Analysis Overview
SHA256
c8a67410eceb77f0807f72e3751598f6b5a21a5d6debfc8159d7378894271c26
Threat Level: Likely malicious
The file hehe.exe was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Sets service image path in registry
Sets file execution options in registry
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Checks BIOS information in registry
Themida packer
Loads dropped DLL
Registers COM server for autorun
Checks whether UAC is enabled
Checks installed software on the system
Enumerates connected drives
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Suspicious use of NtCreateThreadExHideFromDebugger
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Checks processor information in registry
Modifies registry class
NTFS ADS
Suspicious behavior: LoadsDriver
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:34
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:34
Reported
2024-04-06 21:43
Platform
win10v2004-20240226-en
Max time kernel
527s
Max time network
532s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\hehe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" | C:\Users\Admin\Desktop\hehe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\hehe.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\cleanmgr.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagerr.xml | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagwrn.xml | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setupact.log | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setuperr.log | C:\Windows\system32\cleanmgr.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\loading\robloxlogo.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\MicLight\Unmuted20.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\graphic\shimmer_darkTheme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\icons\ic-more-groups.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\NotoSansKhmerUI-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\Roboto-Italic.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\Gamepad\IBeamCursor.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Menu\rectBackgroundWhite.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\UserInputPlaybackPlugin\ArrowCursor.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\GothamSSm-Bold.otf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\MenuBar\arrow_left.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\sand\reflection.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\sky\sky512_rt.tex | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\MEIPreload\manifest.json | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\PluginManagement\unchecked.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Emotes\EmotesRadialIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\ic-bc.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\beta.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\dialog_blue.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Help\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\chatBubble_red_notify_bkg.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VR\edgeBlur.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaChat\9-slice\input-default.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\unification\humanoidClassicAnimateDefaultChildren.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioSharedUI\default_group.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\PlayStationController\DPadLeft.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\selection_rounded.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\concrete\normal.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\PlatformContent\pc\textures\metal\normal.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_5.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\graphic\gr-add.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\RoactStudioWidgets\toggle_on_light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_hu.dll | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InGameMenu\BackgroundGlow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\MaterialManager\Fill.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Emotes\Small\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\avatar\compositing\R15CompositTorsoBase.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_4.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\VoiceChat\SpeakerNew\Unmuted20.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\Cursors\DragDetector\HoverCursor.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\fonts\AccanthisADFStd-Regular.otf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\StudioToolbox\AssetPreview\Rejected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\TerrainTools\import_toggleOff.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Emotes\Large\SegmentedCircle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ViewSelector\left.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\SelfView\SelfView_icon_faceToggle_on.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\ExtraContent\textures\ui\LuaApp\icons\ic-more.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\AnimationEditor\icon_add.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\GameSettings\RoundArrowButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\5217C0CC-483F-4385-8EEA-35531069D054\dismhost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\cleanmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Windows\system32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Windows\system32\cleanmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-8764cc9c84a5459a" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\cleanmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hehe.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\hehe.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\hehe.exe
"C:\Users\Admin\AppData\Local\Temp\hehe.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\hehe.exe
"C:\Users\Admin\AppData\Local\Temp\hehe.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
C:\Users\Admin\AppData\Local\Temp\hehe.exe
"C:\Users\Admin\AppData\Local\Temp\hehe.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
C:\Users\Admin\Desktop\hehe.exe
"C:\Users\Admin\Desktop\hehe.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.0.847129598\589663370" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68a1adda-5f1c-4e0b-ad5c-8b2a3fd7b6bc} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 1980 15e48bd4b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.1.648509717\1821552005" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd39d967-c198-4b90-b000-ab2c65bb34d8} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 2380 15e3c370458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.2.1019146256\335704986" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 2892 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88d4e640-a1c2-40b0-8cee-10e654b67e93} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 3160 15e4cc9d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.3.498769978\194995606" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c77bf0ff-37ea-4ef0-93ef-d6d284f22fc4} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 3596 15e4b3ba258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.4.889050006\1846004047" -childID 3 -isForBrowser -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d68105-e796-4ccf-84e6-c74e18cd422b} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 3740 15e4e0e8b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.5.507840306\404229550" -childID 4 -isForBrowser -prefsHandle 1696 -prefMapHandle 2836 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {962a2749-ef0a-40ac-97e5-16ac432f40b2} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5096 15e4e9c1258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.6.120825809\433450467" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef44456f-3c2d-485b-be48-7d0888e982bf} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 1840 15e4edfd658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.7.1118326358\604674797" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5212 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa5fac8-3f8d-4cc4-b3a4-c7591b3b95a1} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5444 15e4edfe258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.8.1221021503\2007239187" -childID 7 -isForBrowser -prefsHandle 6004 -prefMapHandle 6000 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de821a42-092b-4d23-b7c0-623734eada4b} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 6012 15e50f87558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.9.527748308\344513444" -childID 8 -isForBrowser -prefsHandle 6176 -prefMapHandle 6180 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {990a3bdc-1fc0-4822-aeb1-6f2a0390aad1} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 6100 15e51276858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.10.588994166\2081081256" -childID 9 -isForBrowser -prefsHandle 6648 -prefMapHandle 6652 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd331b4-1ae7-4da6-89d0-96851308bdc2} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 6156 15e50982858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.11.1259984129\1382876896" -parentBuildID 20221007134813 -prefsHandle 6708 -prefMapHandle 6712 -prefsLen 26460 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {353a0f14-913b-4103-925c-d7576749a2c9} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 6700 15e4ed97258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.12.1172403258\1129048463" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3296 -prefMapHandle 2976 -prefsLen 26460 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64617bc4-2963-4858-be56-6979e7de4d64} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 2856 15e50f84e58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.13.885157377\1160229928" -childID 10 -isForBrowser -prefsHandle 6112 -prefMapHandle 3296 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1b888e-76a2-4449-aa02-6fc19eb1cd8f} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5384 15e50f84258 tab
