Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/z30Ajx was found to be: Known bad.
Malicious Activity Summary
Orcus family
Orcus
Orcus main payload
Orcurs Rat Executable
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Loads dropped DLL
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Indicator Removal: Clear Windows Event Logs
Network Share Discovery
Checks whether UAC is enabled
Network Service Discovery
Checks system information in the registry
Drops file in System32 directory
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Browser Information Discovery
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Enumerates system info in registry
NTFS ADS
Checks processor information in registry
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-25 12:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-25 12:15
Reported
2025-01-25 12:18
Platform
win10ltsc2021-20250113-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250125121549.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8194d809-791e-4cbd-9eb1-90b98182e0fd.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/z30Ajx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcff8146f8,0x7ffcff814708,0x7ffcff814718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77f925460,0x7ff77f925470,0x7ff77f925480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,783259620269924662,17229623417851250924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.91.7.6:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 6.7.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.91.7.6:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.199.58.43:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 63af7b2048710d6f167f35d94632a257 |
| SHA1 | 812c8f140a72114add2f38cab52fd149ad8bdcfb |
| SHA256 | 15aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046 |
| SHA512 | 0519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4 |
\??\pipe\LOCAL\crashpad_2216_WOMEVWUWKZXONHAA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 17ce65d3b0632bb31c4021f255a373da |
| SHA1 | a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da |
| SHA256 | e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a |
| SHA512 | 1915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | b8d5a6329bbc5edf31844f6bfa4ae972 |
| SHA1 | 1014d91ea7a8867459e7014a725794728d75793d |
| SHA256 | 2d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309 |
| SHA512 | d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98a58191c1bc5da45cf611b77b145045 |
| SHA1 | 1f987ee0f0338ff8d3f6da0fdd0d515601a47460 |
| SHA256 | 8c721a609338c20b2d1935981e80014f569b1414dc0c8b89822bcfb7ceb8797e |
| SHA512 | 75a9ab6bb953a1b3caea03d8aa6dc93e2124735f00dd1b1422794f21b9724899a87a9bbf159e8de9d4af7db3f4e1bd2555303bfd0dae721f929cc8901317f121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | fb0f419418ed26a58fd9dd608a81cddd |
| SHA1 | f6d27d93afda74f501cdcd0fde2a5dc2bcc8cbd9 |
| SHA256 | 5de65f769809be5d52d13cdf0a29c8eff8881d87077ac5bd3309f931171f8874 |
| SHA512 | aded2f099555d29c9cc4e0be4b6b3003aa89ebdb9d716e7fe34cde9e92a8b9467d7dbed2851d80c9a2b093a5f841f9c5746228159b87bcab57e968ef176c1e53 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d41a30c412fc01c6565930b431306974 |
| SHA1 | 96eeec464c2925d2c3ab1172094fe9b814276568 |
| SHA256 | b7062364ea1cc762603591b73cb52a00a5d8b31c1d462267e69ccf8c6972abc9 |
| SHA512 | b983b6497f226a6990cebe96154e71c69091427d16ea2d2de35a32f259817ed4a3e7ee60ab281aab2c806b609de12069677b0cb57a65e729a2b7560f6fe90183 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4595243ad9c1b95fb9df326ba4dc9e6 |
| SHA1 | b0c487de70006c88ef53af84e4fe042ddb4c5b5f |
| SHA256 | 71c859413b291a901c6232724cfd0f1f91895f3702dfa05fa76e341651abd13f |
| SHA512 | 04ffa0b9ed310bce71534d2488522a492931a3e4a7158f8f639618298ed843494638ac5090e30c89a5e11e2f990ffaf9e670eb35ba7d839762608dc7039c7aad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4aca3854e2b665bf592bc1d6150d3c9 |
| SHA1 | 9902230d9c7bcb33b8c904ad3759546d0ffa8be7 |
| SHA256 | 9c46a446202a090d64ad68db9833041740ce4d4da30e28beca7270cde7359ddc |
| SHA512 | b6a3790f8f7b3555dcced27d46370a834d1e8a3bced469f2d388728d193b7db1ae0c72446fa50836ec01d4b94320d335556ecd343d56f1e718a3588f94e05599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8ade2f3a82060e6d5b1e97b275213d86 |
| SHA1 | a13c13d850addf7c1c1d58c583255f77b40b7834 |
| SHA256 | fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d |
| SHA512 | 51d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0c54c7a7ee17fbc40b8d6107e85d616 |
| SHA1 | 5502f383657534b4bce9a5cc95609c1c2053e4aa |
| SHA256 | 41517a2a53e9c74cd73cafe53ca617170fc480ce34c82f97a12f8a7a24e30db7 |
| SHA512 | 704ddd57de229175b4518b0c4f1eeb11310e4e94b2271f274b9cdfeb059c6ddee02d84914c40def98a0799e21e91a0bc8c0b73ecd4ca0f39903853dfab920bbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 267786a9a148a5e741f87647431f7855 |
| SHA1 | 5a08ac09b0cfbcb8673213f87ced3ad5e5b47b1c |
| SHA256 | 99b359c70f0c92fb511c1d9c3a901c257bc601c1fbd516be7347a39981ebb2e0 |
| SHA512 | d3bb527086ff5a16d94d1740317b0309f08a2965bb25f911dcb9d7a93658b0b4159494c5e78356b57b9dd344a03fd4da46123d284cae1910f1ce787d583b962e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b597dc98301e117f9b80d27376d77d3 |
| SHA1 | 7607e13f20d64ad0b4e107656edca1c942743f3e |
| SHA256 | fe8856301e9bc484f4b477da7f2a60b5c54a5b97de5fe1b279cbe91b36ec8cd3 |
| SHA512 | e48fd2761292259f5b1fb6ffb8ce8da7b094e02cc414dbc97e5b598d8c80698e9fa0ee85ce1e4a5279ccde9099bc9a5c16ec609f4eaec3bbc01f722f34153213 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a22ac98703578dab4e089f7b2658181d |
| SHA1 | b9d19070e3240618f659fde83c5b05c97ac891dd |
| SHA256 | 9d8b38da47c2ef4da94c7bb3ba34317f2f5e57f73db0c140396d2b899c7b7e45 |
| SHA512 | 0b460999da4153be276491d1fdb4291be6e88c7c86ad074d5219dc7dfa9cbdf0f84299c2e7069c28a451a9a624682f84450acc2c69e47a78f04c3b4747863d3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58678f.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-25 12:15
Reported
2025-01-25 12:27
Platform
win11-20241023-en
Max time kernel
354s
Max time network
704s
Command Line
Signatures
Orcus
Orcus family
Orcus main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Indicator Removal: Clear Windows Event Logs
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-CloudStore%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
Loads dropped DLL
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\GameBarPresenceWriter.exe | N/A |
Network Share Discovery
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{D98770F4-9F98-4ADA-A30E-9C63170A44E9} | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{06CAA568-2A8D-4EB9-AF5E-281DF7C46957} | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_16.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-self2.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\icons\ic-search-gray.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\fonts\families\FredokaOne.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\DevConsole\Filter-filled.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VoiceChat\New\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_8.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\AvatarExperience\Profile_Picture_Group_Light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\LayeredClothingEditor\Add Icon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\R15Migrator\start-page-anim.mp4 | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Capture\ShutterPressed.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Slider\Less.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Help\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_nl.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\DeveloperStorybook\Folder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\backspace.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_7.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\MaterialGenerator\Materials\Ice.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\VR\Radial\SliceDisabled.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Controls\DefaultController\ButtonA.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\button_radio_innercircle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\image_keyframe_constant_selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\DeveloperFramework\checkbox_unchecked_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\GameSettings\DottedBorder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\AudioMusic.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\configs\DateTimeLocaleConfigs\pt-br.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioSharedUI\ready.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\category\ic-featured.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\graphic\Auth\DatePickerDivider.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\button_control_reverseplay.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AvatarEditorImages\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\CompositorDebugger\sequence.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Emotes\EmotesRadialIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\img_eventMarker_min.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_ko.