c05e050456a6d1bafc17cc053dc5b4d1da10a9db3c06df5a26b1e |
| SHA512 | 2a027e928df978682185cf38a469da7b3c9a7c6747d1890bc27232e6bb25d03403d3151a2374b649106dae00805929c951f29580521cc092da121c10038a1516 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e44305af9c1d563d0064a86b4f551cb |
| SHA1 | 13f28c4c73ad892304d71853f4d312098aac45cf |
| SHA256 | 6074e6a78c27dc7b1a7e63c04375c29b1813dfe078469eee1f4055181a35c353 |
| SHA512 | f7ec0f4c56127e96bb040f52023a482e86cceb6f9f7fe56555f51e87ba8290fb0eeee7102a817a08f9c75c76aec9caa2b9d8745aa3995a336f069fa5887dd4a1 |
C:\Users\Admin\Desktop\Roblox Player.lnk
| MD5 | 74707196b3bba699b144fd2583f57329 |
| SHA1 | 2e8a97561de3f636cc83895d31309d2252d39a49 |
| SHA256 | 9c6876454ed51695241bd74d12d7afdbbddc89fc2e08f91511553faa6a886647 |
| SHA512 | 4bea172cc2e48ed7979c90f82b854a421b04ef11067ebb5e1f824d237e26c044462deca8b4f640887f41de75a27f88b9e2df4fd4a3b1ddc8d8e7f7c4c4072adf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b1ab6d9607cf8e3108391db5579ff01 |
| SHA1 | ff37c622071c51b7988758fcbf46543617543a1a |
| SHA256 | 2a6cc540d8d5763ff1445d5e66469395af4e3022cfd2bd1fb7d9d44432e78903 |
| SHA512 | d0914f3a860756efb85cb95a9f73c5504b7f49396bdca61dc6be5ee4446e1417076147f85ca2ed779c89e2a34baff7cc618445916f3225486a60691842150cc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d227071f9175e0ac7bc216a70166f3e |
| SHA1 | 3fbb217a72b119b119c731d8f4a7804a62ad3f87 |
| SHA256 | ace74e4901e3d93205c249cfa8af7d53f42957a75e16cf7fd8b31ebf053d7f42 |
| SHA512 | f3590c72b8f8d0a6a753bfb6e98077b800f6da67162e348a269bb4ca0a4398ff25cb8f313ed078ebf03d0c266b86fdf2e03d17962c2fca4d9cfd4fa12e2c76e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b6d1f043360cfb67568ea9e0b9f2444 |
| SHA1 | f5c3eaae144788a4dff0e554963604464e4351c1 |
| SHA256 | 733ffa6b3795a564c3aa6277dbd351ed2445d2fe62cc1e9dbd8fe4139f86c128 |
| SHA512 | 1d7c56029d3518b4dcdaadbc03f91f3d4d41b24821cd47f27955d8d1a841e7144ad805e0a5d5177ff4aa55147137ebce6551f3ba8bc77e713fe47d57f98cf541 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d5ebdcb0e59a38cc7be32d992af5872a |
| SHA1 | 040f6cad97cfaf02bbcee7b2fc88f7c11e422e12 |
| SHA256 | 0908f19fdf797cd4c30dc1259a594217e7ba373912ebb96930e80b4f3aed630b |
| SHA512 | e69521671a40eaded0e917bf03a1dff5f430eb36bafb42f9a4ac7d4ffc2760bdcdf46e535b9c1fb004afbf7b99e1ffe2d74c35378ef3c2a2b28a7a624bef3057 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 73d868bcf420c27c103ee2ab422dfcb4 |
| SHA1 | 94aa4aace9939ea3b6b2e1892c391202e72c142c |
| SHA256 | 0f7df58ed6d90423b5b27628ebd6a83f04801a9e42dbd9ba97cf08f263ef7e9e |
| SHA512 | 8b140401984fb69b0c6590e7457323b4ea6b64104e3af19f7a8fe725f7ea90904cf44fc5fd72182049f4ac98c5d2421a4798af3bc99cecade7934782fdfc9f53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 09a282e4c4ede68597286b37b776d4e6 |
| SHA1 | c557510ee60e27fb3fcb2597ca6e1ef37de29bed |
| SHA256 | 2f02d90767217e27aa01d7165deca6a7b88e419fb6d463a74cdb86d977a653ce |
| SHA512 | 584f5956803cb322a688f6d5244a89efb2552752f0842d36f7a761fedcf97fa61ebc6d669af0a3594db4094a8dde00999775124fd5d27c428766bde81f743c0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5d0edddd-0abd-4c3c-b8dc-8d99d135f825.tmp
| MD5 | 2b06615f3c3909ecd20b2fd3f11eb2fb |
| SHA1 | 729b64fc504c81d223ae80536b8f2e5076b46f6b |
| SHA256 | c0d1308bd471b9a443065663218fa5363c6f217442363a40cbdd04d5f51ccc74 |
| SHA512 | 35f32ae8f986507f0aad49ae1c0e6e68e9a60ccc447d1f2a0efc0f0c0faea8e23c8bdf4cdcdda34522894d79a31001bd4e806b4721b0cdebba3b38f870a739ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | faf317d91477fb005fee910b9f847492 |
| SHA1 | 1c848b52372dad967d5c326316d03f3e5e5772f0 |
| SHA256 | 44b7ea18beb0387009442bdbd5a8f9c47cdee9db759703cb8c753d930160fbf6 |
| SHA512 | b4b791f5114fcf53ef2fd9870d9de1467cbde24406f28aa140c44978781c81d06f0433b4ca9ab5e2ba9caa9b18089e1f2808ba7bb0aff52423af133acfca0bf5 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-25 10:28
Reported
2025-01-25 10:30
Platform
win11-20241007-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/z30Ajx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff95b33cb8,0x7fff95b33cc8,0x7fff95b33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13693981338267128566,15012292775398197636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3012 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.91.7.6:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c03d23a8155753f5a936bd7195e475bc |
| SHA1 | cdf47f410a3ec000e84be83a3216b54331679d63 |
| SHA256 | 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca |
| SHA512 | 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41 |
\??\pipe\LOCAL\crashpad_3812_BILJGKBSDLBPBYQY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d68c7edc2a288ee58e6629398bb9f7c |
| SHA1 | 6c1909dea9321c55cae38b8f16bd9d67822e2e51 |
| SHA256 | dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b |
| SHA512 | 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1204cbadc820b14ab36ebede6e3eb80a |
| SHA1 | 59c505114ad5d6c2c8213657e414e0719ede37a9 |
| SHA256 | 982948015ad8f64a981dd9e2f77acc2839aa5b32f88f46d33c4ef7d066737bb3 |
| SHA512 | ad4157440442b81a71e4b150c0088f1c8e697aa174a244b8ec5631f2541eb5502fdfa3ad482c581aee50dd534186309fa3f03039d0df6ef934053c4f81d92590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 038ba9b53790eef32e1842e5093bae65 |
| SHA1 | 538fb0b84d89aa699a52ce226b3440f6a178aab3 |
| SHA256 | fe765c5ba0b95cf77f89860ac55a50f82e78f273a0a103615351af3ddd0eb262 |
| SHA512 | a511a2379d9713c6aec791f2e4cbd382b96facbe143db338e22e20e26ccecafee6e77f94c05dd537739dbe5c7513ede823e9c1705fcdb8c7e72a156d5e8e78cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d1290dd29cb3301532097919978d44a |
| SHA1 | efff7fa8b23c10563fd478614734b885f2c60615 |
| SHA256 | f758afca51f45c2b8b3637641f6678f54ba2f799b1b1b778b4e4c69893558e8d |
| SHA512 | 05365d12a21cbdc4c91b50e9e668020df3d19ea62686a86982c9798b5c4f3c35157a208b9f20f32278cf7f8237e41bf9663baed41aef14a804350bdf8af34664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40dbf6887a2e16b604feca5397c55e4b |
| SHA1 | 9900fa36c3c5ca81bd77ca6c1106d92f69edfe47 |
| SHA256 | abb8aee0426acc6ec0bf4fb53a64b785df59990bd7e5db99ea7cb19595a2a66a |
| SHA512 | fb5c0b3bc220d9c79453abefc9500f61a3ec7ddcd2fb200d8093d740da493e21b4015bef3f9befecf15edd13bca85be1edc4c9a4537615479042129627ac6d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a22ac98703578dab4e089f7b2658181d |
| SHA1 | b9d19070e3240618f659fde83c5b05c97ac891dd |
| SHA256 | 9d8b38da47c2ef4da94c7bb3ba34317f2f5e57f73db0c140396d2b899c7b7e45 |
| SHA512 | 0b460999da4153be276491d1fdb4291be6e88c7c86ad074d5219dc7dfa9cbdf0f84299c2e7069c28a451a9a624682f84450acc2c69e47a78f04c3b4747863d3c |