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkJGMzBBNTctNzRDNy00NzFBLTk0NzItRkNBMERFNUIxOEY5fSIgdXNlcmlkPSJ7QTk0OUQ4REYtOEIwMy00MjUwLTg2QUUtMzg4MDA4NEM1M0RFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2QUY5RDYwNy0yMUMyLTQyNDEtOUU2OS05QUFBMEExNDg4M0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTU5Nzc3ODU0IiBpbnN0YWxsX3RpbWVfbXM9IjExMjMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{FBF30A57-74C7-471A-9472-FCA0DE5B18F9}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkJGMzBBNTctNzRDNy00NzFBLTk0NzItRkNBMERFNUIxOEY5fSIgdXNlcmlkPSJ7QTk0OUQ4REYtOEIwMy00MjUwLTg2QUUtMzg4MDA4NEM1M0RFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2QkE2MEMwNy02RUJDLTQwQUUtQkUwMC1GNTA4QURFRkFDNjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTY3MDk4MjExIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\MicrosoftEdge_X64_123.0.2420.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1C6524E8-FF85-46FB-8E43-E700F3CE0B67}\EDGEMITMP_3A946.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7e17fbaf8,0x7ff7e17fbb04,0x7ff7e17fbb10
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkJGMzBBNTctNzRDNy00NzFBLTk0NzItRkNBMERFNUIxOEY5fSIgdXNlcmlkPSJ7QTk0OUQ4REYtOEIwMy00MjUwLTg2QUUtMzg4MDA4NEM1M0RFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszOTk5MTA4OS0wM0I5LTQ1NjUtOUJERS04MDE2NEY5NUI0Mjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5ODMzNzgxMjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTgzNDQ4MzY4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ2NjY1MjYxOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMwNDQzMDEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WnZ2MnprV3BxJTJidTdjRDJseFJISnVLJTJiSXFkS0trdEZ6TGNSQ1N0RnYzMEFVS0tncnY4NURhazJpd1VzYkZxJTJmMXNENmhHNW9qV0R4TlRDMXYlMmZoaVVuZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgZG93bmxvYWRfdGltZV9tcz0iMzkzMjYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDY2ODIxNzIxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ4Nzc5MTY2MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODA2MDgxOTk1MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk5MiIgZG93bmxvYWRfdGltZV9tcz0iNDgzMjYiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTcyOTkiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.0.756541261\991254157" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 21562 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c73d30b8-6a27-4050-aef5-9ceb96436d3c} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1776 18f300f3b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.1.1311757979\304881698" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21562 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf35807-9c52-45ef-a61f-a2a0931f00f1} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2208 18f238d8858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.2.267945321\1391701861" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2920 -prefsLen 22023 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0780296d-94bf-4791-a7de-355fa3415c86} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3112 18f338e7d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.3.21069329\330013861" -childID 2 -isForBrowser -prefsHandle 1012 -prefMapHandle 1004 -prefsLen 27201 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34daf49d-6261-4fa2-9e36-c24733918b45} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3656 18f23860a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.4.1282966709\1648489557" -childID 3 -isForBrowser -prefsHandle 4288 -prefMapHandle 2444 -prefsLen 27260 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d7b0a8-cbab-4a8d-a871-28db05a3943d} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4268 18f34f2da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.5.1545437538\1667002619" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 4984 -prefsLen 27260 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70ce0024-0373-4991-9640-c5cf6d25a487} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5028 18f3389bf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.6.176779050\36478573" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 27260 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46d85c6d-4add-4649-b382-87f38ac45389} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5180 18f3389a158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.7.623210878\462508261" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 27260 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59e199f-90f0-4bd7-bbd3-b3e11ac8e453} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5380 18f3389a758 tab
C:\Windows\system32\cleanmgr.exe
"C:\Windows\system32\cleanmgr.exe"
C:\Users\Admin\AppData\Local\Temp\5217C0CC-483F-4385-8EEA-35531069D054\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\5217C0CC-483F-4385-8EEA-35531069D054\dismhost.exe {640A3C59-0A99-4FEE-B02B-5E0A36F4C88F}
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.8.1260131652\1889342152" -childID 7 -isForBrowser -prefsHandle 5980 -prefMapHandle 5976 -prefsLen 27260 -prefMapSize 233863 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f13100-68d8-4b8c-84e2-a8aae8f22b85} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5920 18f383f1558 tab
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:AVitvrmxLkjhIux06j_aiCk8_hSAp-RRLCXd8IRlg5o5gLon5-2gPjMi0d3le0awHkfauOQO5OdSW3QsSqdw90JSFtYirq4jHk77uh8XoYZx7maa3lRBsFslDERv8_qhUp1Js1FCLhAm7G8c5jdIgTUSeUJwdJbyNS4EaGOYaZ5IvVSksQ-zHzLhwruVhIYlpc_QeNhPq9Fl5ITvRXlwXd6M_23kaF_27j3KOHVgWNc+launchtime:1712439738295+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1712439403235002%26placeId%3D623823800%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd2626b81-afa1-4bef-a17c-ab9e92411031%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1712439403235002+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\COPYRIGHT.txt
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:62944 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 54.245.32.185:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 185.32.245.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:62950 | tcp | |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| DE | 142.250.184.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 206.184.250.142.in-addr.arpa | udp |
| DE | 142.250.184.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| DE | 142.250.181.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| DE | 172.217.18.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| DE | 142.250.181.230:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| DE | 172.217.18.98:443 | googleads.g.doubleclick.net | udp |
| BE | 13.225.239.22:443 | static.rbxcdn.com | tcp |
| BE | 13.225.239.22:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.42:443 | js.rbxcdn.com | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 42.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| BE | 13.225.239.13:443 | dapx4swc8lj69.cloudfront.net | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 172.217.18.10:443 | jnn-pa.googleapis.com | tcp |
| DE | 172.217.18.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 172.217.18.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 13.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 104.117.77.168:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| BE | 104.117.77.168:443 | a1818.b.akamai.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.206.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.206.58.216.in-addr.arpa | udp |
| NL | 216.58.206.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| GB | 128.116.119.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | trades.roblox.com | tcp |
| GB | 128.116.119.4:443 | trades.roblox.com | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| GB | 128.116.119.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.140:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | tcp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | aws-us-east-1a-lms.rbx.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| HK | 18.166.40.227:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 34.202.93.224:443 | aws-us-east-1a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-1858695030.ap-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-1858695030.ap-east-1.elb.amazonaws.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| HK | 18.166.40.227:443 | nfd-prod-a-1858695030.ap-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.93.202.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-a-519385656.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-519385656.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.40.166.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| DE | 3.121.72.41:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| GB | 3.8.27.36:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-722425490.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-722425490.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | 41.72.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.27.8.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 18.119.64.200:443 | aws-us-east-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-b-1668673727.us-east-2.elb.amazonaws.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| GB | 18.133.69.158:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| JP | 54.249.229.164:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| GB | 18.132.92.47:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| US | 8.8.8.8:53 | nfd-prod-b-1668673727.us-east-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| DE | 3.78.22.124:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| JP | 54.249.229.164:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 128.116.119.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | 200.64.119.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.69.133.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.92.132.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.22.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.229.249.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | tcp |