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AvatarEditorImages\Catalog_LightTheme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_el.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\GameSettings\friendsIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\StudioToolbox\AssetPreview\rating_large.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\InGameMenu\BackgroundGlow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\VRStatus\error.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ControlsEmulator\Quest2_Dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\ui\Settings\Slider\BarRight.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\DeveloperFramework\MediaPlayerControls\pause_button.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_zh-CN.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\gr-send.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_am.dll | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\avatar\heads\headL.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\textures\AnimationEditor\FaceCaptureUI\Background.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_9.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_3x_3.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\content\fonts\families\Zekton.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\UZI (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\RulesEndpoint = "https://nexusrules.officeapps.live.com/nexus/rules?Application=officeclicktorun.exe&Version=16.0.12527.20470&ClientId={1AFC888A-91A0-4B6D-80BA-C3D20B0DF7C6}&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.12527.20470&" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe_queried = "1737807437" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe = "Sat, 25 Jan 2025 12:17:18 GMT" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 194063.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\UZI (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\UZI (1).exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ho103m3a.ehb.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\dwm.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/z30Ajx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffd3533cb8,0x7fffd3533cc8,0x7fffd3533cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Users\Admin\Downloads\UZI (1).exe
"C:\Users\Admin\Downloads\UZI (1).exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Users\Admin\AppData\Local\Temp\ho103m3a.ehb.exe
"C:\Users\Admin\AppData\Local\Temp\ho103m3a.ehb.exe"
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (1).exe" /tr "'C:\Users\Admin\Downloads\UZI (1).exe'" /sc onlogon /rl HIGHEST
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "MasonUZI (1).exe" /tr "'C:\Users\Admin\Downloads\UZI (1).exe'" /sc onlogon /rl HIGHEST
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6604 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f811455-8816-472e-ae55-b6389d0324fb} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5626f962-0444-4886-92a8-05a5037cc21c} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3168 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb193ee2-908f-4c19-885b-65a4f0fed8a4} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3892 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0cc84a-cfbb-40df-a2cc-0ec92f0806b9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4744 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b34789c-2da8-4d5a-84f2-9d3a40b58ea7} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 3 -isForBrowser -prefsHandle 5692 -prefMapHandle 5664 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22559d8d-9cfc-4f39-84f6-5124721fa822} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5828 -prefMapHandle 5832 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {001ded0c-e8ac-4be6-8942-a7628e7c3746} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {642b4286-443c-4cb2-8132-41cc32cb419d} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 6 -isForBrowser -prefsHandle 6292 -prefMapHandle 6288 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d1b706a-a1c3-43f0-a6fb-b38d3c2696d3} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -parentBuildID 20240401114208 -prefsHandle 1648 -prefMapHandle 3684 -prefsLen 32769 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f760ba2-afa6-4e16-bd88-00f4909067b1} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6628 -prefMapHandle 6632 -prefsLen 32769 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {793bf7c6-8daa-4bc2-84e8-483dae7608de} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7520 -childID 7 -isForBrowser -prefsHandle 7488 -prefMapHandle 7352 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1368 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f4fb80c-e8a9-4b76-83d9-a5d1680e11e9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDM5NEZGOUMtNUVBRS00NUIzLUE3NzItRjBFNUYyOTFENTlBfSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntERUJGMkI4OC1GNEYzLTRCOEQtQjAyMi1EODg1Q0Q5MzA1MTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxODc3MjA1NjkiIGluc3RhbGxfdGltZV9tcz0iNDQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{0394FF9C-5EAE-45B3-A772-F0E5F291D59A}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDM5NEZGOUMtNUVBRS00NUIzLUE3NzItRjBFNUYyOTFENTlBfSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMjBCMzE0Ni00MjlDLTRDMDEtQTM1MC0wQ0UxNzQwRDg5Mzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE5MjMxMDYzNCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0A775C63-9855-40CF-954C-F6DAFACE49AC}\MicrosoftEdge_X64_132.0.2957.127.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0A775C63-9855-40CF-954C-F6DAFACE49AC}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0A775C63-9855-40CF-954C-F6DAFACE49AC}\EDGEMITMP_8547B.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0A775C63-9855-40CF-954C-F6DAFACE49AC}\EDGEMITMP_8547B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0A775C63-9855-40CF-954C-F6DAFACE49AC}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5280" "660" "564" "664" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDM5NEZGOUMtNUVBRS00NUIzLUE3NzItRjBFNUYyOTFENTlBfSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNkQzMzJCRS02MjI1LTQ4QzYtQkMwQi03NTdCNEM1Mjk1Nzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjEyNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIwMjQ3MDQxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyMDI4NzA1NjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDEzODU2NjEzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yYjExOGEzMS1jY2JlLTRkNWYtYmE0Mi0zNzNhYzMzMzYxYWI_UDE9MTczODQxMjQ5NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1UaXptZWt1NUJ5UHhsbEFkaGFLY2dyaEk2YTBYNkpNTTJIRU9qRG5sWllrc29kJTJiS3Vkd2d1Y0NERWFCRzJzbEdhWDB5VU9yMzNwT3hTVFdKTkslMmI5blElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzcwNzgzNTIiIHRvdGFsPSIxNzcwNzgzNTIiIGRvd25sb2FkX3RpbWVfbXM9IjE0NDY2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODQxMzk3NjcwNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0MjgzMzY1MzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNiIgZXJyb3Jjb2RlPSIxMjQiIGV4dHJhY29kZTE9IjEzNDExMjg3MDkiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MDMyOTY1MTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI1NDgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMDcxIiBkb3dubG9hZGVkPSIxNzcwNzgzNTIiIHRvdGFsPSIxNzcwNzgzNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE3NDk0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5736" "1040" "936" "1036" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5472" "892" "1308" "960" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5524
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F58C2\RobloxStudioInstaller.exe
C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F58C2\RobloxStudioInstaller.exe
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Roblox\Versions\version-96b5c87ce0ce4dff\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUD441.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUD441.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBCMzlFNTktRUYzOC00MkIyLUExNzEtNjhCMzdENkEyQTQ3fSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxODE2RTU4MS0wRUZFLTQzMzctOUM5RS02QUQ0NTBCMzVGMzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwNzk1NjU0NTMiIGluc3RhbGxfdGltZV9tcz0iMTMxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F0B39E59-EF38-42B2-A171-68B37D6A2A47}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\MicrosoftEdge_X64_132.0.2957.127.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\EDGEMITMP_0CFF1.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\EDGEMITMP_0CFF1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5532" "560" "552" "564" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBCMzlFNTktRUYzOC00MkIyLUExNzEtNjhCMzdENkEyQTQ3fSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyQzEyRDZCOS0wQkNELTQxMDMtQUE2MC0zNUIwNDUzNjBDMzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjEyNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwOTAyMDUyODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA5MDI2NTMxMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDk5NzA1Mjk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAxMTM4NTUyNzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNiIgZXJyb3Jjb2RlPSIxMjQiIGV4dHJhY29kZTE9IjEzNDExMjg3MDkiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjkxODQ1MjkzIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTkzIiBkb3dubG9hZGVkPSIxNzcwNzgzNTIiIHRvdGFsPSIxNzcwNzgzNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjE3Nzk3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6332" "1048" "944" "1052" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6228" "1404" "1308" "1312" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Roblox\Versions\version-96b5c87ce0ce4dff\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-96b5c87ce0ce4dff\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