| GB | 128.116.119.4:443 | games.roblox.com | tcp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| GB | 128.116.119.4:443 | voice.roblox.com | tcp |
| GB | 128.116.119.4:443 | voice.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| DE | 3.121.72.41:443 | b.ns1p.net | tcp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | d19ha9ylcjiuiu.cloudfront.net | udp |
| BE | 13.225.239.67:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d19ha9ylcjiuiu.cloudfront.net | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| BE | 2.17.107.18:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.18:443 | setup.rbxcdn.com | tcp |
| BE | 2.17.107.18:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.136:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 104.91.71.136:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 136.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 142.186.250.142.in-addr.arpa | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.202:443 | r5---sn-aigzrn7d.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-aigzrn7d.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.202:443 | r5.sn-aigzrn7d.gvt1.com | udp |
| US | 8.8.8.8:53 | 202.138.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:65392 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| N/A | 127.0.0.1:65395 | tcp | |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | a1831.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| BE | 13.225.239.11:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| US | 8.8.8.8:53 | d143j4fdqe1jki.cloudfront.net | udp |
| BE | 13.225.239.38:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| BE | 13.225.239.38:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com.cdn.cloudflare.net | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| BE | 13.225.239.27:443 | dapx4swc8lj69.cloudfront.net | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | 38.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.239.225.13.in-addr.arpa | udp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| BE | 13.225.239.36:443 | d1kpbbfl4rco16.cloudfront.net | tcp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 104.91.71.134:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.134:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| BE | 88.221.83.35:443 | c0.rbxcdn.com | tcp |
| BE | 13.225.239.74:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| BE | 88.221.83.27:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | d13im6y9zsyqh9.cloudfront.net | udp |
| US | 8.8.8.8:53 | a1913.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | d13im6y9zsyqh9.cloudfront.net | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| DE | 3.78.22.124:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| US | 8.8.8.8:53 | a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com | udp |
| DE | 3.78.22.124:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-ap-northeast-1d-lms.rbx.com | udp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| HK | 18.166.132.10:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| JP | 52.195.29.206:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| HK | 18.166.175.147:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 54.241.163.36:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-b-687806602.ap-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-b-687806602.ap-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | udp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nfd-prod-c-142502592.us-west-1.elb.amazonaws.com | udp |
| HK | 18.166.132.10:443 | nfd-prod-b-687806602.ap-east-1.elb.amazonaws.com | tcp |
| JP | 52.195.29.206:443 | nfd-prod-d-869689544.ap-northeast-1.elb.amazonaws.com | tcp |
| HK | 18.166.175.147:443 | nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | nfd-prod-c-142502592.us-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.29.195.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.132.166.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.175.166.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| DE | 3.78.22.124:443 | b.ns1p.net | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
Files
memory/4404-0-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-1-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/4404-2-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-3-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-4-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-5-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-6-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-8-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4404-9-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/4332-10-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/4332-11-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4332-12-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4332-13-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4332-14-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4332-15-0x00007FF698830000-0x00007FF699212000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\frAQBc8Wsa1xVPfv
| MD5 | 69828442d30e7cc31f2d540a633dc321 |
| SHA1 | f4ace950002fb78cfebefb74fb803eb6028c9b89 |
| SHA256 | 70755cc44bd05c698e7d722af526b396128d8daf155780e4bf37deafe0dd82ba |
| SHA512 | 57e5c7d34b857ff58d37bc0d3754bcb76601f223b7ac2b1645f97f0a06820b823a0b84fe6f3c299d46559d9ddf802ee7db3911091dbd7d47af829efc49c087d2 |
memory/4332-18-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4332-19-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/4736-20-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/4736-21-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4736-22-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4736-23-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4736-24-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4736-25-0x00007FF698830000-0x00007FF699212000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\frAQBc8Wsa1xVPfv
| MD5 | 6d4159694e1754f262e326b52a3b305a |
| SHA1 | d5fd9fe10405c4f90235e583526164cd0902ed86 |
| SHA256 | b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf |
| SHA512 | 480d1dac3f9eddd38c97845cc173e77d17aa5ae69f06654edef07de6dc3c336741b691744da0a1477b48de3f42320f6dbae54669692d6b590ad971a272c4d1ab |
memory/4736-28-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/4736-29-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/724-30-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/724-31-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-32-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-33-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-34-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-35-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-38-0x00007FF698830000-0x00007FF699212000-memory.dmp
memory/724-39-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 50b300fec82fc922e4a0078ca9e29114 |
| SHA1 | e8913c581ea18ea586401c40b831632228a866a0 |
| SHA256 | bf743d6c978d254b6677b6da1353b2e4dba9891e1325882e50a7e80305abb443 |
| SHA512 | 06bd2bb237f2105b4f421a1ad9554254877838bb467093879803afbede4515280e2092707bd6e1747da12bc9892b03a256b537cc8e32e76e3819d6c95f57c2a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\7079201a-f143-47eb-9ccb-4e9277cc2f9e
| MD5 | 56534f12bb57837af7c405b1401c8b5a |
| SHA1 | a9ef601795f3db54337cbf951593a9877e7f5d72 |
| SHA256 | f3943928cdb989ed31d5fd4d04d55307f8a32759f18178078d1e7aabd1a13f19 |
| SHA512 | baf36d814724b61c9f1e4d8448d472effb8b4e11cbca3c395f9eaa371e20ca64e9e34067c4eab392536f3d826de549891be6e90ced8d3e07d32b661e176b5aa9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\8d111d7b-7613-4146-9ee0-dc660a363a56
| MD5 | f82f454138dfd867d1b822e08ed7d0c0 |
| SHA1 | 195dc91f2653874cb5a9acca5e5954276379a91b |
| SHA256 | c780e294836a385491b51a4471c2e26356298be5254f105f1c1d36f6193ac12b |
| SHA512 | 5d96495543f2ea797cdf5caee91abe7e2ddfa5478d8f40c18e8b6992ea79740d0370c73f0ce773092df6a49f1175c22dcf4acaff99acb5ac3d0964ae15d81b29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs.js
| MD5 | 2a5d7b68e90d6173c3df254a3f1a1374 |
| SHA1 | 654c3c40b5019b4fa9b77c408a1fcba737d13b55 |
| SHA256 | e3450e72ecd065f1eedb4cda5b9d6ececfa6c22e53ee10cb70a1afeb9e5b50ab |
| SHA512 | c8fbc418318e2f663d629453949963846abd0533823e8d6cbab2b9e7a63ea73c00967321823f87187f71a699ee611f67d3e60b5f2022519ebd8f5dc51a232d77 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7795572cea5f9b9287c83e2740f7ec38 |
| SHA1 | 9d7ea0daf302d5ce390188c424c5ee4a4c6d5c6e |
| SHA256 | a80cc3e7ed8f52e495f45e516e6ed271e6533cb730ae08e6d55a3c7a992fe60d |
| SHA512 | d9429eef35f4fe04c0076a81d2ca3c7423e2483df1f3627d82db5f22eac557a19d851ab18125214bd87ba0ae435fafdaaec2591b3c77aa0239e46b604d26dbfc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
| MD5 | 054410a8bb511dfb3697fee3cdbb1f1d |
| SHA1 | a86da274ee8fa47a298176c315e6f758b33b0249 |
| SHA256 | a086c0c335993d4768310eea5171627385b3c97c2961512cd0ad5cc207448e36 |
| SHA512 | 1b57bf22ad1695e3606f8746b208df11392a7ef49fa00b20749cced4bd2acfd786eff1117110ff9142c9eedf7a59b3c8a8d30e877110b48e89734ae381bca5e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\14046
| MD5 | 17c658b0a2b9e000b3ec5d9858f2c7fa |
| SHA1 | 8dca68cd67a59260eddb1126cc0240dd142d2001 |
| SHA256 | e95b050755a85e40436837ee8cab5cc1cdafb2bf8f23c4afdd34615e9617914d |
| SHA512 | 67b69270465364d0a921c7ec93a6165c6ef30f4332c4ab04553b1d8085c94bb36f2c4e37e705c5bf302d726d3d1ab23d9a14963ac5439250f11f9fdb796e5d43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\13407
| MD5 | b4858a510b9f3db52c30ff952a0bea81 |
| SHA1 | b83a5e49965c10c4a7a3ef53669d63a72dfdfff9 |
| SHA256 | ea6d3094850ec91fb9a1e67e10d99d68cd8f2f59a25df38987cb5ccaf54f0826 |
| SHA512 | 1f3743203e664423b1e84ea83d46e6db029ae576b4442df7a6f15ba795fbb3575708b327c9b89ba287457b14932e4cd5d7188315cd78670870d778c2578ef4b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\31093
| MD5 | b2555ee271187aee78be26c58c63c92d |
| SHA1 | d3cc1a6417b7990bab5bb4f0fec2462720787ac0 |
| SHA256 | 39827219c971325f2e105f6c9525b1f5960a3d024c8cc4c4a5868fc2236df02b |
| SHA512 | 250fa61b495d4d456d79480f0ff89df40d87f7f6233e8e7c007b6255c18f1a055926b5a4ae1ffc7d92b712b89e4cecc621637fab265a3e1d2398952fc39f4c0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a595d28ae671b1a9c4ee9fcdfb710fa |
| SHA1 | 0b84c2c73196912997977c28a5adae6e3642f723 |
| SHA256 | bc15e22d730e2a2cf29565ed8dd9d7951f32bb1f354a3d5510b627f2995d62fc |
| SHA512 | 5793831f0d9dd4645f35b97fff17a5f882f849b369f5387bb9c8d3f4ee79f6b1b4239658a6d7503242d8a4790cd61a26c46ae8459863992cb0543be6b79419ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite
| MD5 | 95bb45107dbf89678303326729914f60 |
| SHA1 | 8715d9f36b47ffc2dc2f67262e27631f01c18f29 |
| SHA256 | d058d1aef5de3d6f2560b0df451f1096eedaac4a1e263e916dd5383cab55efed |
| SHA512 | 2b879d66f5fa2722e23ef96127a0afb22db3ff6ea13ff368da508aa7cd3dbbfeaffdaaf1c7599828312b292d60765144e70c91714551175539c43b2bea83a03d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\10189
| MD5 | a847d2137a78b86bf0956c884bfd153a |
| SHA1 | 3dc2b412fa059046761c1158c282cfcec2fbd6a8 |
| SHA256 | 1ae951717bc22ba8982a62818354a8a9d71122c0bc80c328f2240d8c967b42e5 |
| SHA512 | 041f77172b9b75cc15e0d2db88becd9688b67319ac221181e2b94e6f22ae5e1ce43970854c7341ce6ec6cdd96202745b4c8a6fab0c227a26b3fd83b82eebcbd7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
| MD5 | 1c9e4626d94a49ba433ff154a728c64a |
| SHA1 | ce53dff1be0106c8d7f2ab3f11f81f7a0410cd83 |
| SHA256 | 903d9575b95a41f70202e4d1479640ca67334b7c561a5742a19ff81ae42eff9f |
| SHA512 | d32cd9223fd42d33474439faba0070d4860b2c62c02d73c7fb1ca21e3bffb647d665c0af47b12c812af3331138ccb78382d6e2c0accb7cfb24c8aa71449975b7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\21455
| MD5 | d9428d4273a7fd54af9e0b7f575de62b |
| SHA1 | c4f42100c8674602f56655b39eefc47d85979c72 |
| SHA256 | 5c4a45771b17ad3d3bec3699315f4a1eabd3e3b177551c0ce6ff571c6ea4f88d |
| SHA512 | 3733caf3fc27f471eb947fdab4c629220511af0f8ccc641947713882b94f72036307cf1dd7540de7bda8643b4bc25e9b158e5ff5cd811a0e4f7a704613729409 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 23e5e9cbce56dddd01292f782dbdd408 |
| SHA1 | df0425b74e75df644bf42c5fe3cba642b6d315da |
| SHA256 | 541ff6e47f1f9b98d0eebf8cc7e6ad8748ff29f12a2224c944e9b2b836798db3 |
| SHA512 | 4e40dc081aceabb0eb74867ad39f9c4e7022e9d701d7fbb22cd51241257bf9b6dea1cc34a8b1dc5a0a9f870d66b2699fd1687acc0c96bf988c5cfa04a0d95307 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\24395
| MD5 | 70f873271c351102318be6611b491a62 |
| SHA1 | 1d820fe264fbca60675dce962dcce9b61fc43009 |
| SHA256 | fe622c44aa0103e8804d2859d1502b45313bbc3c5c90ca9a49d93da8b065ad25 |
| SHA512 | bed80b03cd66697578840508ebc3cda9e8594ace1ec361d61518fc9cb255599f8b1ba7a44039ef2586add382814d6e1ed13287f0126fc67c931193c0fdabf194 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\20356
| MD5 | 61306e81aa460ab046b642ca7e58cad3 |
| SHA1 | 97cfae6fe7b9eb6855c2b6282ae694c3f630dae9 |
| SHA256 | c8939d0e18c89310b57f7278c8c51ad1398c7ddc2f4324cefe7b0fe81d3cd1df |
| SHA512 | 2d72311610cbc7205d1342576f71f125b2e251e4ea6debda526cd35cc6ac0a7e18f41624a818f4fb7ef610b15cc90df32fefc35bad057e30593c0bd2d9e19764 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\27128
| MD5 | 62f1f34ecec0c6483ada2d2860b47569 |
| SHA1 | cd41400c525f6b31df1cf4db5260bcde02e16a87 |
| SHA256 | d1f656006a0b5977a1406bb1d38d9ec36e747b3801205d62c9d40ed8e5b7063f |
| SHA512 | 2fd6b8abd3372335fc3594fd59b1c3af03941d72f2257592a2c06647442dbf6bf85b1d85071ebb5beaaef2b5090f47dd2b00061e59f7571730eff6221075fbd1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 54e778362c09059ca348528be744fd08 |
| SHA1 | 95ce3d2cfb3a57284024e80484876ba0a43ebf68 |
| SHA256 | a99011d4945a85b0dd11631086fd0e82f16711d06de6f772a080f7c79446ba93 |
| SHA512 | b21d782932dc0e03e7ebaddf14dd0982f6a51646a4540660b6edfeeb51e355e8e84ebe54085d8b225ec4bb0da082f621363ed1f5bc13e7786e72b2606e2ae749 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\26904
| MD5 | 19f76abea7d6831b672b71e280dd3677 |
| SHA1 | 7d377313e9b5b4acc5b5dc1576edf7f365bca285 |
| SHA256 | 370bce3b41bcbceb27f56f00acfe078fdcd5caa428a6f4984b58e8914ca1fd43 |
| SHA512 | 24ea771eb782080445ed2f4dee21a0e16106be6d23418a4f52fdc10a6d1d8f417548813e0d459703da538e0172c83be44ec43fb8e7d9cbc2cdf5ee25377b6366 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\A876C8AF86717633E6E46572013B957E820A5E24
| MD5 | ff76b2f6e76b6499a18a6d72bb8ff346 |
| SHA1 | 65272b2f60755ee36099ad0072080888ac0f9628 |
| SHA256 | b73d1c9c23a7f3666ea1a410796be4b841ce69478485443e38b5a7499f4dd0dc |
| SHA512 | b525b0f54b91dbf80c3ed3facf968ccbc77a7607bff2f23d7f2fa3fa502a5b096c24f8b98067c317b50e7a36196bc100599c4e6f6c5851413caf0693006c1d23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E9F5CE1EFF9561ED5CB2C8689ADCC1CA552816A8
| MD5 | 50ad521bc7ac47ae33f536321d6ed16a |
| SHA1 | 1ec714cf761beca1214b461c3364d66e550d304a |
| SHA256 | 19c4cf1cdb882d33539b7c301abd6246b01409cf2962609db82ff5bb5fb15a1f |
| SHA512 | a6e099b39c5abfb1adc7233f3a9bcb861b5bf0cb5d9caf0516be15173bdd23596373b67e4c9995ea7b10de202fe95103ee851cab92240a8c05b683dbbfa07ee0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\03BACB353CADE4211C7FBD86FFE8C0907151D624
| MD5 | 61f712a5ce5f3bca0634d1d0948dd724 |
| SHA1 | c72919b0bf5342bb4b7867973aa404da0d3ebba9 |
| SHA256 | a6b6f89e5f2f847d4bc1fbd7890c12d37c6f028fd31fcb7a7c9a3d2ea86f92eb |
| SHA512 | e43b798df690c250a2e83279251e88e883ec6ad24b579f0c3bf7e7cdbf7a2da7e0277adf945485e89f0f1d70fa3e89121ed339a587ef0f62a47a8adb1f7f071a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D650AE16FF1E3AC7B6DEEC7F9E98084CF18338BF
| MD5 | cff73cf9b4db998709d6014dee7a4f1b |
| SHA1 | 620d9a2317385bcb3963c7cde2304423d3b4776d |
| SHA256 | b0a33c27332f931e9c8cde78f82a9618b1f5699d0715bb88e61ff417e65a67a9 |
| SHA512 | 324313b0c1ed8cc1bf1dd5e4202c16998115c3bef47c0bd812572dacf4cb531e4d7e3b9cb4aae63b679fa9f55f2a8f5b3b2d2aebfc07596065a09c6b40716fa4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\23089
| MD5 | 2a91d0f6263c15470c0036ed274cbdfc |
| SHA1 | ad898c40b399a2cdc65f7b97cd6f6fe8552fc29d |
| SHA256 | 38e468770be5e1aff915cb795b645d6ba347496ef4a02b18be097c472000a67b |
| SHA512 | 27825b1892ec92dd07297d27208f00f30778b0956ed8c365b0309a8663c6c26b7c6b1bde1b3e1691977b2bd3de78bd3a418a137877e46421f94259029fc4096d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9
| MD5 | 4c85f594fbdb2c587ac50b60dc0b759f |
| SHA1 | b773a5f3337ffd2877cf181e85449bb89a04db3b |
| SHA256 | 9beeef0b9a948e8dbecb64ca245dbf953a899c3c4653b7834b479cb7946f79f8 |
| SHA512 | 8c384e7f1c6997244f579a8b0c2d64fda57008af29b5ff9e2239de8fd33f0e60b67e6ee90dd718b7b2bb242d1eac823b360091192726d08455b1d7a49240c9aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\1035745CD775C8F2EA5D944CF4104E3E022D04D1
| MD5 | 7a0c4f558e92f944264e5a76b5c42d17 |
| SHA1 | d39478448e28a74467f8b35ce07c0a31edf75f56 |
| SHA256 | 603defb8301139b88cb9b6f60e3c7921e36dc94eee14a06a6705772fd62e6d51 |
| SHA512 | 717e444ca7546a189aa8470f6d686ecbbfada10f8eebbf052752d92b3767c4477a6bd638def5ce25119026d8416bc68539a54cbac1b6e37e2643c0c706e07951 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\B63631D1F32DAA02D0B8D37E9B1F3936B6035D2B
| MD5 | ad10d5b3c42f4044744785fff6df48de |
| SHA1 | 1d32bbbe30c940af482bb98643b348934cdf4472 |
| SHA256 | ba26f225d29353d1efe911953280a79d70c6259aaba381a58284c9cfb60b553d |
| SHA512 | bbedd1c331f8846469c79601b66e166354ddedae1cc649b6b9570ee9ee98e527d664985ddd974f880f0d4e958e345a05d35f628ecd63e2db0e5d6402a10411fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\676F53BD50D55A473724118A22300E3D73B7E9A5
| MD5 | 6c40ff419986777b58c26b8e94b8c9e0 |
| SHA1 | 87312be008a6c00fa4caa77f2c8509b63f33fa86 |
| SHA256 | 2cf3ab997c9003e6f2066c5c78e7de6968d799907df8ce41d2c41568d190dc1a |
| SHA512 | 007cb64e191f57b2df5d4b62b98b86d22ea0f249896e7d0deaa919cf10a69664efedbec149fcf182d165b012bfa780f9ad73787f16d74bef577712c9734aac94 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\FD3DF1245814CEF02B3B0575535222550943C3E0
| MD5 | 623f273b569cb72f036e6be8736ee998 |
| SHA1 | a11b631014d54b5d37b788a5f10f6a3acbe3f186 |
| SHA256 | 778c23c607872a4b38ebaaa2f5688b945747cd89d73eb7c8b93ed57949a8e775 |