C:\Program Files (x86)\Roblox\Versions\version-96b5c87ce0ce4dff\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-96b5c87ce0ce4dff\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.657.0.6570603_20250125T122507Z_Studio_0DB01_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.657.0.6570603_20250125T122507Z_Studio_0DB01_last.log --attachment=attachment_log_0.657.0.6570603_20250125T122507Z_Studio_0DB01_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.657.0.6570603_20250125T122507Z_Studio_0DB01_csg3.log --attachment=attachment_log_0.657.0.6570603_20250125T122507Z_Studio_0DB01_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.657.0.6570603_20250125T122507Z_Studio_0DB01_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://uploads.backtrace.rbx.com/post --annotation=AppVersion=0.657.0.6570603 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=1d28aa569f2db35e2563d23a6b8c5e0e7c2292dd --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.657.0.6570603 --annotation=UniqueId=8697061507641543745 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.657.0.6570603 --annotation=host_arch=x86_64 --initial-client-data=0x40c,0x410,0x414,0x3e4,0x41c,0x7ff6139d5cf0,0x7ff6139d5d08,0x7ff6139d5d20
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4368.6884.17700514063221325928
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x14c,0x150,0x154,0x11c,0x1e8,0x7fffd3533cb8,0x7fffd3533cc8,0x7fffd3533cd8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004B8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1948 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2484 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1868,12077945339790938152,2154491339669390798,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 657, 0, 6570603" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4700412E-D27A-4568-9190-B10F481B7356}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4700412E-D27A-4568-9190-B10F481B7356}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{D29A6096-C5C0-4803-8493-8F6F37A8A5D6}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI5QTYwOTYtQzVDMC00ODAzLTg0OTMtOEY2RjM3QThBNUQ2fSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMEE2N0U3RS0wMjI0LTRDNjctQUI0My1FNTU1NUZBRDlGQ0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNTUxNDYzNTkyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNTUxNTA1ODkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTU2MTMzNTc4NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM4NDEyODMyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVlZJTJiUE5KaThGVkdvTyUyYm1TTk85NG5aVXVDZ2RrJTJieVNEa0pKdkhiSFU2WnhER0x6TFhBOXlEa3NZQkViMjEzd0EwdTBKc05SaCUyYjlIaFl0MFlIam1uVHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NTM4NjM4NSIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1NjEzNTU4NDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM4NDEyODMyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVlZJTJiUE5KaThGVkdvTyUyYm1TTk85NG5aVXVDZ2RrJTJieVNEa0pKdkhiSFU2WnhER0x6TFhBOXlEa3NZQkViMjEzd0EwdTBKc05SaCUyYjlIaFl0MFlIam1uVHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iLTEiIGRvd25sb2FkX3RpbWVfbXM9IjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1NjEzNjU4OTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9Indpbmh0dHAiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM4NDEyODMyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVlZJTJiUE5KaThGVkdvTyUyYm1TTk85NG5aVXVDZ2RrJTJieVNEa0pKdkhiSFU2WnhER0x6TFhBOXlEa3NZQkViMjEzd0EwdTBKc05SaCUyYjlIaFl0MFlIam1uVHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIxOTkuMjMyLjIxMC4xNzIiIGNkbl9jaWQ9IjMiIGNkbl9jY2M9IkdCIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSJISVQiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1NDM0NCIgdG90YWw9IjE2NTQzNDQiIGRvd25sb2FkX3RpbWVfbXM9Ijg1MSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTU2MTM4NTgyNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTU2NjY2NjAwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODIyODA5NDc5MzM4MzAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgYXA9Ii1mdWxsIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzgyMjgxNTE0Mjg1MTExMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7OTY1NEJGNzUtQzZBMC00RkFGLTg1NEQtQkEzRjJBNTdFMEMzfSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Temp\EU1B14.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU1B14.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{D29A6096-C5C0-4803-8493-8F6F37A8A5D6}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI5QTYwOTYtQzVDMC00ODAzLTg0OTMtOEY2RjM3QThBNUQ2fSIgdXNlcmlkPSJ7QkE3OThCNUItQ0M1Qi00QkUxLUE0OTQtQThGMTMyNUYxNkNCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7N0IzMEE2NDMtRTgzNS00NTk5LUJCODAtMDA1MkIxRjgzNkIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuNDMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzc4MDc2OTQiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNTkxMjU1OTk0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15857360886640473721,10197830704105120465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.91.7.6:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 88.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.173.78.104.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| FR | 31.14.70.247:443 | cold4.gofile.io | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| N/A | 127.0.0.1:50252 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:50259 | tcp | |
| FR | 128.116.13.3:80 | cdg2-128-116-13-3.roblox.com | tcp |
| FR | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 18.172.153.59:443 | d3smszjb1gn4q5.cloudfront.net | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 216.137.44.23:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 18.244.140.25:443 | arkoselabs.roblox.com | tcp |
| GB | 18.244.140.25:443 | arkoselabs.roblox.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.179.238:443 | redirector.gvt1.com | tcp |
| GB | 142.250.179.238:443 | redirector.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4---sn-5hne6n6e.gvt1.com | tcp |
| NL | 172.217.132.233:443 | r4---sn-5hne6n6e.gvt1.com | udp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 2.16.11.128:443 | images.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| FR | 2.16.11.82:443 | a1992.w27.akamai.net | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| FR | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.56.3:443 | iad2-128-116-56-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| IT | 173.222.107.92:443 | a1831.dscd.akamai.net | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| FR | 2.16.11.82:443 | a1992.w27.akamai.net | tcp |
| FR | 2.16.11.128:443 | images.rbxcdn.com | tcp |
| IT | 173.222.107.92:443 | a1831.dscd.akamai.net | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 151.101.129.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| GB | 108.156.46.119:443 | d2yzw3aiudktwi.cloudfront.net | tcp |
| GB | 88.221.134.51:443 | sc0ak.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| GB | 88.221.134.58:443 | sc0ak.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| FR | 2.16.11.128:443 | images.rbxcdn.com | tcp |
| IT | 173.222.107.92:443 | a1831.dscd.akamai.net | tcp |
| GB | 88.221.134.122:443 | setup.rbxcdn.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| GB | 88.221.134.122:443 | setup.rbxcdn.com | tcp |
| GB | 88.221.134.122:443 | setup.rbxcdn.com | tcp |
| GB | 88.221.134.122:443 | setup.rbxcdn.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 88.221.134.73:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 88.221.134.73:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| N/A | 127.0.0.1:53084 | tcp | |
| N/A | 127.0.0.1:53091 | tcp | |
| N/A | 127.0.0.1:53107 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 88.221.134.3:443 | tcp | |
| US | 20.42.73.24:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| GB | 88.221.135.27:443 | r.bing.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| GB | 13.224.245.62:443 | setup.rbxcdn.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| US | 52.252.28.242:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 108.138.217.124:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 2.18.190.81:443 | a1993.g.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 3.166.49.7:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 88.221.135.219:443 | a2047.dscw27.akamai.net | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.51:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 18.172.153.56:443 | d3smszjb1gn4q5.cloudfront.net | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 204.79.197.239:443 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 195.88.218.126:10134 | tcp | |