| SHA512 | e1960240edf51e5daead9912a67b6faa766fb2dca70326b4906e53ce122fcd95cd3861c315fbc86cd3de27903bc4d19af1362d7f0a7ad0116198f256ede02cba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\73D1920A309DAD3BBED6E3A0041FB59CC8ED4C29
| MD5 | d678b4e50ea82c6ebb125215a2ad1e48 |
| SHA1 | 2c8c2c31019304317b0c6b1f478167ee5323b229 |
| SHA256 | f6b2ddf3031e489ae0e0800904711addf31398ceb8902cac8851ada725d80644 |
| SHA512 | ceaf14766b7a77a9144c4ef7ed19e34d7080b3220b8c49b206fb68cbfb58038004ea105de58da852c6219ed5b54ae20a7df0be7094064053a219c686fd1c6fe3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\78A3BC864B0E8CA9BFF2575B2E4ECC787F243FF0
| MD5 | 7dc9c385ea309fd72cb7812c01488f7d |
| SHA1 | 57cbafdd36c747b9ee09ffe765bc9f9174c5a528 |
| SHA256 | d14aed5a7a1593fbc0741107552a4d88806ee0936977ae1ff0f86d3bca8e5183 |
| SHA512 | 1c1e90b2b7cec40252ddbdb2eb3331af7d6e0fef7cba82c2c0d3904b039b823036aee4f2e7480c61cd995e4f2f96deabb60334736410e56896e5e5bf30d69881 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\40FF8CEC2B89AD303C929DDAE88A2BF69C8A6A04
| MD5 | 94855a9513a054d84f329c55d5ceeeea |
| SHA1 | b42d65f1bbbc5dc5f302abf01639c3f86a637179 |
| SHA256 | 9bee73112b7560aa7c27d7bf5916f41bf9b9037d8943e6444454220fa013e2f1 |
| SHA512 | 4b3b09c6a825e186ab74b4c04ca0cd2dca2b542e596cb7228202055a9cfe40225051c85f0e6c3077794a690c3be933ed8001a1f4d73f892e0b830dd088bf8ccd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\4CAEC6A00F82F14C35D0BB4A2B63E1C19D46292C
| MD5 | 8ff3bad31a9290251f57bc5f838f4bc2 |
| SHA1 | df8f987ee222685607a49f587185b3799dcecd5a |
| SHA256 | e5a02f566dece4a35896f780acbdce915e10ebd6c0a21be19b2119e130b20b89 |
| SHA512 | 132b7daaa7a9e18dd866a6f3037530f2017e1971289bcc7ffd9e298a831c60a058f3ee6d17e2f9fd49ab128ddb6debe9c983b7a17975b26bb8762c6c91cbca7a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\F467DC593C942311F43EFA68A99ED167358E93E6
| MD5 | 08209cc2b3db8fc4b635d797e0759e78 |
| SHA1 | e91e787b4045d4231b78ed9c732b61dce6ccc2e5 |
| SHA256 | d66d912d37d7581e5343c55f18fb4ec6fbd8284c43c896ceed2be7a8c2c4e01a |
| SHA512 | b53a814baaf13dead30aeac022b2aedbb4f3bed7cee1b70bf008e143bdcb6d192e48522839c0a02712e837e856fe3a4c7cc184297b8185e5d8a5d4ece835edb0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E1E5F90C5D42E8AAF6267CF5C1D4F4D7211B2A50
| MD5 | 18122afa7fb617b9d043742ef77a3101 |
| SHA1 | 7d5c51fa2af6b0c18141186219bf400eb9cca674 |
| SHA256 | d5cc829912b519e9b094380a3c517a9a19362b621b3a6d77a99d05de5526e953 |
| SHA512 | dfdc5a842360bc8357043dcdea9c5dae5524924f6f5071de0868440c2e2ab908cb937d7b333cd6137396aab8db3c3af7e211de3301898560bd1bfa4a359fc925 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E
| MD5 | 7bf9997e0a3f2583b7599077de24bcf7 |
| SHA1 | 63b7afbb97326a009f252545fac9f539b89468b1 |
| SHA256 | b27022982964760d59beccc8b115abc1a8a5c130af1f7b68a125a21f90225ed4 |
| SHA512 | 2fde2f3765725aea06bce96d2a1aa0afca6d125cbf8eaed7d5e0d325a9cad22b06fa85a34dbba358aeba6f655a548084e140740bd811897d5cd0a79d82080011 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D3B8D5A427999F353F67E20E8DE276A0E7258D03
| MD5 | 3f793bbdbd48a1a2ba10fb84dba1eb24 |
| SHA1 | 40aaff6f23aa740cdc1dfefa4f0462656326ad1e |
| SHA256 | f418050fb1e454c9943de579ff627a6d369c292dde60fc3fefb8f1473fd6d0a6 |
| SHA512 | e4778fc20a09046c81176e0bd1d43016886c232a208cc1d55e0fdb1b632c0c2fc29452b1fa5a7b767319bf1c6d1db810b30379f7ad89ca52b72b3fb0f780d464 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\9353
| MD5 | 5ca59666f669392bb09fa519829755ef |
| SHA1 | 1c2c937e196ef12f3d1b1f84246e45fa42bc4182 |
| SHA256 | 4c5f51b932aa622ca059cbd807a54360aaf4428d3196a773880daa3c6a471107 |
| SHA512 | 954c2f49ac5b00cd7f5b17502f37a72eb6cdb280e057c5e3f4c5d8d281e361d3bf1b16d6c5ce4a84b76ef13cfa19803088262b7cf0c189f9888109fa40b1a456 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82
| MD5 | 151a4fbaa48ec3f06f719931f5d2cb8d |
| SHA1 | cc3182a44fdacc0fed65d7c308b5e2fbd5943c74 |
| SHA256 | b8fd79ddbb96e4283bda8aae85436cd9ad863d902d2d9e3216b15793c3dbbe7a |
| SHA512 | cb0076437d82ab86419d05446a631888540a1e89c7964d5a9e57736a4fb93cc47a762cd2aeeb0a46566627353d0ab62831acb2f7d64cd61e9a7fd7d1c062736b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\3CC64668187C540A26A18501F41B51C0CD662225
| MD5 | 7cca18cc37129cf8b756ec42bce16f43 |
| SHA1 | 420c2d0e3994b351be7b18caa3c6302d657dee54 |
| SHA256 | f74ac9d693bc0ec811ced3ea2dd42b1f1cfa56a108751f85aa54f97e6ad57b41 |
| SHA512 | b25b2260beb131781cc6d7bf31db2b8eb8acb8b4e0daec0cc6a2416d79d189dcc21ab286781e573af385d017d44a0e863434f54ac37393e3c5b705e687415125 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\13100999CDCB48F8DFAD8139DD6CB3CB4310D4E4
| MD5 | 826eb7a505c47b25234b2f4893f46fe2 |
| SHA1 | c0480178b0f76f4502c7d0fd6a97a1db83e91500 |
| SHA256 | d2616b1018ce68e64ae929afda61e76dd0264454611afda6c12c9c9b2da28705 |
| SHA512 | 66b287d9039aee62d7211688f642066e97d801492a7167665f856e1a5820b17b0ff475e042dd2d708ab6252adcb688c099e67a0cc4e37ae26921925acb8d6020 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\AB570EA2579BA1062636CC391BF4DABDC598C1D1
| MD5 | 40686a86a3a4e4ed70624b2136978b8a |
| SHA1 | 7711eea14f2b423e2442103c02b684564b969c05 |
| SHA256 | 521b0fe84f13f3938dcb8996230c0ad8e945c2851ef969ebeec93bf4c2c11bfb |
| SHA512 | 364fce79257a6ce9ea7a2a6a885450051bdb74dd77bdb744ba2e2a4249a98d7f54931a55ec576e376c1bd0332b06abb67e566b5f70629822531a619d259828e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\C038E08DDC848453FEBB652E259CC372D01C76AF
| MD5 | 82655c1323353a93368eb921709c8a05 |
| SHA1 | eb933d47c13df22354be97c741eba3b3b393d930 |
| SHA256 | 271eb582ac56c44569328d9a1ecd73c0a4ad776dda1c843b244d60df1050a566 |
| SHA512 | 58ee2c585f6c5ae7fabf327854c448d0679393fea33f97af2790af2cede7f26ae957d6db6e2ad332126b0c83b6286610ca813df6134f1f761b0f34b98cda00b2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565
| MD5 | 226f834f71c5d7dbe229091d3a5214f2 |
| SHA1 | 9de40238484aba27698daf7aab4ed6380a08b55d |
| SHA256 | e50b0d7a838df20bee4be79224d161190a9a526ea53a3be8d063a59feca77dd6 |
| SHA512 | ca3938097001c628df90e631f670b46535d376cbc601827e7b3db6f5e15cf21eb9fcb3666aa96dcf4daf6c406a04f8c2e5180151706681786f5ce34647f87cf2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B
| MD5 | 597849fb9c78cbcea66524863b141c13 |
| SHA1 | 68f71668609cbf37dc3c171b2d695925d651a6bc |
| SHA256 | e6c8b5d2909d7407362d2426f874b4f7d9d7500fa0f9431e9bb92ffda269d759 |
| SHA512 | 8716be2f27063ad6c825d3e743083f8b34b0d5ab4b6809cb1850d4e3136f7b4ce844ba3138f82c4c523a7483b3c40c56da0263b8f68a93781a7c3cc417bff38f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\49C23632D0EE38F9236B578925F2D46F08C86EB0
| MD5 | 45fb9dd50198bdd7112ea193bb26b21b |
| SHA1 | 66ab3497c86aec88103b804051ffdfe6ff721d1a |
| SHA256 | 5985af937d1deca293f47118801ca49f56eb36115c486aa4a803b9523445fe58 |
| SHA512 | a558d765ab965de8eb530c2baa9c0798920b2af1cefb1e46b9de6ce5a75665e113dd89687006c8a4e9f7281ad77406a153604dfe69f5ea667aaa1feb9d5767c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\FE3CFED2213AB159C4C08A5CB638CF78CB46EDA4
| MD5 | 568eefbb9f94fb34793d4b8382cef0e9 |
| SHA1 | d60829ff88cc3c3989bd72740aab5bba17ee069d |
| SHA256 | a6f274ec1334a7d18c6bc97bb89abafa5534544c5dd56c9c7a494970d1f99c0b |
| SHA512 | 8659c1f1ef169cbe6a01bedba72677fb996ac6ad6a7eb807442c9519e11260ec5e20e72e345ced6525c639d90d770bd03ed25796bf03574fa73ef937101c8586 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\22640
| MD5 | c0cf91e05a10ece5659aa4f7c55dac44 |
| SHA1 | f8cf233782b6e4efc320d60cc549e4baf421ab20 |
| SHA256 | 4256d6f4ad17be6603ad197cb33f8e61baa1e2b75777048f0de6a5cb05775a90 |
| SHA512 | 36c2380046406489549bdd884dbc20bc0e6305faa107b31905e65110a81b346c88de438e15fdafa1617d773891d8f6ededb3d2232525e5e81a01baf76ce81de0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\29283
| MD5 | 55c130f31acbfb1c0da982bed2dffe39 |
| SHA1 | 220f932efc9f55aca5c1378246bf78e3ed7a3021 |
| SHA256 | 1a04c50f53306ef024db04ffaac727eef7cd1d67217405b4858ddf9f9a3c6d08 |
| SHA512 | 7af0611cda28da0233272cb9dee5ec6c0e27dc7de757c04e655b11edcb9ec26af03b6e975dec8163d58ee6bb1d0c0cc42b3f7c722d22586a34dfbba49866d72f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\30027
| MD5 | 50a758348df9ffcb1c4347281cfb17d6 |
| SHA1 | 179122b15897d216b0df0e35cf006100593eb93f |
| SHA256 | e0c28fffdbd354f75847e7c772731ab6ee944d0b97c003a499aea6404b722f3b |
| SHA512 | 85291190c11f16c0e06ac27c09130ee6959f94973947cb281c9a6daf9b43c30403883dc6e492c59a630222af0763f77cffdd5d61b73fbe5ecbc5dd7e7b60cfa9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\7090
| MD5 | 957f9839e6e289dea235a786e3745919 |
| SHA1 | 51c68e1bac1258597b2ed581baca8ad9fa28f242 |
| SHA256 | 1900c249d04eec14f497c64463bd0676355962b00f419a28077a9d94230c9856 |
| SHA512 | 91376f465e493af412b10188700cfe6bc73710648970d549e80b43737ced869f2ff45925b103542f70350af441019a1192aff017c6faa1272cad3e1611493bc7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\29732
| MD5 | b45a9f76d396202a7fbb854d84cb9c42 |
| SHA1 | 6ad81dc2b858e83e7053b785042796db1043ff03 |
| SHA256 | c3e5979123747c9a3db83cab02acd5c006eb9ffbc8321452caba322d7948544b |
| SHA512 | 990727c5db2906eec44e55aba18839567987ea59d3833c06f31315fabf7f161c5ee6071eca61c598fae0828565cf15d65143c127e2b14017da60a27a509357f2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\5080
| MD5 | 1f0edc3882744351816cc9f44fae94e6 |
| SHA1 | ed9463a16572801585159b3672f588c66e5189de |
| SHA256 | f30d30aeb15ccda7f9933356856edf77bab8e8e4ed5de86a461710271c58e451 |
| SHA512 | 7fc4a261baff4dc3e98a20b372400aa026115fd2504f17cfd263b25007c31852dcbc605871387b0ff39ab362c637a205e9979aaefa623d6c70094d9ec5045d2c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\16670
| MD5 | 4aee9487c7af6be01884aab05a7ea994 |
| SHA1 | 60f220ee641b60c601a916454d43999e7f405385 |
| SHA256 | 31eb2d9d74ae59c99dbf5e0950e0edb97afc70767581af4823f4a8ab68c7b376 |
| SHA512 | 7d20313ccf5e796939d7478b9686fba5ce2e25311c1346a560a806c629fe6766d347939648bf5432fed583db7998a02985816f04488b866933b4d6f5355e6d45 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\10251
| MD5 | 5bab6952ddc2e8ae447e48e652611e55 |
| SHA1 | 027398b59a1a8b4387e9c4b697c0230bf863379f |
| SHA256 | 17f60cc0f1ba1c7adbaa94af60fc4b6fdd3674fd0a72130a7f55998342670d5e |
| SHA512 | 605dfbbc40df775cda0e199617b82708d8e48849b55840c288a420ddd11ebe824b8f5ce161c9e750ec8c3be9d3997bddaa4bdc574d90174897168181e7ef085c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D6D249995A7FEE26FD401EF0955C685621C6FB57
| MD5 | 12ca380c975552ae3481bc85398cae1e |
| SHA1 | 92a2abdae3112188a3b78411d46b3484d6846f0e |
| SHA256 | e3638c553876b2594b93b7c09a26b15fc3442bff8333e3eb59d892beff28a1c5 |
| SHA512 | 9fcbb9135066215d5f2f67bc79868ff9e40f3dc2993419ecb7cb8562d1653c0f323dcd380070bbdef37434f36bcc22ebe5b4396eed279bf68e35391b7640bf4a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F
| MD5 | 64d0f9bd236babb6be7bdd75f6d5c2eb |
| SHA1 | beaa58195e044d2fd9f853e33222458c9d4d062e |
| SHA256 | 5169c14815122cc8245f3c24f0fa61bd7e15ecf40e434d298f0c66060cb7eefd |
| SHA512 | 21e19e6da21a4e219fdeb1cd69ef325576daea7fd3fd5e8d5a8a62d5bbf3469ce1cdaa8f76dd17bded277b970c4359f9975fd6f641e5aa2cea3542e6de9a9cdb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257
| MD5 | d07298f8efd30293deb93457dfec04a4 |
| SHA1 | ee495fa55c7e5fb7a474853b0d44945e22ed3384 |
| SHA256 | 9f98949e1339e65ce0cff37deefe6eafda397934724a4b9ea8390b74ac1d3ab5 |
| SHA512 | 97a113954d0f0106cffff3ac93efca5d6c271dab513a702dc9a44ea3234c79d3fe87d0f44849e4732051e41f0333654be60e30394a44e0cd9eb8d73652edb436 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54
| MD5 | d4517dcaed8271b2ec4339fd33f1dfd4 |
| SHA1 | b9dec46e789e948ff560e4fc5d1477c4bd4e50b0 |
| SHA256 | 5b24467fc3e3a46c822e8385c60633536c96d88873fd9dc29ce3880024aefba5 |
| SHA512 | aeeb37570d8cb062592f4d2b6c47f554c1b6a605ceed6c5494dd2b4b168297e847a92a2c058981d9f167c4a33e8fc54103733c4d71aeafb078aaf2555ef9d202 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\9E8A0AC0C07480C226400E47F9ECFF67DFDEBF49
| MD5 | 69167474bc16ebdb2342f955c74f7577 |
| SHA1 | 68899df28d121a3115a6a68e05edd186340cac1c |
| SHA256 | 2f0142efccfece8b494e74f9a3fe6ce84e2d151f0ff72877c071cc47ec4f94f9 |
| SHA512 | a3f5699a2791efee01506f0f85c6dc1750b1f04c24aa84b3aa7be22193e2946a71d16c6668550bb59370de6f8f1fa596671ea538b7e2edf0ecab8edd2c10cdcc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134
| MD5 | 9e1e054fd15cdee324900009bb0ab985 |
| SHA1 | ba6bb86b955856ea41eea4c3f6b69ac80b30c13a |
| SHA256 | 4a41a61da97d288393d28ff5989546f0aa60956393405d07686f83a7403b840c |
| SHA512 | e7aa6cea106020ccec81866d84cb23a422687ed45d6f9704615620ed9b7fc5c597aea103ba226be220b1b7779f8a0d806e8bce70cec471c0430fab2c5c871479 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\30854
| MD5 | aaee21627503b5df4a5566715986b39e |
| SHA1 | fb7bf1a8ef2b3f41d7bc24b83a9391b7884e18fd |
| SHA256 | 9843b356fa00bc7206c25e38b1309a017b4b3895d1daccbf114709d3523b79a1 |
| SHA512 | 6dff203fe1fa27432ca9023c3db139ae9a9a4c32559fbb2841ba9f16d6a912eef37a0058c653e6e9c6f8e381cf3f359044700f901565215cf1a71198a424790d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB
| MD5 | af12398f602a5d19e3d1f13125ad2c62 |
| SHA1 | 7fee00e924b7aa2cd11cad25a2774c6dfc16871d |
| SHA256 | 046efd1d316e3d246eceacc92ba24c554e8a9d07980dc7b72e4a077be3238946 |
| SHA512 | 31d76ce2474716ea955886539ffcef25aa24f29c27c92fe69531ae809eab5b968cf9a82e70cb384e24fcb3b611af6524aafa4bf784adc687fdc2a30c95a8a4d5 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.NlNaWTy7.exe.part
| MD5 | 666f69bae6e56a62b7af6cb8496f677f |
| SHA1 | ae052de936deeebe5fb8d8c059eb84fa38707c4d |
| SHA256 | 586adc8fe02d5ac562fbc338df3555732d9d0b77db7cad306aadec22447ce6f8 |
| SHA512 | ee479171bf4dbc0b7d690202e0a6c09ba88cac1a1a34e4f115c9d0c65f1ca752cf3d180d6047fa1066da933a48e8cac070d4f1dceec8abfd8ee1ab3590ff50ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 324cfa76ff6f956b0dcf2b78a31bbb30 |
| SHA1 | 2b6351f6d242b1b0e46ed0e3cb9465d81d12fa72 |
| SHA256 | 4260db04437310a66135464855dabf75078fef818ba80168585c2e6d798a4295 |
| SHA512 | 8d872512b8fe1a3f2e9ac9a8de05e89dec9b3013a31442d411c4aab11f1443a3eb6293d24e0f6f484dae5be0f9adc36a45334334e759937650f49e7a35b4c1a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\9647D16F86EB68A0F68AB6B7F44A1856CF698550
| MD5 | f7bfc9b4ecf9fb586a7f9784778b2c4e |
| SHA1 | 454e4f91a4458f9a5492e4b7d420c9c836fddd99 |
| SHA256 | 7cc7480bb6e0c8ae61b8d33ffd90d27347007a75671df50243a1da557cd22c9b |
| SHA512 | b555a7ad8f3a34828136716f2a668cb0a7afd349ffcef69c166c612dce56c85b0bf245617e60d7470d8592c0426dd30a0d76d74fbcf6a6500ce26c869d955f7c |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 9c04780c171c87286e4a12c1df06a6f0 |
| SHA1 | 8410ddde9c9bc4ec3da8419ec4a2513c6945a8d3 |
| SHA256 | 49f4b148b57b58808444a88f4674f7b7868dc2599c29b001341741508b31db53 |
| SHA512 | 59fbcdd87ecf033d0e817c1b4dea628fb9b4ca1d5989fe2572c26acb0b1c7b7ff898d11de73790024314409993a82547446b3b6ff1df16b5e9a102e50cabe940 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | 38b6f2169a14ec5307e210102a53bf75 |
| SHA1 | a5ab5a628a9678aa294c14ef9eb82a67f99094f4 |
| SHA256 | 31524d94d625e52d6a71dd415d82f79cf24673748e8ff1a2ee9aa1335de66a98 |
| SHA512 | 9408c22adb04c7ceef01f74fa72a320365f703ba9e4b90ed41aa23da196ce89fbf3b0d02dc66986f9dcb045b735aa776dfab8e7328cedd54fd309139629e3221 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e973210bd89c1a6a03b791c9de46d57f |
| SHA1 | 53b13d19739e70638556e66775537c5a5c98cfb4 |
| SHA256 | 99a18b730293bddb37f539c9a711d6eebd70a94abeebfb69690a9f654353d539 |
| SHA512 | f15a56b83bd823314a8cb093fced67a553e5304791538525cd2d244e05221738d75a291530dd7eb430196c86e33ea269700d01531a36916e7eb4c97f6d5461d6 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f54b7571f1901e471133d4723140048a
| MD5 | f54b7571f1901e471133d4723140048a |
| SHA1 | 1076f97284ecb4e0b53be62af0c8de7bcef507f1 |
| SHA256 | 32182938735b51764cb2b4f788a5ee316fbd56581aecb9698a77470981392b71 |
| SHA512 | df79b7b13d24e9f3c2fb8b62c58eb06e69f0dff88ecfe57190df1118f0c4e800dee7e6f10db41140c42bbf689405ba2a44f37521ba30679c866c195ef9732b2f |
memory/4516-1611-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1610-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1609-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1615-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1622-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1621-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1620-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1619-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1618-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
memory/4516-1617-0x000001E8EF440000-0x000001E8EF441000-memory.dmp
C:\Program Files (x86)\Roblox\Versions\version-8764cc9c84a5459a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_lo.dll
| MD5 | 864edbc77831a64a3e3ab972291233bb |
| SHA1 | fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe |
| SHA256 | aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51 |
| SHA512 | 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_lt.dll
| MD5 | 7071c732cf3e4b3144cf07c49d8eb44f |
| SHA1 | 3800bf304b44d9d27ac26bed6ccc899669dc3b4f |
| SHA256 | 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6 |
| SHA512 | be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_kok.dll
| MD5 | ca3465347e57624ee2a5dd2299d4f4cd |
| SHA1 | 551a151a8d49489c90400e18c34633aa2c2b8a4b |
| SHA256 | 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0 |
| SHA512 | a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_lb.dll
| MD5 | 269e84b82973e7b9ee03a5b2ef475e4d |
| SHA1 | 4021af3bfde8c52040ad4f9390eb29ae2a69104b |
| SHA256 | c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07 |
| SHA512 | db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_kn.dll
| MD5 | 60dfe673999d07f1a52716c57ba425a8 |
| SHA1 | 019ce650320f90914e83010f77347351ec9958ab |
| SHA256 | ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af |
| SHA512 | 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ko.dll
| MD5 | cf91a1f111762d2bc01f8a002bd9544d |
| SHA1 | db2603af55b08538a41c51fc0676bc0ed041d284 |
| SHA256 | baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75 |
| SHA512 | 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_kk.dll
| MD5 | bcb1c5f3ef6c633e35603eade528c0f2 |
| SHA1 | 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e |
| SHA256 | fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1 |
| SHA512 | ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_km.dll
| MD5 | 2ea1200fdfb4fcc368cea7d0cdc32bc2 |
| SHA1 | 4acb60908e6e974c9fa0f19be94cb295494ee989 |
| SHA256 | 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3 |
| SHA512 | e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ja.dll
| MD5 | b507a146eb5de3b02271106218223b93 |
| SHA1 | 0f1faddb06d775bcabbe8c7d83840505e094b8d6 |
| SHA256 | 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed |
| SHA512 | 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ka.dll
| MD5 | 3bc0d9dd2119a72a1dc705d794dc6507 |
| SHA1 | 5c3947e9783b90805d4d3a305dd2d0f2b2e03461 |
| SHA256 | 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb |
| SHA512 | 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_iw.dll
| MD5 | 45e971cdc476b8ea951613dbd96e8943 |
| SHA1 | 8d87b4edfce31dfa4eebdcc319268e81c1e01356 |
| SHA256 | fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d |
| SHA512 | f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_is.dll