| NL | 195.88.218.126:10134 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bed1eca5620a49f52232fd55246d09a |
| SHA1 | e429d9d401099a1917a6fb31ab2cf65fcee22030 |
| SHA256 | 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e |
| SHA512 | afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8 |
\??\pipe\LOCAL\crashpad_4684_XYRAUGNSEGQPGTQC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5431d6602455a6db6e087223dd47f600 |
| SHA1 | 27255756dfecd4e0afe4f1185e7708a3d07dea6e |
| SHA256 | 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763 |
| SHA512 | 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3f949eb077f66e50d3e3e291c03c24a |
| SHA1 | 8f1467f899877badc0dbaa6ef18c8504826516d4 |
| SHA256 | 1d342da978bfb44985eeb505d3156ec64e05d765465bbcde1d26ad6723ec3bfb |
| SHA512 | 296542c8776b6b9337dc2ee05219bcbe6acebf48d478c63e9de4eb7f9fd51a156f5d0437a2a769813e7152656662d3291110195f15aa7857240a5876504f229c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc04ced9032b279ee174150600a98f5a |
| SHA1 | 46636dce5fe63c78ca8aa9ca43aaa784f5c3ead9 |
| SHA256 | f59ece09d8cec4b2d4ee2dcf88d6050a3a349461cdc873733d2f127a120b419c |
| SHA512 | e00a9d5554837a6ff1deae0486ecdae33e73f1346e8c000468065f7fb333940adcbe26db5d5d3b084f3123ccd7bec42ae5f6a0ebbbf550acb7cb6913c73b4141 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2b35ba5a97c6790d07e5f2354cbbb64 |
| SHA1 | b60841987a614a3198d3fd9a36a4e591ddf21894 |
| SHA256 | ad232546a26ee24f91eb5f67e51e12a4b0a6b7536f579460a758468336c066ac |
| SHA512 | 3aba216e2e19aaae7245f220d128879fead25b997f2cd2f18d0241741a657d52196e860da7f44a4db1d82baef4f242f203db27ea6f8a5cbf870a8e3e2e9a89b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d1c3bacdf84c219a8c98e8fd4a63ff16 |
| SHA1 | 8a17b2048f96fc109e9ad9d55d93d3e65a460de7 |
| SHA256 | e2b58ca2058ead77055a694766a26e4f7faef2e9274941daa5801caa2917eea8 |
| SHA512 | e5d919c63c8de256f813aaba6e7bef3d0e38b046392f0dc9fdcd617b97790ed801920c3b0759c63d4c7710a371a924d6e0a449e9dc611f5bf219bc7d1d59a30d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 53438f13efec4841b7182bdcebc4410b |
| SHA1 | 9483c1614dbf6e133c92a1d355a017eff4eeed2b |
| SHA256 | 6e5aa4eae614ca049a1b2c8b803e6610b2b176a8e009ddad8df221c5899bb0ac |
| SHA512 | 363eb26746cc536a351f176d17205305ac84c18f151d608eb3f6543bed9db9e6d6104b90babde74d780873ef092bb2628493b5486f4521d0f9e8d26b5b33de8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 733690e1666b67a2e70b572e340355e5 |
| SHA1 | 74d46be59bc591773bcc02393f1b17edaba80508 |
| SHA256 | 49eef6cc6ace39be7585cbd05f419fcc78e951e64997ac07f837a9aaa8cfccba |
| SHA512 | ea5e6fa58e49d9522a08ac4f6fdb8bcc59a642b640c1b6c51f730b57f023db63cc757be9c0295a137590870ceb0c6ff2d1e97071d760ed3055777ab7237d8c58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35feb1845367a7c553031e5ac4a9760d |
| SHA1 | e657c7ed9b34255adb51e19ad767cc0f64beb0b1 |
| SHA256 | f42e9c6744730c456d81e7ea51a67f2b7e79001cefb937161355a9516b465785 |
| SHA512 | eeede70c37c170730d8d5431c0f2dc9590df7f207fb248314bf71fa09a137c3dd54e27bdb10530ba420fad38d4fe05031960f640546ff3f1862c841f71fed304 |
C:\Users\Admin\Downloads\UZI (1).exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
memory/4776-165-0x00000221BA770000-0x00000221BA88A000-memory.dmp
memory/4776-166-0x00000221BACB0000-0x00000221BACDC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ho103m3a.ehb.exe
| MD5 | 94f1ab3a068f83b32639579ec9c5d025 |
| SHA1 | 38f3d5bc5de46feb8de093d11329766b8e2054ae |
| SHA256 | 879cc20b41635709bb304e315aaa5ca4708b480a1bfc2f4935fcf2215188efb0 |
| SHA512 | 44d5236a804d63302b21ca25ebc148a64605508d03c990a244c44ceb8630849da0510b7b2d0bee72e01ca6681e2d86d7e6aee8847674a26f0028d149b9abee0c |
memory/4884-176-0x00007FFFE0A70000-0x00007FFFE0B2D000-memory.dmp
memory/4884-175-0x00007FFFE22C0000-0x00007FFFE24C9000-memory.dmp
memory/620-179-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/404-188-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/968-191-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1040-207-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1288-223-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1468-238-0x000001E972390000-0x000001E9723BB000-memory.dmp
memory/1420-236-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1420-235-0x000001F710630000-0x000001F71065B000-memory.dmp
memory/1412-233-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1412-232-0x00000272D8290000-0x00000272D82BB000-memory.dmp
memory/1288-222-0x000001F56C170000-0x000001F56C19B000-memory.dmp
memory/1252-219-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1252-218-0x000002CC38400000-0x000002CC3842B000-memory.dmp
memory/1192-216-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1192-215-0x0000022001EB0000-0x0000022001EDB000-memory.dmp
memory/1180-213-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1180-212-0x0000021C30760000-0x0000021C3078B000-memory.dmp
memory/1048-210-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/1048-209-0x00000287964C0000-0x00000287964EB000-memory.dmp
memory/1040-206-0x000001BB96860000-0x000001BB9688B000-memory.dmp
memory/616-204-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/616-203-0x0000022C7C660000-0x0000022C7C68B000-memory.dmp
memory/452-195-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/452-194-0x000001E87EA90000-0x000001E87EABB000-memory.dmp
memory/968-190-0x000001E59C570000-0x000001E59C59B000-memory.dmp
memory/404-187-0x00000219C2330000-0x00000219C235B000-memory.dmp
memory/680-184-0x00007FFFA2350000-0x00007FFFA2360000-memory.dmp
memory/620-178-0x000001F15B0F0000-0x000001F15B11B000-memory.dmp
memory/620-177-0x000001F15B0C0000-0x000001F15B0E5000-memory.dmp
memory/680-183-0x0000013B0EE30000-0x0000013B0EE5B000-memory.dmp
memory/4776-441-0x00000221D5150000-0x00000221D5238000-memory.dmp
memory/4776-445-0x00000221D5240000-0x00000221D529C000-memory.dmp
memory/4776-446-0x00000221D50D0000-0x00000221D50DE000-memory.dmp
memory/4776-448-0x00000221D52C0000-0x00000221D52D8000-memory.dmp
memory/4776-447-0x00000221D52B0000-0x00000221D52C2000-memory.dmp
memory/4776-449-0x00000221D52A0000-0x00000221D52B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58ef6327957dbac952b05ddf45c581b2 |
| SHA1 | 093367fb42c42613722aff8d4d4c20e1c40a7090 |
| SHA256 | df6a32d9fb6c04101de6f0ddc1e85e6df01918398287ea091fe1b311781cac36 |
| SHA512 | bc62669e888271d4bf2e051beee9534f363a55e4b3e79a4eb5aca5d30c7a65a1cece3866704c043c325b761043c760234ac2af6a5749fbb0a7f88f3a2f807845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3500f2fbfa6a157727f0efb1c36e4d9d |
| SHA1 | 99547bef946dd6710f8ab3ba48a3e72e8f5ab35a |
| SHA256 | b165b0acc3272c58d3eb4e1389d12ec949044a1c712821b3c237ec5e109fca1f |
| SHA512 | f8220508f8017248c9c64c9c6f191f9cdedfdc6108088aa2c1e618be47a2c0687d0bf222cc819897a8e27117682b6e5ba98ad7737278da6ba1d7646a40b1dd9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\9d9289f7-2eee-48eb-b487-48a0898260fe
| MD5 | c103219ea3469a40602bc108eb7d4c7b |
| SHA1 | 689743b357ce64c38b00015c4f78697794553c9a |
| SHA256 | 3541416146ede8daed1710850e32170f1e178aa3eacd43506a918d2685ff323d |
| SHA512 | 3bf903640eeb68c1da56b6f41ebf6e2de5bc77b92a8badaa12c6c648fbe96ebd54f27fe9fcf588fd1c9b2487887256faf80454d76b7336eaebfcdf8619fc3d66 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\89fcdc79-1a8f-49d2-a3a9-fae97b1f7433
| MD5 | ce1a429011fc575036884acc6e7ea65f |
| SHA1 | 86b5468f67e9374161b67be1e54ca30a538ef9a6 |
| SHA256 | d2d94e901de1df51720b02407a348d8e9ce77e4fdbbf38a3f185e847fbc8d65c |
| SHA512 | 8ce24781f64a81f747b21129ea64e6e2276668e67abb571e0f8bbc516ee561a4fa3b5f20875b9c6cad15043da8a3fb9e69c7a7145ac26277b813ae8d97883129 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\5f23c01e-08a6-4653-ac61-566c80c4161f
| MD5 | 52400f54a2bdb602a79186ea4cee1c02 |
| SHA1 | 8334caa463aed330094aad97152b9bc68202ce58 |
| SHA256 | dfab8c8c163873212c6b4b9fb06093617c4cbc625209fcecbbb9855373793472 |
| SHA512 | 8680df4babc918a4a53b2f1f6d250e1dbae4e8a1569621b7c957d97e7bc1a7dec21e795d688efe54f1c1d7bc1863c20824e01e9448238865261b10c3a9fcab55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8f4da67da408024363ac65a9bc5c0d47 |
| SHA1 | aa4f99c63b6bf92184ac94e00397ce761f76d12b |
| SHA256 | 1adaae9ca405e5191406058868723c82a7bcf3b9b15b4c7b49388dd4a58092d2 |
| SHA512 | 7aa8676890651028f5aa3fa9ddbdaf0eba66d942310475c83eabb1d692cbc9f9996f12507c29757dc843fad7c242a968f51388cfc04b5e4977748d87c38c4f4f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json
| MD5 | e505f0e3280d1cb109b2438dbc3100e2 |
| SHA1 | 74b57d12ea41ea9a92f67dedaf1ae21039e35bc7 |
| SHA256 | 2bb0c293362f4f6f5bb5b542bed9f5fbcffec9a74f3c266a80e859601524e43f |
| SHA512 | 322fd5bb0fda4152c80bee1663d6916ff8d8bbbd4c6e0283fd3174aedcc8846edf4141b2b0901c40622b952affefb4d2c50da916d91ed92e3b85a0e9a5c134a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
| MD5 | 84e2be256f6e6a94cafdf99973893338 |
| SHA1 | a25da1ab534a285b95b47429d2c26b495d2a461f |
| SHA256 | c1982ee415b9ef35a5a673fafd2da46749011d1ff625d59e94ad737d0fd1f716 |
| SHA512 | d50658cf9b916225d716a390891eecceaac75826e8e18da2e977933337f7db6869521e36641b30086c4422751fa6234bada6e3eac4cca76623543a5f69da59ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js
| MD5 | 2bc449be6658091db1347a9f777493da |
| SHA1 | 7cda54bb0cb87a7f4cc533616bf3d134eca0fc22 |