| MD5 | 5664c7a059ceb096d4cdaae6e2b96b8f |
| SHA1 | bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec |
| SHA256 | a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e |
| SHA512 | 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_it.dll
| MD5 | 497ca0a8950ae5c8c31c46eb91819f58 |
| SHA1 | 01e7e61c04de64d2df73322c22208a87d6331fc8 |
| SHA256 | abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7 |
| SHA512 | 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_id.dll
| MD5 | 03d4c35b188204f62fc1c46320e80802 |
| SHA1 | 07efb737c8b072f71b3892b807df8c895b20868c |
| SHA256 | 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95 |
| SHA512 | 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_hu.dll
| MD5 | f4976c580ba37fc9079693ebf5234fea |
| SHA1 | 7326d2aa8f6109084728323d44a7fb975fc1ed3f |
| SHA256 | b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791 |
| SHA512 | e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_hr.dll
| MD5 | 0b475965c311203bf3a592be2f5d5e00 |
| SHA1 | b5ff1957c0903a93737666dee0920b1043ddaf70 |
| SHA256 | 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0 |
| SHA512 | bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_hi.dll
| MD5 | 34cbaeb5ec7984362a3dabe5c14a08ec |
| SHA1 | d88ec7ac1997b7355e81226444ec4740b69670d7 |
| SHA256 | 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9 |
| SHA512 | 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_gu.dll
| MD5 | f9646357cf6ce93d7ba9cfb3fa362928 |
| SHA1 | a072cc350ea8ea6d8a01af335691057132b04025 |
| SHA256 | 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150 |
| SHA512 | 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUE5BE.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 4ecfd0170a5ede32015a35e6ec9607ba |
| SHA1 | 3ec16c6060cf13cb3ae330bf6c2dd340c9c22ff8 |
| SHA256 | f86ed0ddd95bfdeb8e011b4333aa0275b0f3cc34de65dec55b541bf471e696b0 |
| SHA512 | dd650e48a2a63cdf490f8142e0326df5c73f92e9d4ed8121e6d7f8d4453f84410747025cfdbb5551fa13cfc9f0986ff5b219a271f0e239b64dc73416b8c06373 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
| MD5 | cf5144a59c3b26558c05a5226c4b53fe |
| SHA1 | bcf541fbd1bf0168a2d63ead5b06d8918b89b296 |
| SHA256 | 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea |
| SHA512 | 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 1b0163ed1f941fc63ff5246320d27bd7 |
| SHA1 | fc8e531efc674a6b20170bca039b5bd53cde82c3 |
| SHA256 | a3c0297a012777f38d833a1885b28728da5bf776081aa426f75b425dd21a2889 |
| SHA512 | 3bf6ea22d95fd40c406a53f5b796c33ee50b03a55853be52a508420a31084c47f62a00c239ba43e6ff903048b4a488a700c41fb4e99fb0e5abb0f2945be29945 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
| MD5 | 35639a380bc4aa4004fdcb3dcbc32364 |
| SHA1 | ff3873a9959612a753b5a0c433f07d8dd81c6e35 |
| SHA256 | 57ff4cf03803473d35eafa2728e03a9595e580475522b40c2256309b7f66bf3b |
| SHA512 | 2de70b3c6d464e2f63eb6bc5178ffbe092b448956880cfd59bf7229451ff0573e8bffe04ca89d26929e13443b5a878ba3f1187a7f8be64032334125920782500 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe
| MD5 | 149e6b831dee17cc2122c64124654b5a |
| SHA1 | c4f67f0781345cfc6fdfc5670dcbecf3848afee2 |
| SHA256 | 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40 |
| SHA512 | 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085 |
memory/5960-2077-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/5960-2079-0x00007FFF5AC90000-0x00007FFF5ACA0000-memory.dmp
memory/5960-2080-0x00007FFF5ADA0000-0x00007FFF5ADB0000-memory.dmp
memory/5960-2082-0x00007FFF5ADF0000-0x00007FFF5AE20000-memory.dmp
memory/5960-2085-0x00007FFF5ADF0000-0x00007FFF5AE20000-memory.dmp
memory/5960-2087-0x00007FFF5AE80000-0x00007FFF5AE85000-memory.dmp
memory/5960-2086-0x00007FFF5ADF0000-0x00007FFF5AE20000-memory.dmp
memory/5960-2084-0x00007FFF5ADF0000-0x00007FFF5AE20000-memory.dmp
memory/5960-2083-0x00007FFF5ADF0000-0x00007FFF5AE20000-memory.dmp
memory/5960-2081-0x00007FFF5ADA0000-0x00007FFF5ADB0000-memory.dmp
memory/5960-2096-0x00007FFF58E20000-0x00007FFF58E30000-memory.dmp
memory/5960-2095-0x00007FFF58E20000-0x00007FFF58E30000-memory.dmp
memory/5960-2094-0x00007FFF58E20000-0x00007FFF58E30000-memory.dmp
memory/5960-2093-0x00007FFF58E20000-0x00007FFF58E30000-memory.dmp
memory/5960-2092-0x00007FFF58E20000-0x00007FFF58E30000-memory.dmp
memory/5960-2091-0x00007FFF58E00000-0x00007FFF58E10000-memory.dmp
memory/5960-2090-0x00007FFF58E00000-0x00007FFF58E10000-memory.dmp
memory/5960-2089-0x00007FFF58D70000-0x00007FFF58D80000-memory.dmp
memory/5960-2088-0x00007FFF58D70000-0x00007FFF58D80000-memory.dmp
memory/5960-2078-0x00007FFF5AC90000-0x00007FFF5ACA0000-memory.dmp
memory/5960-2097-0x00007FFF5AC80000-0x00007FFF5AC81000-memory.dmp
memory/5960-2106-0x00007FFF588C0000-0x00007FFF588F0000-memory.dmp
memory/5960-2105-0x00007FFF588C0000-0x00007FFF588F0000-memory.dmp
memory/5960-2104-0x00007FFF588C0000-0x00007FFF588F0000-memory.dmp
memory/5960-2103-0x00007FFF588C0000-0x00007FFF588F0000-memory.dmp
memory/5960-2102-0x00007FFF588C0000-0x00007FFF588F0000-memory.dmp
memory/5960-2101-0x00007FFF58750000-0x00007FFF58760000-memory.dmp
memory/5960-2107-0x00007FFF59840000-0x00007FFF59850000-memory.dmp
memory/5960-2108-0x00007FFF59840000-0x00007FFF59850000-memory.dmp
memory/5960-2100-0x00007FFF58750000-0x00007FFF58760000-memory.dmp
memory/5960-2099-0x00007FFF58640000-0x00007FFF58650000-memory.dmp
memory/5960-2098-0x00007FFF58640000-0x00007FFF58650000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore.jsonlz4
| MD5 | 0c016cc4a1bcb884a346b4c0b4f5572b |
| SHA1 | 03250be298dec6e20673e1ae03359446f931a69a |
| SHA256 | b5599800ba8b0e721a6765b386aae20af2fd5463157356fab4b836d2f3dc72b6 |
| SHA512 | c23bf8a9c30f7d9aa8e4c30725dd489f7baa085036c7362107f2e4312483b494b9359e0b29cd43dfb1ac2942d059dd7e4934bc8d8b49bcf549f8132f4a92877e |
memory/5960-2266-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/5960-2267-0x00007FFF5AC80000-0x00007FFF5AC81000-memory.dmp
memory/5960-2283-0x00007FFF5AC90000-0x00007FFF5AE85000-memory.dmp
memory/2816-2284-0x00007FFF5AC80000-0x00007FFF5AC81000-memory.dmp
memory/2816-2307-0x00007FFF5AC80000-0x00007FFF5AC81000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\cab12826-4714-487e-a927-6b45b83a541b
| MD5 | 6ca3e091e28be382c6f1fb4843e7cc47 |
| SHA1 | 246744dd689572e9b96c6ac8f1e28db3464bc7a0 |
| SHA256 | ce5a07b2d587fb7c5aca3c9de5585346750d20162b0270f0950317b742075180 |
| SHA512 | dda08c6c2ad27dc79697dc9b9cfa640bbca93ebac21511a9ec03e2b755a712a1a4ce3f900fcd1435fabf65775c4ff23cae450f7a3310b0afb3ca58c23b254741 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\4d7ddb53-fd18-4f3a-95c0-b5cc3bcdcdb3
| MD5 | ef4d17eede7abcc4adae04bdd47858c7 |
| SHA1 | 9288ec736d5cd93da3d401dc67c5d7b43d12d3c8 |
| SHA256 | 6ef8713697e3d21b771721a7d560f3d25f75e5ec1b6c4aa65731a805bfb60379 |
| SHA512 | b0597fd51bd756227c7adc82a1f21a35bae4846d4e697a7c2d6613696bab307d5f0c2af749dae99a673907c09e6686623a63c2361cb2160a10ad1d7f5da5b414 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 74b98256f442909f8314b8cbb6a82606 |
| SHA1 | d9a74f152bcc13088394ab2e46b401a9f2e1fcb9 |
| SHA256 | 2ab134dd5207a5808ce891f5a595a785eff98a5a6ead44446e3b43a324031970 |
| SHA512 | 75aff9ee8fe8113abe6e69546ed961f4e4948893bb79f18c9bc27927ee35fc16c8fc9dc5edf720d4fbf7a6500be82bf99480339afa7a9663afbc39514b339c3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
| MD5 | b584fa1b131058034937f2ec15ada4e5 |
| SHA1 | cec9587675429a0a40c7beed93bdca215186eade |
| SHA256 | 57ff6e35a9344519bbee94b8f491df3c769a3f6d1f3bd159b7bf5125a3db34f1 |
| SHA512 | d4bfcf27d543066a40900bc26105c52c24d0e3f46c4745cb3a0206cfcc282528aa36b29a101e869bab100ad347b95c42d69df1aefa23af34deb7a3eeea5c99ee |
C:\Windows\Logs\DISM\dism.log
| MD5 | cc05a4f907d5ca32846c832d8b3c4a53 |
| SHA1 | ee3950cad66058ebe9c4d438fef3d4a098b16218 |
| SHA256 | b1945fdf24894a49261c5e2a4a01e00425225c37a8f87045c330f3cd3eb15631 |
| SHA512 | 3eb02b81e66a1a139e3b30cd4b2749128309be17adb44598a66e649d5396c532649ccefdfe5b66a16b5876b7f58ea21b05ecb94b34c6051afe1d8dcfd04de3dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\9FD342D82CA1DE714E5809A40645416722BFFF1F
| MD5 | 7f75265cb059a41589d02d4b16adc74a |
| SHA1 | f51c7793a93ca201b767feec7eeeff925b77b297 |
| SHA256 | 1223c1ecfc09f870776b9baee87989f240bb6c4aee7d8b7231552887adf43e0b |
| SHA512 | bdff3bffd5fd2ef33a4fb86ed6681ce7791348b5e2ef91b7619e4301b4ad202f7bc0eb61a94f960d4e70eab8db178c0d607d1c4a7cdb9ba5944379982e9568d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 790c37007c5943f340fe18ed8397ce78 |
| SHA1 | faed07fed4236635ad3d753c9be0b244d2370871 |
| SHA256 | b299acae2785773c32b9f41c7b9ef3604e872112d497d82cb2b73e32c40a7d77 |
| SHA512 | 0c1404dcfde82c2981e75cfc5f126e7eea14ee70e0f37ecb0364fda550618670b8e029a42f20086d4fabab46a8873cc3b734584faca338b5cc35c9a1869ee53b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\B5D9B00549A67C5E8FDA11F8BBFCECEDD00925E6
| MD5 | b9fddad898a1726d631f929add238df3 |
| SHA1 | 15500c575ce0d50ee0dc6ecef11243d1f9d1a7be |
| SHA256 | bdf625ed5ccb041afc5d02c8c9161b3f33d97ebd9c7adcc6eb4a410a10516d05 |
| SHA512 | c7944ba8372305a100c4963f87584733e4f0a9c80b4aa2bdca067478253daac14695d487320df7e4f9019f2a8425cc596c8700e596e0cbaef4cd8292ee3beb48 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\F016C1535DA9A55525136D9179B4FA160A278A02
| MD5 | 2039277eb158e9c76f7f6f19992f76d5 |
| SHA1 | fbabfc50a203a994c49d24d09e7f32ce683bef34 |
| SHA256 | 685a204ad4e7848e718a28a7bbc344a04f32f0031327ea8156350cf4fbbbdd92 |
| SHA512 | 685ff362075bb1a64576a719795a75eebe92e88160ed409c563bdf228279fa34ddbc7ebdd0d6808411aac8c28af833a45ca56857605bc20e8b6308ac670399f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\D3FB7DFEE39173F53B5DDE4D1BF8A49007402BF3
| MD5 | c9e274480b6aa4262b2531f2941c1833 |