| SHA256 | 4b5f8fd89cb73031e09d34c49efe3e9e129d19e61c6fc7332b38b443ea7fff90 |
| SHA512 | 2f139a5a86908ae55b4053fe14beba56488811d6833579fa9ecab63e1234a8d60b197e258654f89367ee6423d2d8493ad9a922070cc8cb68d060191f89e24d68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 8d74f97917b6472cffb625fd5a68d350 |
| SHA1 | 67ebe9ceb974dc2ddd7071294e7286f5ca3ecc7b |
| SHA256 | 573f8417a67a67898ccfc4ef1375fb54bd17740b2a1fefc20097b5299eb3e6d3 |
| SHA512 | 25827126c2a14e1f7da79b0c3d8a41e0bad28fd67df395d8c010e9d834aa31e64f4f5a2a87126df805b067129d576a0cf4eb87d0c6c6d19969604b84e9d298ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 1cd529feb036e91c26238e812f5ffb93 |
| SHA1 | 1b9e5ded9b9be973972c91cebcb615267f5026f5 |
| SHA256 | b42a6e6ac2ebb0cecb2a668dd3d0b77dcb780d1097cd15a0336fc334cd15c22b |
| SHA512 | b706ac9f7340616f363692f620b00dcc3f1800d7e684afc78be36ce6d5ff46140ba72e5525c67768f6ffedd8cff6fd4c4e66063f70d3f84f0c4f3fd612f93b40 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
| MD5 | 45919a85cfbf1fada8637d17ff86eb82 |
| SHA1 | 069539bdd074d3c569e3325c50ebffc37b2cd2de |
| SHA256 | 4a5c9a25c7f35c5d82dc2ae4b6634223c32f6c2ad4ebf46209c2978c3a80c593 |
| SHA512 | 5f2e26eaf18eea5a1faf569f1b2c42c9373a6d054144b2a83b086a9e9eaa6cc5194ae948ed9163d8e19ab76b15f429b398797fd5816fa33536bb89876966fb4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite
| MD5 | bfc4819d5ca7b51c1dcd02e934109fe2 |
| SHA1 | 0ee296527d368bb77167ec071765a682e36f502c |
| SHA256 | 61fda22af4b0dbabeb567a417df36d8fa70a0ef2b9bc10b1e3e7d5549cec5bf7 |
| SHA512 | f69499a71d66bb0d105b691c0bb62711427507e2cb319d679cfee5aa3f4cb9d4ca9a62234c882e4c34b24ffd60d207a45694132ccb976416c64841457c206c47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c5699e53493784b5503328ae1d790737 |
| SHA1 | 83ef79fb4a3cc1b77249df198a95ec0f95bd4389 |
| SHA256 | b4f4c04ec465c09a54d8d927e1bfe4d58e22c6f52e99a2409d360311ddf8e011 |
| SHA512 | 9ec024571128fb1607153e572f9621355fb3233f8e7cbd5488c9d509d603cbc8b34469efd14648b96d4d0f212d720fa356cbb9a6063987fbb9fada26ce329e84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 74b808ab1f86fe4d854ab87c34449450 |
| SHA1 | 0f0166643f9b0ea1c500877426a2131dcc2c6255 |
| SHA256 | 1ff84660916790f2e0a876802f43fa12b603f1f5885ce071f53e5a56617fc33d |
| SHA512 | fe2187706d3861c1379016d3c1051888da9a9aede93e8333e630a3b5ad6ed287cd16b69a1dfa729305d7e650045ea693fbe08ff756e25495be0f5e44747f2e08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
| MD5 | 5581f30e0a8fb75b763ff8c226eff22b |
| SHA1 | 5365886ce2149a699b1fb5c2a8e100e3d6e8bfe7 |
| SHA256 | dafbaee83e8393802c0ececc9679481b76c48a71e925375dcd08564c1ae9c71f |
| SHA512 | ba9251e3b43c4ea26758e3af19f6a5df678be4dad74c9a86e68a9030dcd978bda6b3e6ed6b7572a34013a488e75a6a22d34fa973ef7ed90f2309f9d59642e454 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
| MD5 | 003034d0d588e0fc211fc8a56d147c92 |
| SHA1 | efb74f56e6f1ea452734111cdaf863d3fa298aca |
| SHA256 | f80e2e69931c2646f66dc7cf93e68f632fb819b8b9d092fd29fd03357caa651f |
| SHA512 | 2df7c0c5ae78af48c3f52db4ffdfb45f54298363da02396178c6be666a474d1156a6187601a092de47219119b7348624bd6bdeaf8e6607b94bac58e1feb06861 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 880a22e9d15c38e4ace082f6dd168b9b |
| SHA1 | 15f548999b42d8480a42f787f7190950fa51b631 |
| SHA256 | dec3c56d3a95b80a993921df44c3f963bbced23425d7c5fe4620ad9adcc88c31 |
| SHA512 | 138eb14db3c7eb0984504f2818bfe06312c2c015be65f38155c57f371c1a524172a783b3561ce65a79a517c3325f8e6c82b3b381dac06db4163acf94c7ed48f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b763350fd9393d29aacdce46c2393c74 |
| SHA1 | 2ae74b9cef98eeae14ad66aa362859462f7ef23e |
| SHA256 | 442c1429974d12acf2188707522f271fd7a58046be711649aed5729469fd9a00 |
| SHA512 | a1525f98c86606212879a46d02cea5508b0aa1d18a03586c9d535d33d14155bd592eed7854cbf59a2d12d25dccd34472368c5317aa9d2755b0c3b8937e0055c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\SiteSecurityServiceState.bin
| MD5 | 94d4ed9c3ae9690838ea07a992e34bd3 |
| SHA1 | bb2bc0ab41485787bdc338f091d4a9f45e8a608d |
| SHA256 | 005631807ff8c09a85dcbfddcfdb3f229540de47a191ac933c81b5271023cd05 |
| SHA512 | fad29946a2cc2ec39fbced6560dbb6db0dbf51c2b07ed6b99024d904e30b1b6deb1f79515b8129b1d0874c6345b77e227a4ee6603a2128746a77f780be485d93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 56c691aa3ca324280367e7bc0f2c07f0 |
| SHA1 | ec3448533030e38db19fb15950051fbf1e5ac236 |
| SHA256 | 0222d1f00f8da50240ee411c1e9a039d126893964bc821b8e31c35cc3d30cc10 |
| SHA512 | 3ede08db9e2355aecb332474463b105958c5d53b896fb86590585d776e009157684fa36dc84ad9957911898604d89d4dbd3dafa72c1617b314c5c41495db710a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\4E33C2090819C3120498C4900B491A4CC55EBCEE
| MD5 | 11eb90442ca40aacab4ba4e86e581b2a |
| SHA1 | 425456328215e8214572ec5a445b6481c74a44ec |
| SHA256 | 956aa0937ea2502f09b11e192023d38480fef86c4218191bb5a0d26d6e19f940 |
| SHA512 | 2f874cec8d8e67c81169170a6b5f891fa707c64302fa96849bd9533500a709833c4a206ec9f4fb8aee7350ab25e73bf907bef6f7893a0fdef4db4ae1bc73a484 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565
| MD5 | 69cf0eef528ea772d0185905fb434718 |
| SHA1 | ba5ca63cacb538b7ff4934c6bad06aea4c122429 |
| SHA256 | 18406142d54ca8d32f35f821372be671afc488abba55c4fe759ad4a81590dd89 |
| SHA512 | 9927dc7cd31a6c5aa9885a4b2706382413ba098c5eb0ba263e3066e2cbd989b620f2901df1f6ae4972e2f7f4f0522ccebc169bc2ca5e41c67cc602134826a546 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257
| MD5 | fc3db5f4722a1d02c55b72b789325892 |
| SHA1 | 33f83ae4e96a2884a25b3f871dc4263c0e750f6d |
| SHA256 | 5216efc413505c3d7a89f24d8f4d286abe3f94fe45a70f5e478cdaf71968659c |
| SHA512 | 0c420a867501a8aa6ef8ed7fa561d4b4081c9fb7eb3e0e4400b018934e38135a2b83d792c65387cb99de2966c142e90ae01c18459a322af878515e0aed3a1b6c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\82375CF56E0D4515887EDD60189AF006FFC87257
| MD5 | 326f98e1660ca42a69bc7fe5d722a5dc |
| SHA1 | a82ade337be9c5935f8e52fded857a00bd08e2c0 |
| SHA256 | 5eda27e2e066bca8265fccff5c8383ee098bfc751880d4bde19f1a34b2882e15 |
| SHA512 | a662462be892e2b419d074168f59c8e9824163475ab805d3a5a7ebf85207240439771680359d682cf04fa011dde55779866c64fbd7dec057d729802fc26a27f4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F3CAA836DF9244F44521C9C538B2099C9F5A9015
| MD5 | 4769900f9c26ef651039c99466f50855 |
| SHA1 | e4a1ef0051ec0b6bc3aa1c88e2e7f315f3eba5a5 |
| SHA256 | 2cc46e3f577c690ad01e4dc768c21b38a5a5dc119ebe2cbe984eb684c19376b8 |
| SHA512 | e4e785b2189cabf32122a3a028881ab888f2dcb0e417d5261552d3b42971c0a1f7407da0621ff3f9d9082b893eef46ad49143b11352b812f539eaa1fc657d301 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\FD1D34ED88A1C3B90606730F530C7F9BE0FB0E35
| MD5 | 87c341859814fa3bbd86bfe37663f80c |
| SHA1 | b59fecae18e25bb24e52c548968eb095e9b9cf2d |
| SHA256 | ec31fec65b5e367c18fbb7f52685966d63acfd36a639def448c86f49b3bcdfb3 |
| SHA512 | 394ae45fc248002a048bc1e06774b9054c6d3c3be372aeb164574d277fc434a3c713d08df0febdc18cdbce597ac139f21f0d79008606009edb7dc45564e229c2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\0BE02E8089184F14CC2B82EE72113990ED1D079E
| MD5 | 26af77891e74502fb8f8eca99b777d67 |
| SHA1 | 51a6506de1f24010603bfef65089cf28c215f3ce |
| SHA256 | 14cd462adc65354cabfa28c6b87fa17626b03aad6c7ecc440eb43673b561a5fb |
| SHA512 | 9b904ba47cb16b455228f0e5ceae325783d84983b86cdbccaad4cf8e620a5d822d58340b6af5d80830adf4d401e3746a3bee379cd210f2d21291bd4991362bb2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608
| MD5 | 1803b82d380105b671cacf82820b8581 |
| SHA1 | 55be0dec678253f3b53d431c0e75c62ef76b6414 |
| SHA256 | 3a8dc43536baf324dc2932565f8843c23e284ec535170fee75d6460cca821198 |
| SHA512 | 0b68a3bf41ad1f209e499444d3be3d50f855008660a1120a9b7a80cc3a1a8c2f5da9e010bddcd0c2ca8b3bd4875d69211c3cb045e1e06faed961015d3bab1cf9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\C68D52241DF17C05E063A681668CB14188760D95
| MD5 | f1a1bf48cee476736629cd68d6b56358 |
| SHA1 | fbf43148ab40003567f900068562b558d5df97f9 |
| SHA256 | 30491548f4307ae38051feb5c07d7efb8a76410d6748509de23e9c7bf5edd983 |
| SHA512 | 61a47ae1124a217964ed19a58bd82fcad6eefe347fd3bed7fb3ac92713c5f166c19ab123ab0d103a80b712716768af882598d7f65acd1e3bde97824f02494bfd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\23D7ACAEBFC24DBA9041C805C4C89DF006351EFB
| MD5 | 9868c8bedbae2ccfaf5601889a7c9038 |
| SHA1 | 1466f44b078bee21dc176e9a2ce8940941688aab |
| SHA256 | 3ea806a49e0dd05b42cd5ceaa5731e69165a9b0c2ea67f710b80c6734e8e15b0 |
| SHA512 | 497adabe53f84f5f9dd635f8e18e536aee6746d15c406ee1c2fe2ed2197dd9fa0ca10e576b7bcf904363800ca3d0cb47e8e2659477bac23649824317dc5f9aa3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\357EE03C3DE8F75A63C2014036B2431C1AC8CDB1
| MD5 | 94efa5686c3c104e7cfd4997d72ff412 |
| SHA1 | ca4d7297275aadb7e13fa6bbf2680bb118bdbe6e |
| SHA256 | 0d0b07fecfe3bc85d309c3657da7337bde04f16bffd8f0ffcf34c81c6a9a2bc2 |
| SHA512 | 16cd72006e0537ba9e987a0aae1bdebf372eb09ad5e9fe67cd7dda15feb9c7ff1258fd85dae65a02e1f9a13ea433dceea7f7eb032ecd126c49f01599e134a153 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\EE6A237FE39E617B88D90FA572EE13DF5538B21B
| MD5 | 899d4063aa16e1693e5a89ed8868e59c |
| SHA1 | 7a8d6a94b5b5673911e06eb71dcb35e53ea50f70 |
| SHA256 | e0d4f3939dcffa6cc1c6d9a349278757cfe50ad72c6a5d8ac5b51d7b444d3ff9 |
| SHA512 | 99cb06a0d32064c35e9dff357ac83cd36c7cb8782115a0c0c5e949e203ac2397f5cb334826cf085a7bcce7f40fd34b622f62e424280bb8b454b4080c8b41135d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\BD78485C28EFDBA59DF992B8A5CDC34D177325C3
| MD5 | 8f361699efbafbdbddc0bd39a905e9ae |
| SHA1 | 45edfafecdf1d28fec525064db52269239169b79 |
| SHA256 | 1f92e0e7e8f2e9ff2a7f208b51a5a29f6109746412a877a871e82d104d61dcf2 |
| SHA512 | b1fa5f388404826b86fc54558b7dda91adceb06f8bfe1b99081d8f36c8428d36695cdbfb85726aac36f0beea5b100f048603f449668f428840101cbed86bb1a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F430A59B10E951FD3D750F57D5D290E363216E7D
| MD5 | d0126393980c9fab00df31e170027ef0 |
| SHA1 | d4f03c6bcb528eec482e53138d929bf02ca938cf |
| SHA256 | 503cf75457214a285e9df8777c2ad7e9761edde4d81d326b869b85551f4b9250 |
| SHA512 | 3bc6ee572ca1f1048f8cc5d4681a2201563acf3e51e5e0e46463a366cd9d2e1641a70a340d47d64686650e2b0cf13a4109c9ae309fb3a09fb245276b960aa792 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E
| MD5 | 064ee03f275a1359e2a689b5d9904576 |
| SHA1 | f8b75b592fd954f24997a591e62ef92c91f1b396 |
| SHA256 | 9284bb18b3e9727bfa81b0b48df7dc47610b49d25cdc92bccf1bd40783c09214 |
| SHA512 | c9110937ec6df36c5b12d903088615648058780de9e5723fc8aa5a71dac50fa7c4be7cebad7bd50a3c15d12c862d588419441338383f5b4856dbceff46b3d16e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\0E9AA1FFDAF41AAB4553ECDB60898197535689B4
| MD5 | f53358e8b36146c3ac1bacb5eabe57b5 |
| SHA1 | 8f18b32abb93a1eeba936215d5d1cdd0e8b3fa47 |
| SHA256 | c21c277234f1844d75a0c7cb09c5e7ef0b46370943dace666908cfafb47f5ed1 |
| SHA512 | 4379e505a242bf06cdd3fd38fc91f48ede7aeb99fc4447b5474957ac750c9a053d338c81ff214927f8cf6576adcb305a4811d54aa482a46ce3df0a09c05079d7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9
| MD5 | d4a125b37f66251a0b1d33f06f969dab |
| SHA1 | 299532baf50f3c5adf31e64a19786c870cefd0a5 |
| SHA256 | c42c8bde6c6e33f8dfb91a701482f7d12dfe084bc5b104996c72c694cfb3bea5 |
| SHA512 | e5815b4e4b00c615c97c06419c3bc0ad53c907a0b5376b883c6bbdd0ce385aee1e6ed23131262e3a564b3cf40f0b1224102862e942e6ab2efa3c1e32837ff56e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82
| MD5 | 225cbe41d145756f4a053f404eab36b5 |
| SHA1 | 49740d370a4d323e44a56b6b596761d6cc850401 |
| SHA256 | 0dbab9c7efa11552a1dc24b8f1b64d3e873aeae5219daf63bf54888950bdfac4 |
| SHA512 | d6acc0576fa809434076167ce83cb5ebb6f60be9bcbb9859cd3a84c630d1cc773f0e18e47e890f079b2cddc22fa751011e4c2269490c9ac989c5be83cdb703d9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\B2321E3F9DF86CA98AFA3C0508B0DB4289FBCFC6
| MD5 | 5e43c4d70fb37f5c2fd9d027a7b3624b |
| SHA1 | 5984c0086e8ab8f980f6f630fc0a318169448c87 |
| SHA256 | 05a13dc70909f6ce9bd1849573deb4bac75f8df2eaf28beaa58c7e3d6d9d9658 |
| SHA512 | 011cb2748a915a58726a458852b37bd9221b50b11ef00f1784cb7f0948717038fe4625f7fa606a22cea6d9e68e3b05db15e2cc6b986627f2af4dca06c4a05078 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F92E7D1CFA8C9E7BA6B8B6333715A43C4D60C42C
| MD5 | 68040086a8cf718ab413d5dbbb0ef757 |
| SHA1 | 8c699321e4fcf9dcd9519c762ee26f120b526919 |
| SHA256 | 40e625ab3c1d237e9376d84a78c4f06aa6fe396f54ee3b58aed77db0340746fe |
| SHA512 | 06481db3070536794da0938b12aa9aecd3b17f7f325cad522a8729914be169332176b7aed47387879ac5c8b56cba7abd8cc1442f990ab0a2a409dad8d50fa399 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\FF7BDC95D9D2E2DCFB31F46479BA0372533C2FB0
| MD5 | 4f00e0674d8a291f38c9d9193309017e |
| SHA1 | 3a164dd08e0900cf4958650b2fe3c93942b90c7d |
| SHA256 | 33e0c9b240d6f15d2e4b9ddc78def39cafba9f86025e849c4c44a9df6c2bfffe |
| SHA512 | 156544aa2a983ca173dade5f210f7fe917ddffb5652340b067f6657c76d9d6022490868b587e1eb161c9e6eb106ee1fdf53922b3f300a7379cea40dc72d132c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B
| MD5 | ff38f9ffd436228a8d2dff95af2a09f9 |
| SHA1 | a4b1f1680469ecf7f7b9d0589182ef36300fc5ce |
| SHA256 | 5021acdb9ab3460b68582b506c0f6475f253f7f0a771f12835d85937e7d99c65 |
| SHA512 | 9b33d3b41976fb6a2873ff54a45b50d426fe96a44eaa88bf25698780f32b158c096d82e43420472e1fc7ed59b8581552d72825f9d74bf002a1a7652609fed4f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\7D2EC7327A9ADA22C9789720F397B4A592649EFE
| MD5 | 3145a7dda48e23485d139678207ddc15 |
| SHA1 | 48dc0128cab1c3555ffaf51e5c2ba28042c04ccc |
| SHA256 | 2cbc1c18299d750297c7cda789a1a0cd2980ac77106ab429df1eecac2b575b5f |
| SHA512 | 12dcf92ceb00a7931b429ca812ecbb1c8376442de0e2e782617c89db4abe1badd2acef4858ef518d1bb267b81ff337ee8df97e1aa8dd829cfee588cbe17279e0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\CBCE7E4F9D3729ECC939B305BA8FD0DFB8DEBA23
| MD5 | 3b303344c53e7c6003224994b11e23e6 |
| SHA1 | 6c410ab98c3e719f6cd74fc03b77da546d4d21e2 |
| SHA256 | 17c0b16ba2de4f495e9e91e41708a22c1aa7eccc8b6d335225cc3d8d228c9934 |
| SHA512 | 55086cde5756a765976ae93f16cb138758c93437e3be433d3b656ba34582e906061d0be5cda07d4c118bd5d4e8d99a35ee0823cd70537b64d2bb98bc87ce5a7d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D
| MD5 | 9681f5c823bd77d2ea6cff08f9a787d5 |
| SHA1 | 107bf37fdd4bfa1127b460752a01f72686ae5818 |
| SHA256 | 3e1920ca8259334780e8a999ce314b5a485776bcfb454db6b73b882b2a51e0c7 |
| SHA512 | 50ef8de19a3639b83a412b583afb249d89c41b312e77651af909261e33db15502b98389074e00b390f722258be1aa989e38cb1e4303a165c0a7c3ac333031267 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB
| MD5 | cd6a951a2683575aadcb53d26a0f08f1 |
| SHA1 | fa127eb2d0485ad37b1e140838b962f56e5d63c4 |
| SHA256 | 2e7d4e9506e54cb489e7d8cfa3c9cc16cc92e0e5bf8aa90e9ca10d7651bd56de |
| SHA512 | 231d0296c6290ffc6d4284b66b7eab80e48f41745d9fab4b58e899c6c3f04a64e68b69f8b0bd857247bda5a07c4fc06668104cc9fdd709144b92f11c975b2445 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F
| MD5 | d98d6e1c1e8c9af2625c2740089f01aa |
| SHA1 | 19a05bea6c11df55fed20defb1d150c540128a15 |
| SHA256 | 6d246cd4be8055e0273079cdfd8a272f06295df20ebf861f1085fc79d9b77f18 |
| SHA512 | 05d143dc207a8631f1dad9bcb78a7a675bd2db16dfae44d848baf5b6a9cf3953e476279d142f02df82029459b5acd508d0cb4dca1c6cbd6a4ff8ee1eaeb76e93 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\041AF8593FEB3C58C0F2C1D0C08BCC5B138FD542
| MD5 | 4b3c36b08ebcb1b69b2c1248419a364a |
| SHA1 | 121d9fb134e75a3b2c8f3216d9ed0ea5e3a44042 |
| SHA256 | f9a1cd81395fd7629ecd10d3bc91fb1b0b12e4f508a7c4ae8c48c0333ac21d52 |
| SHA512 | 12b3c1d04be5f3b5c10714c5492829268897e7e1f473faadebc1a72484f6f243e348379f42774722f9c6641011f13c8745fa341ab7c23384f01dd3cf8470963d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\E31977AFF31FC81341F15A1DB70964ABAEB275CF
| MD5 | 865030f8d4ae93288bf7aa65838dfc81 |
| SHA1 | c8c202807b1bccf61d581ec3c521bda5cbb15c78 |
| SHA256 | a0f95d97883c7613da7e8890ec894a90e9426fa0ecee8d2cf453f61e2e69658c |
| SHA512 | 402bb198a4a651e4a8dc9a746a62fa20003af214c89112967a6f36cba4e84d61f835b5d38d2d43668cde27ee9557a30c248ed1a0a9c2abdff60406c5dce1dee0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54
| MD5 | cca87fb22d43b2de7d4f91cf9a6aad99 |
| SHA1 | 80bd090899a24b7828775f163e6e40425ede0e0d |
| SHA256 | e8876db14062aa6bf65eadcfb80511db45fd9eac3abcd767b5f6e163c3a02352 |
| SHA512 | 862f0e2ec7587f1bb4456f21a2b269a7269709e97bebdca330eab36a242193608e2473306bbcd1d01db0aa8591190bb5c93ec2099ffc776875cef5d4f9e5c53d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF
| MD5 | 6712208ce95d1ff89d500ae1fbced685 |
| SHA1 | 08bb2828dd1b9626642c35f9c6bcbf743a0cb881 |
| SHA256 | 2f422fd9d02591d80b12b2426d4e1e126cc5d1f7bec71db1248f4fa4d45dfe4d |
| SHA512 | a3cdb3180b208694e2b50cbedd8894d1fb2f3594522be7f08e78cbbb22d4c3ffdd830cda39a7ef14aa894e8d794d2f5fbca83b5a098b76a2aac2cb83685dc7f4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134
| MD5 | 23b3855e4c034e1a532016edeced0f3a |
| SHA1 | 6c02dabf113463240e3cad58a2fefa21b1264b1d |
| SHA256 | 44e7a8e5841e61fdfdc729e2994aa53ea6dccc3a814512aae4fdfc2dbf1df3f3 |
| SHA512 | 7e0f53e1e0cf3a65a2fd620a562b100882b69edf066ef79491c6467b5940c01cf9efb23248b3c98f9919328f7570bf0799407a0b7bdb2a5f9b8ff3a61c0b1803 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB
| MD5 | 3582787cebe67aed276333df724dd0fb |
| SHA1 | 9fcc183bece2bcf3fbe96e8eb088612af7549847 |
| SHA256 | 60e65f32b41edb0b2fae3cb447a1231b18532590b99c2b2d420b2589cb481943 |
| SHA512 | 05c62b88e73bb21aae4e1c97d146360ae6bab3901a136f6e15c4072553ddf4a6b80f2586aace7b2b1119aa0a0eb97d1f215a61e48cfca263933ba1475a52debe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9
| MD5 | 79f3e888aa92f8b9fc30b3c224832401 |
| SHA1 | 5e86d007b07c9544c09b56473bfc79698840d9a0 |
| SHA256 | 7e25c4789cfcc58bd58997a76f04ec5d4fe348d17fdd340ce7544a236531dcec |
| SHA512 | 210e88bb4b259c7b077b55929163b94b62dc69c90d42167c5544e19edd892acd76461d09102abcce14fcb1592dedeac84de664b6abc5070888b91430bf866968 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7850eb6bc93298340dfb3c3aefa1a917 |
| SHA1 | 87d38510996470fad61d4c3197be6b4017c21e12 |
| SHA256 | 58012647e3ed2e00fbc33188addfeb28693535400ebd3d6e0eddc7db28beac53 |
| SHA512 | db198a76b01a676955bd101ec293b794e8cbe1ed8e1a5ed9a1223b53035de8d9f01f7b6f3e60b4db764bb58eb448f800c7eba62ba273da71cf0502a41475189b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\3880E07D7216EA6B15D621AA35EA5FA1D0B4B5A0
| MD5 | 01cbc127628ed36d09dbd901129127d9 |
| SHA1 | 14de462e64f5f88222b9f4dea084fa666eedc7be |
| SHA256 | b21abd43063b17e745b09a51852b3575d3f58d44d84906985a0cdf1802052472 |
| SHA512 | c9384e8ef922e0a626bce00f49e9aad7ff743b3b4bb1e22dc827bc754943fa96055c183a758233bea9b72eb3b285f28f96b69c35ff8a998896b643b635103770 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\13862C88BF5B40550F04B0F3032487F672AA4474
| MD5 | 58ccc48def14dce38338439acded979b |
| SHA1 | 70eb4789286ceb008f8d9c392fbb2b3ef3b4f8ad |
| SHA256 | 0809162c004aaa7152c26ed33fb9200b6fe4f8c3d552ac2ad6f7e1098d975e6c |
| SHA512 | cb1a3893a95cb41cd2f39b34edf5df6d75d8f72b8aaca4cd2b70c0b3e5b68d22613ac0d04f7731fcf5f98c9e9d125520b6cf93d32cf7e7bdfa9cc29625178392 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\D2AE73DD3D367B2F1FAF273E3FAFD2F256F082E7
| MD5 | 4a2392b90556c5705e3e2b2f4a1eb9d1 |
| SHA1 | 2324c42bf41ee8e40dfc75c411f969db5adccc06 |
| SHA256 | 729f26b9f6bb2e04e2d328244ef82a3f13e15bb63ae93335408a820f4bd643f7 |
| SHA512 | 5fda39deff6568de1968feacc81c312bc7fb94c98c5b764070277b5a8e82e20988aabcdd4ab354a61578e15900b8544744bc256dcc7aca77f1d68fbdea4f9a28 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\A010627ADB95654204C32312D1B03C7B74BDB7AB
| MD5 | 390281369f6861b05d5827bb2f34f97b |
| SHA1 | cb9f03a2e71c3b012233a3f66b6efb49790b980f |
| SHA256 | 11247d8b87b295516f507cc429d4b9cb496b1b91f33a24d58a1b5df22d264d13 |
| SHA512 | 8b73e13f1a0b8c4c049ab70dfa06ccb848619bc5d3ed7bfdbfd8a235e69185e91ba9fa4b610434aec3b23286914df64fe10c80a5bee58b200591544feff6b27e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\07FA863FA14461482E37ACC5215560354870582A
| MD5 | cf313e5c6dea1063c7098dc618e5f4cd |
| SHA1 | d4e7211d6cce1507e8b771755d70b9beedc35f8a |
| SHA256 | 617b17150827906e2349e019dd1bdb577fbebb7c1473ea284a970d46643fc4c3 |
| SHA512 | af3098ecddc9094afa35921d1fe7969873b2fb92e80f55e334c87168796d8e110ebca946d4e07ef6dec8d83f77769158ea4dce38a01d37662ef388c11e059a32 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\84F99EC9F9E4B4B1C83521EC2894B96A072F342E
| MD5 | 32e73cdba4172bc002da97911d1aeac7 |
| SHA1 | 241d220b634a62504e8d8ce201d17e47312439f9 |
| SHA256 | 64bf5f2433ecc77cd9bf232982e7921bab5bafed6c6e5224f0c2fe2a9573cac2 |
| SHA512 | 9d20522e7ff74f3320b9c8824c4aa9ff5e120e2a410b9441d3947acb6bba3a5a7640f814434d2dd4feb40725a96569dd42907e93d40b5b5ea2b1b23c37c72f0e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\3955CD93FFC8BA5F29E3D5DA6400592EB90053B7
| MD5 | 1859d42864103fca3869f36243bc461e |
| SHA1 | 1d6c3c1d329bd79ca96f74ecfad5e21c8559425f |
| SHA256 | 2c3c05f6388d7ebb816de364f72a34d5d0e3bc9e57d92573a996ce0234ed0369 |
| SHA512 | 79289517606cda49c9a25e4ce621402da062f97a244e09f0dff7434fb8e55ff49841fbc97d23a532a2d824c377bbb8f490f26332635c3e8c61218714b5096a4b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F56347BF2186A4A0B010C3EBAFF9B6EB6C40C8CD
| MD5 | fac9f9581dea88edc5cff7df61a89bf1 |
| SHA1 | 1b25411641e851fa9c95f2b99a21af2e904783e3 |
| SHA256 | 6f080e6621a132e3fb4a3db048c2f40fa75f022ab3c179c7e401095acbedd41e |
| SHA512 | 6cb4be7649548af4e196a0e15aa9cd726f861278442ccbc5001fa88baa9534a54f5f2bace648a4c156c1a5f500457f67ad8f76d22397729351fbe79711d2f585 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\C2B3B1C59E59E99E287290E8BABEBEC257874426
| MD5 | f671f8838794b96884a22c03d28f695d |
| SHA1 | dd3f4d0194c9b3c3132959db6e68d7b1680508e5 |
| SHA256 | dd52d5e5d53620429314d1b17de9d1f634beddc323fcd2e595bf57387de4e1f7 |
| SHA512 | 395fed9ac5d8c06e10ed0781dbc4ac2cda11aa4393750986c69399805a08862e2b1cb2ee2f6ac8c1edb78cc8ef03042e72eb06929baa10cf58df51f92c6ec86f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3b6019771d35f4b415a3a95adc57a9ce |
| SHA1 | 11ac642ab923ace8377faf7b79b7f26c9d9ba5b8 |
| SHA256 | 78076cfbdd22c44cb17d963e2c8d572868219573af849f5b3833d156b0daa5af |
| SHA512 | dfe6d842bc3d700fe94f0fde51cefa3b1048c549d7a63812b510ec48aca2679e1f364992fd65d364922d0da88447d36382316f46ed5efcec7218b508ceeace3d |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.KQr1LD4f.exe.part
| MD5 | 027183c8f1be3ad3b30d3c8cf7332988 |
| SHA1 | a7de0320e768d2f737c30e77be4ca5043c3dbe55 |
| SHA256 | 5f02e34dc5d7a478675fef3b4bfa9ed321bf6b6f8d6804aef7b243e360fba2fd |
| SHA512 | 66aefb4f2295d66da768ada2849e498145ef0f8d1e2e4c4bb7daa1745b6937742451c2f1eaf3dad35833096179e4b9d123487d744106a709f34c6a7bc8f589ac |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | f3672c667a25867fc89d0bd8d0dd16ea |
| SHA1 | 5bb0b87bb37ba65a9fdbc8cd861a99594eddb3ae |
| SHA256 | 6f8067a530ddf1c317a96ee17268d0dab09977b29db1acbf884e0e0b3d43bdcd |
| SHA512 | 37d722fdf4607c51eba0e79fa497c9ffac54ca62f24aef107b8adb6cd46cab0a2f79e7fb900eb3db4b9bd55246edb3785a9098bcd24ea5ac8b9e635db3fff89c |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 88eea09427500e5e467be9010c4c5afe |
| SHA1 | 8ff433300eb702e6413262cfa8595cb07d22b06a |
| SHA256 | f5aeb7f049e4e44b414d68b06e82a22ec3fe08d58ff2991191ca4d3acd9fdbae |
| SHA512 | feb5ea900dd4611932d8ca9a69b8d9449451b15ac225da41d7a7d060fa69ff7c7671f75f6aa37c00720f4bc24c7e19690fda00090f94a7431748de236b583bb2 |
C:\Users\Admin\Desktop\Roblox Studio.lnk
| MD5 | 34bf2b7f6a31680da710bcde9daf4480 |
| SHA1 | e5ec5a8445089cec6af438208ee0b032c19bb4fe |
| SHA256 | a2db4b4d7363d4d95870aa16a15ad0674e96539fea615d336f4a263cdd1775ee |
| SHA512 | 18c87c806b6ff7a887231cdd20a3be228d3f459d8a89ab20f343ceb325cbf7cb68d411b45a7cdcef77fdbedb74cf19e21679989b6930619df524356fe2339a5b |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnk
| MD5 | 1339f91c268a94c35e08a08f41dc3be3 |
| SHA1 | 9c3590b862c5c1272369ed8d839ca4e53a12ae02 |
| SHA256 | 01648539a859827aeff2bba475ded5020d6c2deb4193dff0341e4468e6f1af94 |
| SHA512 | d6f2ffe952d1e42956e19f5d91ae1fa918b1d8fccc4d1bd360e11716e7f59f02dfd86da0b3483cfd39bad5e2da62fd06ccad23ca6a67c259250d49a74354ee43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | 6e999d7f5edd36f4762e33552fb13b01 |
| SHA1 | d8e81779d3d4314dd571a8c477262e857053cf48 |
| SHA256 | abb7b2f3220e29d52d0c0213e81392f5b4f038a2ef99e4068513731b75b2df6d |
| SHA512 | 8c69e75834cda86cddd234328ef3f7ce69ce7f9a547424d5aceab29c1836f8a900ddd2394a785ed83995c171312d4fac174a5e404d8d227446ffed7dd5343040 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\342d1af7296519a909dbf9d57f966893
| MD5 | 342d1af7296519a909dbf9d57f966893 |
| SHA1 | ef1191f64533bbdca107d88619008fdce9b65fca |
| SHA256 | 6c4f27f31a9ad78636a2588d28a1d7ac32f66e99c39d28ff04c420bf6a0424df |
| SHA512 | d4bec44d9fc51b03af005acba5ea79cb6f8b09b58d07390fe9cbbd6c5c89a0f29fd01631a223cbf58c27e6a849019ba0b2ef4d67828c407035c7b85b1c20d707 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a009ac1d3089449383bd7f08c3d246e5 |
| SHA1 | d8efb759fd8e9eff24a1d3b7550ff8c2f062a3ee |
| SHA256 | 94a2e009b51aa668b4ca21b6725863cafba7b47fd5b7ab619cfdcc14d6dc4c07 |
| SHA512 | 2055cfe1e3491267ed7e4a132ea0c874ad02689c96a179ad14394575effba48106e8d317d484ff4f75fe928442886a0c6662746270709c826de53c8dae559bd6 |
C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUEF1A.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 4af061445971933ec7cc2215f5bf31c0 |
| SHA1 | 41d8462b1f82423f975ccdfb657ba4bb69742811 |
| SHA256 | ada8a2d973a9a6d690a0afeb070302ade6f8daf28fdb83d4163aa2562a5ba36f |
| SHA512 | 779e8b8ddc0b833513c54671016b937ef1aa1f42cbcfb349c0df6a779daeda166816e8df09b6b6f3318e674c0b20022eaf04fe5aeb2ab90304652d82844ec871 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 325ef0643457f849a5e7e05d5fc0a675 |
| SHA1 | 1e1dc7552283dc1323a3d759c1c50c913c527ca4 |
| SHA256 | 2bd8f22f1e581620275d495302ebc6c07482e7cb14a0dd375563368edc44ab34 |
| SHA512 | 11a5a4ea9f09d4353d8379aa4e099c1ea615fbeeb49f1ffaee3150ad802d942d9464ba0beeece99f7892e4fc6980d6ec99881fd34997f9a0564dca118c5fa596 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | a2cc28ac7740a99dcf894b3dd3f7b42a |
| SHA1 | 9a2ebcf9df42d4e5793c04134d4f69884fb4b97e |
| SHA256 | 65b8245ba90f6a21008c7e29631dbdd97ac4370bf095a231e1501c66b7e9477a |
| SHA512 | ecfe0737e6f36265c72c9ac744922da42966c82feb0302772041defd1513db5630edad7f051f917064b81561c6002124982c5e1b4e702cdc91b9c5f8029c4ee6 |
C:\Users\Admin\Desktop\Roblox Player.lnk
| MD5 | 54ee53a830ab9a48e766ef44ddd833a3 |
| SHA1 | ef894c7acca03be97ff178fba01399d664f4a28f |
| SHA256 | 8f1f9db476643ef022a630908464f7cff735ead8abe93cc0ddd995dde0ced409 |
| SHA512 | 77130f7333107ecc7ace5ee8f3906bdca57b46a3f5632a4f15c0af3a423dd87fd17f19418340d79340319bbf78f7482f47a396b85dacf8fe5a90fc4e7a083ca6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5e050497f9dfd52bcce827bd938d5615 |
| SHA1 | 2248326de1b935a15dca6e86218151290ef05ea4 |
| SHA256 | 5f04a067477dd05eff565c18ed255365a4d5b1b783e61873ecba5cb403ef9987 |
| SHA512 | 462ce6b5551bbcac63144e070a381268566452d77f26631db7d20e7840c0eaa0ec27e8b0dfb8cac2f974061bc332e94057fc59bf83a2b3367a1e4a1303ba1f70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js
| MD5 | a8dbd5f26254ef76ee9486ba23bc6bf6 |
| SHA1 | f879e20c19ae485c5f12477a70d4682f296aacd1 |
| SHA256 | 128286e6fe64be588ec99796fd97e6d4f604c7cac9565e5cd2c07fdef12a3867 |
| SHA512 | 818be6a266787a6d145f305ae4ddd4c68e14cfd9d0d5608326018842757dc3b3521a7726e37e88114859fab03eb625f6bb7435827dae89f89dcd9866335f800d |
C:\Users\Admin\Desktop\Roblox Player.zip
| MD5 | 0c93922a7e95b45e15dc1f92471f2145 |
| SHA1 | 63bf2753a086e4a4ef39257a782d14a70e34d747 |
| SHA256 | ab61a4968dba08b6efedb89fc93b1fa5008cdbea102861b76d0df2d2360a2a0f |
| SHA512 | bd79013441a958e6fa99e118bec9b35bf0ea08fa169a83ebc285b55c0e54fe18628c71cee1d5b896cf11aade80b7872e34fcdccc31a4c7ef034b3d1144567d9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
| MD5 | bca3636e5e7b833f21e5b8e8bb2b29e2 |
| SHA1 | 46b9910d0ae65227c0e17e28288e537854e87f7c |
| SHA256 | e7ac90a588879307b8f36ad7692caa6c977eda57db6755fe796bab8718e2fbf9 |
| SHA512 | e010bd0ed91f73ff9ee5313a9680cb39b8556d5fc568803d3d62170ddc7479366762438feb2f09aea5d87a11bdb1c7c4a30b0c9a176e223323e4c804af68a90e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | b8927118a1d9fa0b08506dad1b25c086 |
| SHA1 | 5b59735a75196c5990536376215639314bc40951 |
| SHA256 | 91b05e49b66d13b5aad29239b0b3d846bb47fa0168e09e15d3bbd96f32ec502e |
| SHA512 | 73a6a225402c974e6959c888daa26c47f9e343df96314c01b26934fb2f3222c7953150cd1e90a09129258179cf6bb37b9c053ed8bf30b27a9a5425b106bce592 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | ab6aaefbf65b67735ac0a9e6129b53a9 |
| SHA1 | 20948924b1298d413625941890bf1f9c0fbe8b07 |
| SHA256 | 888b27defbe2160c931749d1a1218a7e93cdd877e519471a26b3ace9b0ece1c3 |
| SHA512 | 0b5da524d13bd24a5713e1f1f30d79f156ef977e719574778fc27f7344e53f1401368178641e1913c2d14cdd9c12fa954d82c3597c2e00cd5a6d176c9e653440 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\cc997aa74c23b634733a019a66e7fc65
| MD5 | cc997aa74c23b634733a019a66e7fc65 |
| SHA1 | 88579d285fab998b19b5fd0492ec5d8035cc9d5d |
| SHA256 | c153e6d2def0c79e7ac8063155c1b2cca6404d7ef9e6f151ff9f47e14416bb96 |
| SHA512 | 99e441ff8d751f7c96c6a693d9c71a3b98618db6ea61ddbcac8693ca73e20d11d6a9502042c81297c8f17120b8828cf6adf3c1ef3c80ba577ba4e71bb040d2b7 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3457DE9F-A62A-4598-96C2-655B96EEDDAC}\EDGEMITMP_0CFF1.tmp\SETUP.EX_
| MD5 | c776c31bcd5a0199543741c01578a2ca |
| SHA1 | 7f7fca2227571040f575d9e94de677a5009478b0 |
| SHA256 | 2e1420d7fc7d719b2b135ebb7c98114b4994cb7a55363051eea753f08e97bf3c |
| SHA512 | e0759afa922cfaa4c7f2206b7b19b648064ccd9088af7a2fd3ca956c4fb80d5fc720b6d8302c5ec39d4e44b65a15926337c15be68eaff509f425b8f388ff5283 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 41618dd4bc0eab8ee1de7ea5da0847c5 |
| SHA1 | 3c39bba10beb3699be6f52f49dfa13d104c8c478 |
| SHA256 | b36955f1f6059096d363ca500199c8817c5c1d0d2e0109b19a4ba194b30ae607 |
| SHA512 | 30ee762b17401d05b05faca5967818d51092f777b7366841b1df1d0504d6d8543e6d2edf8cd294103459065118c60afb3a0edabe375914ad3ab75442558d83ff |
C:\Windows\System32\Microsoft\Protect\S-1-5-18\Preferred
| MD5 | 530440c65f921345b445e863d1d783be |
| SHA1 | 548a4abd31a4ded6266910fe6a3756f9c50caf6b |
| SHA256 | 144e6527ddaac36eac5128de1f0fde6e6f3a45097672186abf44509020bb1340 |
| SHA512 | a3e071718770eee26a035d855dc9b1cf6179b9503a37f035d4f7532725dd2bbe40d6c653257bf56e632f5a85c42ce6da4e2543c8fe76b817b444be200e85905a |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 0b766ee92145c649e710d914c9de039e |
| SHA1 | 66aeef60a8eee1d0186917d6e606a115fa3ab689 |
| SHA256 | 6f1553be157ed64972fa61f071f0d917737ae471c74605821a252f879636367e |
| SHA512 | 621021f7d2143ef9d45ae78c4863a6341ac6a725a4c4ac92181bad4c331ae2c21a1b4340c6f4465158ba25ce715d52bc8f35e8c7044289bf20b7d989c226ea0c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe609752.TMP
| MD5 | 819738473f773ae1823e25f5cf7de958 |
| SHA1 | 1e7c66399f82c1495a1f5e679e7a44d9fe54de12 |
| SHA256 | a02d2c390c0102314c346c3775fe0747fedb14ecd3fe213c3f292f15b15c788e |
| SHA512 | 62a1998500bf5d4a7c8d2564cb766c72096b1f712501fb3d937a8f5b0d4e2a750f3a4a932d4f8ef0d8025083a72036fe2532f060adb4b47bec1ebfed3b1e05bc |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
| MD5 | 3b29209b4fac727b37eec27fa51d1c77 |
| SHA1 | b600426bbb62e3e54f749f7005c85df9d18ba07e |
| SHA256 | dfff85f1f815cbd24032400c0491efff333a43914fd9b1a6b48773df358c62f2 |
| SHA512 | deb198e1f0207edda069c6469e68a4cc4c8563f3ca0426b9e7cc65f6291a6b33070258ae6cf29ca1b5cddf6a3a974eb43011bd17a654618a0393c335e180e326 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\TransportSecurity
| MD5 | a2fc016d83213c919a07f46416587fb4 |
| SHA1 | 88815c1a928340d018e5f3be95dc3e931c523c70 |
| SHA256 | dc731c865b200b36781bd20677afe399d71588b64a927bca44cb4544f815f81d |
| SHA512 | d36932820f618f0dac51bbbd648975aa2e94373bff4f5c3c17484c5493d17f093e6144b90df813f3d78f81bcc98005f9d7a78a8daa014bb6463d60af2cbe751d |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\TransportSecurity~RFe60a25e.TMP
| MD5 | 9d4977ecd5959504175277e8b71b7f07 |
| SHA1 | ee71611a1e0f6f58af1792d93d6e678b6b207248 |
| SHA256 | 79a632475633e6b875d2bb5d090029aa351435fe18b1eaeddf34c40a64e2fc05 |
| SHA512 | 76168531044371d30fac91891008f03df43f1acc706435a53755b428786a2a312605247168a122615208fbe9a06494c1e79a54db1e3f4cd4c688ae42ebb0e938 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10be5be548ee66fb2f928115d5683a9f |
| SHA1 | d6a8d4c57875eddec9ef01f852a9373b599d2d5e |
| SHA256 | a66df891e804b492f8aa121cb760a341d549a132b53e1c1edb24d0eb0ceb1fcb |
| SHA512 | b0f95e0337a06742beb72cb3b0cebe5af3a07777d5359eb69bf0c2e8af58270f4d53e07348d54d78dcd069f61e2c4699cf74b68be49182c77d5a45694cf73fd6 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe60a424.TMP
| MD5 | 8238cdb601467596ca256e5f83a71e7a |
| SHA1 | 5efc10e17edfd99dc43a986137d7243fcd99d3a5 |
| SHA256 | f82b493122973172d1391c0cad9a243c4839314d511d27e82f85f20a12a9b6a2 |
| SHA512 | 924811101356cf41adacf559432df95f068706fbb6c635c133d6e43356ea1033c8638c179637ff958963db90cf96f8c5ca8b7d622c82b617294d6c05dbc5e5c4 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\TransportSecurity
| MD5 | 077b477b042a23b654441100c2f013ce |
| SHA1 | 4714d93dba6c687be2366f0262360eb2281eb5c2 |
| SHA256 | 5d84e425e43f475e7ba8e94914f2c03200b6d2758ca423fcd393e24d4c025223 |
| SHA512 | 19437f63e2b7f74e55eb02e00286415aae8b978cd1500416ba52c0cad10d0bfac21c62947619636b617357a24d19264ef4b44384b6bff967c2dc5e9e45b0a78b |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 5c054687bc9764e38f98477e11bfbea1 |
| SHA1 | 5208caddb79809d9541983da9e230034108aa185 |
| SHA256 | aba739deb2bd19b168820efd91474858e3d321ac8069bcc6558751e232d68087 |
| SHA512 | 9d6661b8c3107113aa6be740b0566c6ca6225a455392c920d395c7530fde2046786cdbaa700a2931b03487abb05fc2ae31bb77a1f2ca7d18ee60e706d491dde3 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe615e1d.TMP
| MD5 | 0efa53a9fac815154c35f9ba8c1f7f4f |
| SHA1 | 37616041874481b46e01428a9428b342d4504d42 |
| SHA256 | 3688677b60daca78962aad35692048525c15d8010deafc5f0db6e0d024793e32 |
| SHA512 | 0b0e258738217399357011a461b582192e53df20925a2ff231f60b20ff8321e37fd2f023b3d6ef4666cfb6bd9ab4e53b1a16021f48d6c67e122797db7f406417 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network Persistent State
| MD5 | fbd76902a485f616b4b924dcc73faf89 |
| SHA1 | 76456eabd26391b71b44c057d954442abd4ff632 |
| SHA256 | f9813b8476ed45c29a6dc13fe18b0d9bcf054312d42d28840262a3d82bafa4a4 |
| SHA512 | fd50044c0411c8baa3b321183d357df5165793bb8f458197195ab106c7338be77d10152b724c8c2fdcc1d9d9473bdaf1289624900a9b56da6e8d2385a56646cb |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network Persistent State~RFe61610b.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | 9c315a901b17f1f36ea680e13619173c |
| SHA1 | b3ddef1b2744804fa798fc118f61049a1fc9c049 |
| SHA256 | 221d12e1dbea04f9ce30668f8007a2ec01b54e3040f41bc9e54ada331c609408 |
| SHA512 | febb84b9315370d06d049e440bb5ed27f0e6a9ae013600a5dd7a576f046e608bab7740aa9e729e6482b93600b47705ee6165171b33b387ad6b309e5e389b9875 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\TransportSecurity
| MD5 | 8477a8d520032731f9bdeda3dde9ebc1 |
| SHA1 | e2dade1d00314a6c27c459c61c35c08c0668de63 |
| SHA256 | 9693c0162206f642593816db88dddb0d2c8c9324b9feb46198c2ea13fb3c42d1 |
| SHA512 | 7625393577e4dcfd3fdc507c29884513f2eaaccd7d22b63048c85812f9d951279b85b563bee20d7dbec2e1b6b5f3d3f1f12d2daf91577863f548ee997518edfb |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
| MD5 | 7ac0c6f4690582066d7fdd0339dfca5c |
| SHA1 | b08bcf16de56733f37c684b82907b8389036e80d |
| SHA256 | 3a3ab7cfce5228f2ac0317e623db7be7e62ccd3f10067a5c4a7e11830e2fe392 |
| SHA512 | a3ee13d0ac2910a308e6e0031c770ef90ee3646b28149f16347a1e34b05808077713924ce77077734ff0a4b25bc4ac0afc110431682897cf3bff621affe3bb90 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\TransportSecurity
| MD5 | d48c7936e9a347879924d1517d3059c9 |
| SHA1 | 30c61bc12871bf83d6154e67482508bbb2b6d07f |
| SHA256 | 3d0dbcc8c7084a323ed472f7510b859de5a122599307455dd212b32f51d72168 |
| SHA512 | 35d8cbe1c2e404ab6fe860aa0101142b305507fc9da92ce22d98968eb1c3185a549d16811de664ea461a385cbef2e4597928cabdd5800950c4395322324a50d8 |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network Persistent State
| MD5 | fcb9a32d6eda21c8d5413a9b8191745b |
| SHA1 | 98a99d9801b5951acce9417b23184976a9bd1128 |
| SHA256 | cb4061d4c8e2aed38f603cf92ff5e62f085a5a357e626a1f10c9282484ab559f |
| SHA512 | c349ba811458e70eccf49bde966f7a847dbc284967580f90bd2517d1e702dec1a6907c79e7948c76e0899f56685008fe46956a804f825751a5e715b57c13e06c |
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\GPUCache\data_1
| MD5 | b69a638334faee56f6467e2caee5be07 |
| SHA1 | ca881f8c9ee37847332db30b4ccab09142d6f42d |
| SHA256 | 828e38358dcb941e54ed1dbbc7c938e069789157c1c4fe37c47e68dcaeb70e94 |
| SHA512 | 68bd1465c6af84992d86a6fe0f4bfdee1f34c4a679220001d438e8ed4ef89f41775381513ac2695742eec93b70d005b4c4225bc1a4a7f6e6463de09580b6cb0d |
C:\Users\Admin\AppData\Local\Temp\{958B30E9-D80F-40C9-A3EA-8B5C73E97C1E}-MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
| MD5 | 83f7907f5d4dc316bd1f0f659bb73d52 |
| SHA1 | 6fc1ac577f127d231b2a6bf5630e852be5192cf2 |
| SHA256 | dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819 |
| SHA512 | a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224 |