| SHA1 | 59b966d66ce3e9a677fd47c5a23454bce883a82b |
| SHA256 | 2173433d16ea2a8fb36e9a79a5d9f3852541bda7d639f505853845c82f18a095 |
| SHA512 | c4536ec7284a3c42c0394703b52dc7be4dc94a452006a8905c7562ad25f903551f367cb2e85a746cf1977f77441f7664835b6c3ffeebf699a9eb1de468a0e022 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\A14C26BA4DDEF07ECA3E158614497D4ED03032A2
| MD5 | 4bb2eb4730907df73a78dfd104193e0e |
| SHA1 | 2dc2ca3bd01420e9ae879b513e6115631b710120 |
| SHA256 | 2edc21b890fe0575036a0c22434bc26fa4289b6d361b4a1aa3794f545fb33649 |
| SHA512 | 967451aec7704375f2b7a69ced6a604e4d5aaf2eaf5d1c81f26cfb86dc2d714d5fc1892ccb79c4cdfaa330d0f7586cb5979666312a4bcc3db3be9cabf2f541fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\2E1CCCBC6579EC2E5FF4A69C743A22BA83E7F7E3
| MD5 | 3f7f008ba040f4218c0445494b119c0d |
| SHA1 | 855f5dff7d5e5534e1c52c7170f7786ae8f5a77f |
| SHA256 | 8f27cf809b6e1b8b5e88197a93480618387b3f160f29e2290d92894e1af0f0b8 |
| SHA512 | 5951fce0a40d3a6c204c9bcedb181d26fc9251381e8a98800dc8fe51412008316c4fc274b0894fecd390c7a96dab4ca739344e4aedf4130039b7a082d1a0cac8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\8516
| MD5 | b667a7a32c3a406144f3fcbad6bbd837 |
| SHA1 | 8a0ed039ddaff1d41d4ae43b33cf8c50f9300a3c |
| SHA256 | 145f566fee52af38b3f951b93fbd16b4a2214096935d3e1141e460c9b20026f9 |
| SHA512 | a119ddc7503669262e37e3cb56d74f793c08dd321790ded8e4142df7bdd46db2557ccbf2bd3b8b062a55e0ca8957fb8742809b9c79c62038a74eefafb8691b53 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25978
| MD5 | 9a2bfbda7e082bccdc74723f5d00a0cb |
| SHA1 | 85efa1790829636ebe014ca7fcdb328a4caf32f3 |
| SHA256 | 84909c1a3105903a5ca5191a73b1a098c8abe9082f71754ee02fb7cee2140da5 |
| SHA512 | 342dfe4e0d43f000a060133c051c56e0d0af626d51cfead7b533ee02770d519da0109c426c52a93521b90f116a7393141403c325f79503b8ca9be055cae74d00 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\1191A909DA29524B8B3FAA2CC73E8D9972E40A93
| MD5 | 01d5e0015340fd61feb668f22af756ad |
| SHA1 | 931972a752a2a2dda9f1c357a9ad83f88e67c73d |
| SHA256 | b112a6f757d1a04660efbed04305ba08877ea8a06311e52c75564dc40c7d74e0 |
| SHA512 | dfdc3b2ed5ded4d170b9906992dfe8033c87d181633d05f4e74aac15680de59c0a13a49b294d6b42927b4f1b36c896140fcefff5663d8d2276bdd592d9730939 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\E800EE8F0A737AA40811A81A86B9D266A23537A9
| MD5 | 44222d8b66a6ab99b795b4944a92df3e |
| SHA1 | 45381cc99b078e6e1b19dd0859b8af92206696a2 |
| SHA256 | 4a51260340e676f693997cff2909a1e04270aef4ad32eaafbf93d2f249bfdbe1 |
| SHA512 | a3c1ceee4b873231e67bd71a3910b1ac4d976a9bb4605dcba905c23c278595349affb0b6d4531559fa9ed8f2ce2b077445b80f16691ef179dc86bb339daae3a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\36666FA3760CD3A6C81680EF8CBC1FEE73D74E31
| MD5 | c247190e2faa078b31c8e9a0ccb8dbaf |
| SHA1 | b21a0774a9aa33c93f719d639feacc98001f031e |
| SHA256 | 0c2e58c81fe42e74ca4c54aea6f408cd282fd79194be82cf0f57f97b62b927df |
| SHA512 | 528891b72ae8e2506e8bdec6b5fb13f0df68a063cd568526e777103791d6ef06f2fc931e86eebfe25ed229e06acc626af302d2ff33db0c18bdc1b4b52ca9956f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\23846
| MD5 | eaa601b48dd7fcf46c6523eaa3944a21 |
| SHA1 | 7b05839bc572918ff071526a44ae179189aa86f8 |
| SHA256 | dc1ec93ace59bc45b0f081d34d9728b1fd271b71ef995821104b674aba951c12 |
| SHA512 | b8eac4d2426da0569742218552221ab83259758a6468ba2bc65c167c5314aafb78621f59fbe9da4c50d87b0d44cb3ccbda3cc79834d65b6baa5a1bd2bd4fda32 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\20692
| MD5 | bbedd0854e3bf5cd260522a971e61563 |
| SHA1 | 547ad3e563c1ccf01f4e824935936327f30c36c4 |
| SHA256 | 88aa7c82793932fd516d3bad18b270674c04103aa7cc9f8e64eece0ff83737ef |
| SHA512 | c0473785c527157966910f40737df6e618da6cbd2e7bc4f452a60e82b20e105fe0396479060fcae19b248dd1b7431895f80f728ab2d9f7991668378d6cca38ce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\14161
| MD5 | 24575c64fc076bfc7e0ed1124b42c133 |
| SHA1 | 074603eacc3d6902d1c00b91fbc7d3baa83e8494 |
| SHA256 | 62a784543c150db4db25eed29ec3eb63b8d0fe4041815045d158cff42c852d1a |
| SHA512 | 2779e2ef413a9f78fcad03fd930b28efd607a5c48d9f8c06a9af259d6aa8f9697e8452b1bdcfa8e6b0f2de0489f4316c8978ab0111f58e4efabbfb102f6149ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\17539
| MD5 | 2d57dc20488dca84bd5bb1950fe7b9c3 |
| SHA1 | e13720bc113d41a26f9dfa3af7dcb1b180d1489e |
| SHA256 | 8557d2ee59fec7599e5fc7a3eb3beb0826c3bb00de7f2c54d8146810e25252ad |
| SHA512 | b53aa049fb89ded22c0df581ca9aaba622213596045ac19492c183beb30d621de45da99fb226e51fbe1401970c7c9d7593801a4abb05813a5d18aa4a1c86fe09 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\7487E32E0D9E8E6527AD4F6C1A395089D2DA2ED1
| MD5 | 02618c9af5ea4532a7ef2bf7985d0811 |
| SHA1 | 1ed6383e2d6d42610f891690539c0502a6fd7aa4 |
| SHA256 | fe35abc3b3099031289e49f2d7a3e6279a1c6e5299962dc008a52560bcbc377d |
| SHA512 | 4b4ca8bcdbd4bf70479739d50c5ee88266cf5ddf741354a53b61c4e6915f29a407b00310f073df2ea3074e7226b865a76ed57741822a9d0fe4562be3220b1b28 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\31387
| MD5 | 0c4ee83edf5dd07cc7b610eca7762238 |
| SHA1 | db32df3235ed7e961c44cd4fd12e3487508b7b84 |
| SHA256 | 4f99800c1b5aef8fc57fcc59a7f77967e01f60fa672f420f3d01c58f4575c09f |
| SHA512 | 8fd95c0acedd37d346e3db46468fc9bae4072c74c6cab069a3b62ea94951817c8efa71da7a1f4b1aab469ea95fafeedad2186d420a51e2e16336fce9c2d713e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\5262
| MD5 | ebbc0c8e905140c612dd24291191a0f9 |
| SHA1 | 6cb1e90f82cc156debbdea7f6dca25c1120d80c9 |
| SHA256 | ea950e46e96d1a9ebca6638da79a1d8cf2852d85965ccb107587214d9629ec28 |
| SHA512 | e25749368bc285312dd8f641a1084b395550e397d2ed14e0b393cd94a57879248923b9440147b17d271ea4add1062142a7fb95aca6d2b8254c0e52d85fdf5dd3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\26519
| MD5 | 2265fdd70e4b39dee15d1a0853d004e7 |
| SHA1 | f958720ce9cdece7887f0e80b08f8c98d2933c1a |
| SHA256 | e5a5eba5520e90fe5eef0fa073df65716d6f60cd2824ec03785ae3ac02a1d1fe |
| SHA512 | 16c59b39d3b530dd666b79e1cbbeb8310a9b1da6ed6025a39d0bc3b0eb653bce6e1320122c9e2b373bea442856eb186539108a229b008ac7ba92f600caf67390 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\1552
| MD5 | dc65774d3b650771e8f747d2d416c5e9 |
| SHA1 | 66929cf68ac2d9cb44e5437e267e07d709136d36 |
| SHA256 | 3484731b6ae2e7cca59fced814a2a29a4d7c0cdb4f43b0ca3f3be6aafa3b2093 |
| SHA512 | 4a0079f7c28d41e4bc5686ebddc1ce59458ccceafb5c488df817b1406fb3bdccab7075dd162ab075ad94222e0a33ce16230c18864b3086748647854ad3c70dbf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\25013
| MD5 | 48eaad5d5fbdb5a1190fe9bc0869d592 |
| SHA1 | 852a3275c7218c6495cd5ceb22b86c2687c98a0c |
| SHA256 | be596e54c81d2346d9a609e4b843a2cd2317b4b02683e9811717b3a35afd3782 |
| SHA512 | 2275991badbfcfec228ebc17f3be85a3fbea1d0b495eb54f558bc69f42a138dd97c7303025c0ece2c22769d22230b31a4d5a5559958a0285bbb5ef8ed7df96ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\13293
| MD5 | 1e6e02ab33035421331327a45da93c17 |
| SHA1 | 0ea6c86538440eba2c8b41a3837177cbd11404d6 |
| SHA256 | c13bf5ae3d713427dc469e7d9cc17a35af81fb97a318eaceb8fddaebbe54f110 |
| SHA512 | 04c6cf669f60647a326eccea29938e7a0486a5150a30b7dfa75748a239cd5bfff9864b2f04f52a4f32b9fd651b76ce9ea45c1d04091154a76a65a636dcc1cfd4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\doomed\5374
| MD5 | aeef9bc18bb6bc70c2a0c4bda78be22f |
| SHA1 | 65dd3cdc9c4ff70afadd53c34077a1c07047cced |
| SHA256 | 74a658b26f8b074e1e90278f6712b69229a913b05425eb1308d651e999e741d4 |
| SHA512 | 7176d3a13b7d387ea32dc88b8a84879ed8c1540c7d624c558a95ec9d354ed48e3ba755d73604f58e5823fce401c1882d7b8bd7d2028eaf5fc51c1e972ee6ac76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\cache2\entries\2D8B1A13BF4DE864309FD52B7BF93789A675C733
| MD5 | 85762c7899a4eaabda76225f0b904880 |
| SHA1 | fb6004e7b3137d8d3e912c7973bd0e8164c87cde |
| SHA256 | 15f2c79b9a858e382bf65b83459cb886f357e5eaa766af0efd9d7f2719c6fde0 |
| SHA512 | 373f55a89d515debbdc147edcacaea9352a9664323144bfbe72da9de819dbd3bda4fc3c22d4ffda518cb135e2a3fa35db8a7568eb75e21f0514f8c4280db26ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
| MD5 | 26687f6838837adc26dd17056dfc933f |
| SHA1 | 78b304ef66ad74174ee67a5236d5522c3f21693d |
| SHA256 | b2ba398bdcf134ca3c327cd5d26ad6dc15143ebd40db72f4305fa9f23573a884 |
| SHA512 | fd3695b82cb060d3994b8932c98dba643ec16b267e1189107a193e2bac65ba9326466aba8c7ba225f61078f68815715a7354936771653a29589ec9ffe18d3cbb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e87e94cf608ddb9ee09bd9745696f344 |
| SHA1 | abcd2780d0a75180121f8a0e8d702a4522aea1fd |
| SHA256 | b30b3df00d6e74d4bf495cbd5174b07ede08e10d00dfd52c8557c9a0ed79e83c |
| SHA512 | c1676acbf3ef7fb89ef63072a41f4ac6a01a7a30e7bfdbf718c00384029096e489f0c243b35e8cc94ab16fa1180c4481ba379a4452914d0740524c01c8ed019a |
memory/2316-3479-0x00007FFF5AC80000-0x00007FFF5AC81000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json.tmp
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore.jsonlz4
| MD5 | a72f3c18141723f6b0cc59ef8c1b2b0c |
| SHA1 | d644b1e9781c21ddf36da5cc67342d1cb4d35608 |
| SHA256 | 6fd800e71edabd0b394115fe6307fd12eb06e531323bc693b4842a10fcc021ec |
| SHA512 | a956eb86c715e72655d34ed368dfe71cc979df0470036466ed489f890ba5db7ad172fb6ab90882a691bfe41894a7de083ed56fdae6b3f8949d9afdc1da209d40 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\places.sqlite
| MD5 | a6c6caf3c9377176f7b55c2b03dfaf31 |
| SHA1 | 2774ebe77bd4e8caa4f009494a38816ed3990db8 |
| SHA256 | d5942489930c9dcded529701827a707e395ecf45b45a3130daf2edf8d9f1b526 |
| SHA512 | 9045650ac0b22b5cb2dcd1a6a9bda73e0da1747cad819ca775ed40ff65fc1465781348f6d5ee41c0c068b7ac70b7b7fa10cd786918acb0dbaeaac85daa892e06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |