Analysis Overview
Threat Level: Likely malicious
The file https://tenor.com/view/tweakin-gif-22987107 was found to be: Likely malicious.
Malicious Activity Summary
Sets file execution options in registry
Modifies Installed Components in the registry
Downloads MZ/PE file
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Installs/modifies Browser Helper Object
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Checks system information in the registry
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System policy modification
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 18:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 18:55
Reported
2024-05-01 19:32
Platform
win11-20240419-en
Max time kernel
2158s
Max time network
2158s
Command Line
Signatures
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=C9B5D502FB2D415C89F5DBB233F5AAEE" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DesignSystem\ButtonX.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\canary.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialManager\Grid_LT.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\AudioPreview\play.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\backspace.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\th.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nl.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\9SliceEditor\Dragger2Right.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\ScrollBarTop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\ErrorPrompt\SecondaryButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\families\Roboto.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\fil.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\telclient.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AnimationEditor\icon_checkmark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_5.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\btn_grey.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pa.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\avatar\defaultShirt.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialFramework\List.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\Oswald-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CollisionGroupsEditor\delete.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Slider\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundLightTheme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ka.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\models\ViewSelector\Axis.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialGenerator\Materials\Ground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioSharedUI\import.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\loading\loadingvignette.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\VisualElements\LogoBeta.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarImporter\img_light_R15.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nl.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ro.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\LegacyRbxGui\health_greenBar.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\dxil.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\Ubuntu-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperStorybook\Story.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\ButtonSelect.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AnimationEditor\btn_collapse.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Other | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Radial\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\debugger_arrow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperStorybook\Folder.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\water\normal_02.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\dropdown\gr-tip-up.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChatV2\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\msedgeupdateres_sr.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\default.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\models\RigBuilder\RigBuilderGUI.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll\AppID = "{31575964-95F7-414B-85E4-0E9A93699E13}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tenor.com/view/tweakin-gif-22987107"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tenor.com/view/tweakin-gif-22987107
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {485ed892-6075-45d4-ab8b-c63092dc7300} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7fdd23-8555-4630-8550-4eb1d366a6c6} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3292 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7476d38d-f70d-4f7d-9204-92c9efc9b1ff} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2700 -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e0c064-6f69-46cc-9f83-0150aecb7814} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3e748b7-688f-4bae-8795-3241f36797c4} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5296 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18637c33-84bd-4833-8e4d-6e14799ec95c} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ed75cc-3cb0-450a-8fb3-4fe7c52cde69} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb9f40a-f15f-444d-a003-44d3491b0fbb} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -parentBuildID 20240401114208 -prefsHandle 5340 -prefMapHandle 5976 -prefsLen 31077 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96c63db-68d5-497d-912d-9aae9bd36188} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 31077 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abaa75cf-ad93-45bc-b11c-f117e1c7dae1} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6412 -childID 6 -isForBrowser -prefsHandle 6388 -prefMapHandle 6408 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01c19ba8-3e50-4829-bf3a-2df46fa284e1} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1508 -childID 7 -isForBrowser -prefsHandle 3032 -prefMapHandle 3180 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03aa3fad-cc9b-49ac-ba86-df4ac0793c1b} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6908 -childID 8 -isForBrowser -prefsHandle 5916 -prefMapHandle 1348 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddb397cc-06b3-4d60-80ca-6433881dd846} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 9 -isForBrowser -prefsHandle 5420 -prefMapHandle 5944 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49778d1f-9027-4700-8988-afb280d6bc62} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -childID 10 -isForBrowser -prefsHandle 5440 -prefMapHandle 6272 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d2f2f5e-5cc8-47d9-a4af-b6925ad008f7} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7596 -childID 11 -isForBrowser -prefsHandle 5312 -prefMapHandle 5432 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e5ab29e-1a19-4944-980a-6d3bae13e1a4} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEQxMEM4NS03OTFELTRGQ0QtOUIxNS1DOTIwOUNFODgyQjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1MjE0NjU1MTciIGluc3RhbGxfdGltZV9tcz0iNDkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D3451FB7-4F84-41D3-AFA9-7C424537D196}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMzY2NEQ3QS00MzU0LTQ2RTQtQTEwOC1GMDQwQjU5NkJDODl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1MjUwMzUxNjIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6930788c0,0x7ff6930788cc,0x7ff6930788d8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SaveJoin.vbs"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRjZCRTZFNi1GNjA0LTRGMDYtQTNGOS1CQUEyNDUwRjdEQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTM3MDE1MzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzUzNzA0NTE3NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NTgwOTA5MjYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk0OTAyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVg0Y05acTdaJTJiNDNSdGJkTSUyYjNldFNRZ0U0dTZDNUF4UUdvRXFaV2kzOFVsNnlGakRwQWJXaUNhYzBSNkZPSjViaTlob3gybngzaktFQ1hkVXBFNldSdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgZG93bmxvYWRfdGltZV9tcz0iMTU2MTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzU4MTgxMTMyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc3MjUxMTQyMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIwNjQ2MjMyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcwMCIgZG93bmxvYWRfdGltZV9tcz0iMjIxMTEiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDMzOTMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 12 -isForBrowser -prefsHandle 7820 -prefMapHandle 7856 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a79d39e-28e9-449f-9087-5f6d53fb0280} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8984 -childID 13 -isForBrowser -prefsHandle 8992 -prefMapHandle 8996 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3fa244-bef9-4d8c-9569-5c4503a9290f} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Xse3Bq-lgvNHluHjvRcqq3xUsTqFJgtZLoMl0xhW9784Rw9dYgyL1P1mYVM4dzwULGoYtCGkfzQl5scgVP53K0vcfXua8ljwtZyNc_sPNoAehIrW50UAM1bVVpNBhuRq26RITiKix14UMYBs_LsVy1shZekBiBrLV-eC8uNYKix1pb1SiFTXOS3egdZEBH8I96pZwtOlGe_az4OP1XK8trthZK2-P2hcDapGzzC5fNg+launchtime:1714590195925+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714590002338001%26placeId%3D2569453732%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8fed928b-0487-499e-a47c-96b7c95fa094%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714590002338001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:e7GNfNp3_rZi-ScoIhOegU7s4Jj5I3dAZcaOLuuh7ShhvyPyAHz5N5QXABc2n1G46-4XLEunDasXh3BuRsW1Ql1T8ufRAzfEzEysqOStbd1ydjk1gScs39FmygU_VUVk48XHiN-ui7SfPmuluKosi4djbwQGtL7Il32isXKBib1CQaAE9xTBYqmD60Vof2alCFE1ISvXnDU8YKy-97nagRXCl7DRSeN5MvYOvXVZJ00+launchtime:1714590281724+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGameJob%26browserTrackerId%3D1714590002338001%26placeId%3D2569453732%26gameId%3Db58f4ad2-81e9-48e4-a6ca-116547da730c%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db3242635-0603-47ba-b8ea-96c291b186fe%26joinAttemptOrigin%3DServerListJoin+browsertrackerid:1714590002338001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{43061875-92B0-47C5-991A-1BF4BF3B8D74}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDMwNjE4NzUtOTJCMC00N0M1LTk5MUEtMUJGNEJGM0I4RDc0fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5QTQwQ0QxMi01M0U0LTRDODMtOTNBNC0wRTI4RjhEQzFGMDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODA1MDc4NDgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODA1MTI4ODc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTI3Nzc1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk1MjI5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVY2R2ZkeXUxbTZmQWVPTFNXQ1FoZ3pSWXpXdTFEQkNFdUlNSDlnNDIyckNqbmwyaWNobTJrJTJmTDRaeGlrcHcyYTBwczZWTE5KNWZlamNVck1aSDBneXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTMyODIxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNzJlZDgwODctZWU5OC00MjljLTkzMzAtY2EzYzE5M2Q0MWFmP1AxPTE3MTUxOTUyMjkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VjZHZmR5dTFtNmZBZU9MU1dDUWhnelJZeld1MURCQ0V1SU1IOWc0MjJyQ2pubDJpY2htMmslMmZMNFp4aWtwdzJhMHBzNlZMTko1ZmVqY1VyTVpIMGd5dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzA3OTIiIHRvdGFsPSIxNjMwNzkyIiBkb3dubG9hZF90aW1lX21zPSI5MjI2MCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTMyODIxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc3NDU3ODg4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc5OTYyMTU3MjY0NDYwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7N0ZDMkUzQTAtQTE2Ri00NzExLUJDNDQtMjM1M0FFQ0Y0NTk0fSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{43061875-92B0-47C5-991A-1BF4BF3B8D74}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDMwNjE4NzUtOTJCMC00N0M1LTk5MUEtMUJGNEJGM0I4RDc0fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NjcxRkQzQTgtOTVCRi00OTU0LTk2OTItRDQ2QzNGOUFGNUMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ1OTAxMDAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzg2Mzc5OTgzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBEM0JBQzktNzQ0RS00QURCLTg2RDItODI5NDk1MzJGRTQxfSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QjVDOUY0M0UtQjMwRS00NjI4LUIyMjEtMjg5QkNDNzJDQTI1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTM1MTk4ODMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODAxNzc1Mjg5MzIwNTYiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDc4NDcyNzk1MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBEM0JBQzktNzQ0RS00QURCLTg2RDItODI5NDk1MzJGRTQxfSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4MjZGNEJBOC05QzdBLTQzQjYtQTMxNi01NjIzNDg1OTM4NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0Nzk4ODUwMTg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ3OTg4ODE0MTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg1MjExNzgyNDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5NTYyOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XMnBGYnJLVFJlYkhzaFNDaDdsYVBxSEpZTFZ3dmNwMkN0JTJmcWFvVDJUOHdib2xIRkclMmZoTHVzQ2syUG1ZWFJTVWFKaUpaN0RScUxRS2VFeXJQS0ZpSGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4NTIxMjI4NjE0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5NTYyOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XMnBGYnJLVFJlYkhzaFNDaDdsYVBxSEpZTFZ3dmNwMkN0JTJmcWFvVDJUOHdib2xIRkclMmZoTHVzQ2syUG1ZWFJTVWFKaUpaN0RScUxRS2VFeXJQS0ZpSGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSIzNjc4NDMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxODUyMTI2ODk5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4NTI3MjQ0NjgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg1Mjg4ODY4NjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MDciIGRvd25sb2FkX3RpbWVfbXM9IjM3MjIzNCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTYwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x250,0x254,0x258,0x24c,0x25c,0x7ff6de4c88c0,0x7ff6de4c88cc,0x7ff6de4c88d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x250,0x254,0x258,0x24c,0x228,0x7ff6de4c88c0,0x7ff6de4c88cc,0x7ff6de4c88d8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6bfc488c0,0x7ff6bfc488cc,0x7ff6bfc488d8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzc1RjQ4OTAtMTYwQi00MEU1LUFCOEUtNjA5NkUzMDM1REM2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswMUE0MzIzMy1EMjc4LTRCRjctOTU5Qi03MzJBOEQwNTQzQkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjUxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0YwODRCREQ3LTI2OTgtNDRFMi04MjdCLUQ0OEE2ODJGNEZFMX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1Nzk5NjIxNTcyNjQ0NjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODQyMTc2MjcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODQyMjI2NjE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODY4MzE5MjExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODgxNjc4NzkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTI0NDM3OTM0NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxMCIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNjI2NiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzMzAiIHBpbmdfZnJlc2huZXNzPSJ7NjZERTI0NzItMzgxNS00NUYyLTg1OTEtNUU4NzY1MUYwRkJFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC41MiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0iezYxNjA3QTY1LTI3MTctNEU1QS1BN0UwLUQyQUI0QTNGNDk5Nn0iLz48L2FwcD48L3JlcXVlc3Q-
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49740 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | tenor.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.120.13.18:443 | tenor.com | tcp |
| US | 34.120.13.18:443 | tenor.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 35.164.250.149:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.13.18:443 | tenor.com | udp |
| GB | 172.217.169.74:443 | media.tenor.com | tcp |
| GB | 142.250.200.10:443 | tenor.googleapis.com | tcp |
| GB | 142.250.200.10:443 | tenor.googleapis.com | udp |
| GB | 216.58.201.97:443 | c.tenor.com | tcp |
| GB | 216.58.201.97:443 | c.tenor.com | udp |
| GB | 172.217.169.74:443 | media.tenor.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| N/A | 127.0.0.1:49748 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 52.24.210.222:443 | location.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | tcp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 18.239.208.36:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| US | 18.239.208.36:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| GB | 142.250.200.42:443 | tenor.googleapis.com | tcp |
| GB | 142.250.200.42:443 | tenor.googleapis.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 18.239.190.154:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| GB | 142.250.200.42:443 | tenor.googleapis.com | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | udp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | udp |
| US | 18.239.208.36:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| GB | 142.250.200.42:443 | tenor.googleapis.com | tcp |
| US | 18.239.190.154:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 18.239.208.121:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | tcp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.134.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | udp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 18.239.208.32:443 | d143j4fdqe1jki.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 27.208.239.18.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | contacts.roblox.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | contacts.roblox.com | tcp |
| GB | 128.116.119.4:443 | contacts.roblox.com | tcp |
| GB | 128.116.119.4:443 | contacts.roblox.com | tcp |
| US | 2.18.190.82:443 | a1818.b.akamai.net | tcp |
| GB | 128.116.119.4:443 | contacts.roblox.com | udp |
| GB | 128.116.119.4:443 | contacts.roblox.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| US | 18.239.208.20:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | contacts.roblox.com | udp |
| GB | 128.116.119.4:443 | contacts.roblox.com | tcp |
| GB | 128.116.119.4:443 | contacts.roblox.com | udp |
| GB | 128.116.119.4:443 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | tcp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | udp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | udp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| GB | 128.116.119.4:443 | assetgame.roblox.com | tcp |
| US | 18.239.208.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | d1kpbbfl4rco16.cloudfront.net | udp |
| US | 18.239.208.104:443 | dw04ej0wrfjel.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| NL | 2.18.121.18:443 | a1831.dscd.akamai.net | tcp |
| NL | 2.18.121.18:443 | a1831.dscd.akamai.net | tcp |
| GB | 128.116.119.3:443 | realtime-signalr.roblox.com | tcp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.3:443 | realtime-signalr.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | tcp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| GB | 128.116.119.4:443 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| DE | 18.158.172.208:443 | nfd-prod-c-1057709867.eu-central-1.elb.amazonaws.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 44.212.235.97:443 | aws-us-east-1a-lms.rbx.com | tcp |
| DE | 18.197.13.215:443 | nfd-prod-a-1803867744.eu-central-1.elb.amazonaws.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| NL | 2.18.121.18:443 | tr.rbxcdn.com | tcp |
| US | 18.239.208.25:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| GB | 128.116.119.4:443 | games.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0cfly.rbxcdn.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 35.177.180.245:443 | nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 18.239.208.99:443 | d13im6y9zsyqh9.cloudfront.net | tcp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| US | 205.234.175.102:443 | roblox-c0.cachefly.net | tcp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d13im6y9zsyqh9.cloudfront.net | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 18.239.208.114:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 18.239.208.114:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| US | 18.239.208.114:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| US | 18.239.208.114:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| N/A | 127.0.0.1:52555 | tcp | |
| N/A | 127.0.0.1:52559 | tcp | |
| N/A | 127.0.0.1:52562 | tcp | |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| NL | 2.18.121.24:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 2.18.121.24:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:53123 | tcp | |
| NL | 128.116.21.4:443 | roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 18.239.208.47:443 | d19ha9ylcjiuiu.cloudfront.net | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| NL | 2.18.121.18:443 | a1831.dscd.akamai.net | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 151.101.0.176:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| NL | 23.63.101.171:443 | a1913.dscw27.akamai.net | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 35.177.164.191:443 | nfd-prod-c-722425490.eu-west-2.elb.amazonaws.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 44.237.131.121:443 | m.stripe.com | tcp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.164.177.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.131.237.44.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| GB | 128.116.119.4:443 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| US | 18.239.208.24:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 24.208.239.18.in-addr.arpa | udp |
| NL | 2.18.121.18:443 | a1831.dscd.akamai.net | tcp |
| US | 44.239.252.40:443 | m.stripe.com | tcp |
| GB | 128.116.119.4:443 | us-central-default-px.roblox.com | udp |
| GB | 128.116.119.4:443 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| NL | 2.18.121.16:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 16.121.18.2.in-addr.arpa | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 128.116.119.4:443 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 13.67.191.143:443 | msedge.api.cdp.microsoft.com | tcp |
| NL | 2.18.121.24:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\6e52d5e4-4295-4e52-90c9-ef4ed9c97884
| MD5 | 90b2b9f2000ca8306c309652e3cca304 |
| SHA1 | 71ec131f62cb0d04c7ca3136f00a6424cda41945 |
| SHA256 | 4346bca0fe6f1563c24c57cc09d17a3246f0dbc6e73d5beaee4ad7603ee6bf7d |
| SHA512 | c202a8f96a0b4412a0d334381f617348c5ec3c47e258d61c59b04e5c7ba88878a2c001731c68935c9e4978bc2840fd18eee42f9b5e08f4090bfca918866c48b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a177da2f29edffa6bd4b7edeae92531d |
| SHA1 | 445866df3dac8bb79de1f428b60ac1be99bd958b |
| SHA256 | 31b3da120f7db58f01d6d2ad2b6bbae5c4b782db10cc8d8fd283e7bac64cf0fa |
| SHA512 | 60919e5e6b4674ca41f3d9236c30df05995cb031dc8f9cf972ec55d08e177004df24e670b05dca5a239ee188f36fee51482251924378e60457c22da57fcb51ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\95a56656-76a4-40b5-ac0e-3f5e3a3f5dda
| MD5 | 0d6c5fde5ada1c20e3bc8a91e5fc15f6 |
| SHA1 | 4de66ad94fca8fe732442db44f083fdc60c18ad7 |
| SHA256 | 9e3ebe2c4d4b4e46f577f3eac187483dd08e1476ed2fee301c6a9537940cfe23 |
| SHA512 | 6b6ae79a95d3fd7cc92759ed461d2b97ba8c1f07edbcb5080da569893e79a998b5c0bd580629815a9a7ef36bea0210e6b588221ee84b6651cf70284bf4110aa4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\fef62c94-405e-48e6-ab2e-e067c7908186
| MD5 | 09c0f67862238fd1e33911639e7df45a |
| SHA1 | a2417876850f4a7610a966d591ad0df88dfc755f |
| SHA256 | 73f7fbae3fd3a07d8f41fb4a19b7145c00a93ad41534865cd583e457c009534d |
| SHA512 | 5ebbce0185720a6fcbb4312805612f2c2cbf199e2fe6267e6c8462086336120068296e257b806e7f251b719b518ba75a6a290f4f3b00f7693f09dd3eac0a3fc3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d6e28319988fa6ed853c778fb931fe8f |
| SHA1 | 335e30511333e842efce5693065cb6a44bb7e93a |
| SHA256 | 8cc5fa0062426f5ec882ce9c20c417b9711bb69ef47b487c6301c9157900b1db |
| SHA512 | 6ccb8c230917814124d125c9afd4c08123bb417a64dd73b4a82e81bd488241f091b0ffedcd5e9a957d91cef6440ec8d2b71a18c59d3d6d54305c4b6b965b8708 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0457ce0e0e73fd93f91e35ce8f11a771 |
| SHA1 | 428ca944de487a4953bc499d7c0c5f1d4e4b2ba6 |
| SHA256 | 6f1ce3d6aefe9f9a99e653142a639215620d9b9152114a42ff07548da38dfa2a |
| SHA512 | 8570d3fa8cd8c7aca015020d4aee6b6fa44056e82ca2f05e76fde25c93fd996c22b973ffd37b94fdb23cb7bae0c8c9178194cbc1dc7fa6b61e2e954bef993e41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | b83df547d37bcabc298b7a7b1003e6fa |
| SHA1 | ae909905b4c879ad9ec92398e209e031e8009ced |
| SHA256 | 69d963e436b3f569a45a7c5f99a7e01d82950d19df8ddc318fa65a136203b643 |
| SHA512 | 5cf9aca8b5d8ebebf29f9297623d6d660beabe1eb2e7d99e8b4c8e9f0e5777d1e97cd1d2ede557cc123f6b7319772c42549a1acea909780dbd5fc6dab5713646 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 1513fe027f0e1122844176ec47a2f1f0 |
| SHA1 | f6b30e08c5877f63c5f01026f72bb3948ff8ed19 |
| SHA256 | 5b19e2849d2decbb94ed0be4bf3950d6f33c5fa0a7045506a5e2cb57a3599e9c |
| SHA512 | 5a2a4f278fa21bda9e41d489c3149cc2e28184a1e225c4a9c5b84a28f0210c3f426b615d4ee67135177eb76977f768ea9ab84f2b8fc305642df8af14acc67d7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
| MD5 | e3880325208bbe7931b028a0c6053d10 |
| SHA1 | 08d13bebf760b464e5c9f112976d11bfa8d1cf8a |
| SHA256 | 9132f9e8b5728d8a11fb5484e39196484577d2d1c424f4c339dbcdf884dad9c3 |
| SHA512 | 1f56b79c22421a80b61359d7c4d0baeb1f8c563e4b3c664073b96555b97bb24df3462f849ae4d0a02874988ed2feea658e978fb3a520c1fb0c965b33002d8789 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | cc10b4eeb3513d97503b9f2aec7e8637 |
| SHA1 | b4998dc85c08ef4807f3b0e30f9a8a831225c37c |
| SHA256 | 20d11fd5c2104f84e6012ef803cb1f58127bc4ebcb90951d093ca01f4d5f23a1 |
| SHA512 | c164e95082be2610461b8364ae26f76a881ebac6c00a435105982bf2febb84764de786baa68afefebce4d60c10f346349559c2af797a4882f59f6fb196fa2e5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 51d904a67cbdfc7906d3c84178294343 |
| SHA1 | c485fb604260805907f953d8b22ba2ec61cf3096 |
| SHA256 | b98f3ca06b9ca68ab886a803aa0eb2d4d1be89a67dee4c2a703741b1ff57987f |
| SHA512 | 4a01cb7da1f74008b54c95e984f368c414cf00cb2c3f880c180df6dac4ff6cd33ae655fdd33233138ccb9b048c30aafdc2fac56b58f87d0ce3ff7ead79b82388 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | c6b759f18a1cbf30be75cebe31103bf4 |
| SHA1 | ed99b238182b8be3bd3413d6f8febda86d8ca539 |
| SHA256 | 21d1898f869634c9291a2422b64476bce4c266d81403611ee423a4468e4f5159 |
| SHA512 | 7c4ff7edf32d59b34b2463052a0ebd9cbf60fcd4bf0038bb2e98d3936f80694a08a20d54462d6f6aaa72a86a3656a47f1a4a7cf3aa698a53cfb3a9bfb96d8607 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 16705b05a045f1332076b9c539f2ad60 |
| SHA1 | 77f74e384778037558a6540d94ac9e73f621dbd0 |
| SHA256 | 77d63d8bf0007f36e49424a18066bc76f0edb1b251ce831f9aa8cb2ef127c36e |
| SHA512 | d0000795a4044ef2ee35988a5564640751d3460ec1709f9348ea6a22d4e42640ee70b31465b5fd542c7730a7a8636e6a207717fc3493b3b940e0dc2bf06332ee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC
| MD5 | 0ac398fc7d07bdfb103b668fe2e8badd |
| SHA1 | bddca48b6973a30b4f0c7519483babea0db07325 |
| SHA256 | 64428ae60a2a0b5862ffd4ee8d7d7b3ba93cd3ede770bccfecc83a93ef19e944 |
| SHA512 | ce6591d6ed9cb8654bfbf393dead29aa6a0a23aa9d2f02b626ca130efcfb43a2f10ddc3ad0ac5c1d25c27a61aa1ca2970ff0b02476f0495ce650766f58570783 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3c8bc46a1a288b8b882fc10e9d8fae73 |
| SHA1 | 6b9f0f7cce771130ef7991e7ff0ee4737585854e |
| SHA256 | c6b3fbb1a3110f9e0a5e36c4748d0bdc4c3fe78968b2b658f525e931120d8bf0 |
| SHA512 | fba6bc04267e25794fdbdcbc2beb5e76ac3eb920e2a7317fa0a0b695b677f9f509282ee18eb5b439aa4561c074a5734dc611a2e50f9055738ffeecae5ee14b06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 774b6488b59a08d10b904ce6e9daeeee |
| SHA1 | e98349929499e9b148e88b7bbe9f9bd97c2b02c9 |
| SHA256 | 293307aa5016c7a31610f21ed4dbc9a13d0c12df8d021524cf0afcc6dbe14ab1 |
| SHA512 | 9567ee99de8fdaa13253ec55e840fc666384921e7feba1595a832ebc67074e8010ab46ae40dec8c397b4c9b36c09f104672887a0744df2510472581651409033 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a69c8e89667e26f7a57cd54d41474e93 |
| SHA1 | cf05c23341387baf5405819b688dc96094cacea1 |
| SHA256 | 7a7c6170ab8eb712427b43d782476ab34f2afd1652c2472e276f16b554b119ff |
| SHA512 | 6057cda268a8c684c9f25fe4b804a6212c5675eb1868cd5d9e0ab785711401e78f5e050b447cb4cfa7fa804cb41810c5ccbb2e0adf66ec0d3b4342ca2997c86e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7fb0470eda29fbabc8d55287cfc69876 |
| SHA1 | 65ef7e742ac58bb9e1235049313a877e3197ff36 |
| SHA256 | b03d05fe62632dcca76fb7b16d8084b3e746dde10f074d27bb993f8118022ab2 |
| SHA512 | bbd2efb55fb96ebf3c10ab5b14f30b515a95ee2d1ea588b7ec082f05c3e8e7c6d354da7e19c0a141043e42b5914544a69ae41d252c917389583759f3e360c821 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\da8498f8-a822-4e5b-90d5-400f22ba8ca9
| MD5 | fca1ab2b0e0897676f4926d4b733f2df |
| SHA1 | 1a7763977ddcdac9c3ea405087152a4a2b785782 |
| SHA256 | 970a354002ee5219acdfc19693bad4f4f903fc60c806237c282d7cb34d8f029d |
| SHA512 | c0fd6afe8594d0b31e3d23e7a777198db6cfee0cf9de02e1496ff120725deeffae11ffaa8e0471e55b127945c0ad0fd955453ed956a841fd4568d5185fdb5e83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\17a5ba14-99b5-4ff3-8f64-88e7e2ab4028
| MD5 | 2346edeb9fc103179eb68966a7f4cb16 |
| SHA1 | fe1951e57b3d8ab367824cdcf79ee8358412bb18 |
| SHA256 | 36a3d372b29bb963879b4135baf1203c41db8c5324be83a354722d41d3ae3025 |
| SHA512 | c4b4c5b78f64cc3718cc4de1dfe7f4eadf9d1d4537a44b5b01989481b888ad0b5b92ff5b3608de0ff2834c69a686009b245f3cfa48c1839f610f0a3599b77aac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | aa8c1a2f20abee51a38fc5c9c6195ed6 |
| SHA1 | 406e2503b08034389c085d0d230925e0c26cdf20 |
| SHA256 | 3a593aba6042133f3b88821f0f39d3b8a3ae39d5631618971ca94e5d2d52576a |
| SHA512 | d8c2bcfd98831f2c0526f7214aecef6d8a8ba10a371fabbfb2f55f5fd867ccabb83a390500a07b0a7db165c6139b75daf10f9530ed5f497f59780946639a1850 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9bcd21e41c3545e7e600e170ca8ef5bc |
| SHA1 | c57ef68af3fbab4eadfa6e717662a0396b49a845 |
| SHA256 | bf8f39878b38df607069e715af37594c5d3f56c3936fa54a3aeb664dcf60b2c0 |
| SHA512 | 958829a346e0cdc548a1ccbb70450835a0af28cc98a2946843a34103ae34ed16c2329ddd202614a559f74e08ce1f6da88e4fc4d8c5467d362d4c95ca83374555 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f01a0d6d981a86f0566449f8f58cb740 |
| SHA1 | 6bd97d4cbcca8783609d29bc9f9cac4a2c6f798a |
| SHA256 | 66e1e41b8cd3e115507006de07fb8f964d74be20e717ce69cbdc7738196a93cf |
| SHA512 | 4b0d91cd06e455506f6a747e88725d0b48604312a25b6a5ba936392b0113dc372e9a7ae026390dd9cbbe09bac47139e11e8336f89cc4cbfed0a541e72cd76816 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 237853fa19007d2cd93331e612601f77 |
| SHA1 | 2be167852b23faac808db82ff9ae2737e8eefd5c |
| SHA256 | 41eeaa068fcadf058984a401a17c2e372a296020fd799cc88c034da00aaf5db5 |
| SHA512 | 7632326e29a3add8138eb8f33c7fb6403b55097606946a8da6feab45b00101e926e866e6dd69bfe6c79014f0d15570df763f125cfc8b2848c6611c60937eb04c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 1ff92271cd90165454cf5003113850a3 |
| SHA1 | 8b5f71573a333352a14fc10e97b06ac2829b76a0 |
| SHA256 | a6cdad3eb6cd0e20f5241385a792e2ae8ab4bba267e7b5599f1ee08f9fe84240 |
| SHA512 | e728355efe17279af63acbf0457d2d709dd56b6d5812613a72256e5cbb579756da48ddd1acf06b29995c0d0a5dde04d28bdadc9e52c5406eabaebfdf1046f86d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5051dc7bbca6bff115a378501dfdf079 |
| SHA1 | 173dff1f19aad412aced8a77ad661ce4166825ac |
| SHA256 | ed0d5019a0dfce1bc9f2363fcbce953e35e736699fb3f6bef9de4f8b1e8bdef0 |
| SHA512 | cc15f9a200589fca9cfaf67ff73a742d8499483c7e4529e25bf1b624ff45290916b9486650551a0d97ceb4b6bb34e198247fc7f05eb534bbc097e150494f235e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite
| MD5 | 033952bd237311de79282f9045a810db |
| SHA1 | 48c57a4edb19d6d4e394aec6a22455a3d599e0ca |
| SHA256 | adb92d33e1b65b5bac5bd2a80a6c944501f6c17f4033c8afc6676c4856717bd2 |
| SHA512 | 59c2b29d0102172be9fffd51d60621c5b2206868e6b8e2a9b8a777c5e24cbf435f4479e256f619885af01123d5a515e6b989327d149b8356e777e32fa1530f7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 157ec335e9bf2851bfb98a46e1c20b94 |
| SHA1 | d48048ce11fefa0e159d44bf5b063424a690e947 |
| SHA256 | 60a9cdd943551a9725ba5c36f644751662d742c104fd59b5c066d2e9862bfa6a |
| SHA512 | d75a9a00bb11a583c1a048aeac6af14b9a665ebc9c40cf15de8ee948dcdbaff61105261ead07877c30c1a2abc0a902821a555784250957d2d341521a6920843d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\SiteSecurityServiceState.bin
| MD5 | 06f1fda48aff3cf73d1379c5c3f610ac |
| SHA1 | 7c265f57533aa8b75cca52c1fa9c5b3910bc3f1d |
| SHA256 | c3e65c4229b6664c1396b95d055d097fcc86d65e1ea494d82d611e1f9b28959b |
| SHA512 | 2c3ecb1bec8b43fd4fe8e9161da69f80d482d196c705b30841e9baa52c3d4e1800555516c4e5d350687b14690458741cefc6c1af7160274c286cfc9b8d979609 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 027ccd6003b445cf4c8966897d2b3e77 |
| SHA1 | 6105ebdeb2e48fb66442fbca8ddc259ec5107f63 |
| SHA256 | 89cd9f45803b8feb9694cf41eec90ee58439a321447969a94ce8146620cfc17d |
| SHA512 | f882be9afac9cd26133d0de9a0b745f2d0ceee9ef8c93f52bd81ca5b61c349867bf5b29e6d8d651dbeb7a2922916a9a1a5f3f288170b44aec641283c17a5a6ce |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.r_A26kJf.exe.part
| MD5 | a2f58a117c60b1622eede88d2163ef19 |
| SHA1 | 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631 |
| SHA256 | e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04 |
| SHA512 | 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
| MD5 | 4579fc1cdf1789f565fa2cfd1f6d5143 |
| SHA1 | db4064622f6fd94b2af5e316e2c5a7d58796be25 |
| SHA256 | c9560cbd412b8271145bad647dfbc0df343b86e5d8c362a64037c9e2fe482beb |
| SHA512 | d4d8996413e1e706c1b65e79060a436d272db033f6939c69d1f887e464a43039a0afd02bc7626f607ddd3a5dc837ab4449c2ad330d2903ee46a9f79439523347 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | e284a7bdf53b953d5514c6abe985ed60 |
| SHA1 | 91655419b0e29b53bebbd102127056f396af6bb0 |
| SHA256 | de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e |
| SHA512 | 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0
| MD5 | 523f61d67bf4c528e001c52e84c35ef0 |
| SHA1 | f26774809dc1ea0bc7376606964ebcc06bfdc398 |
| SHA256 | 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a |
| SHA512 | d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | 6cde3c9759954276cd6e8444c8f3c810 |
| SHA1 | 466d65177981800c61bbfb7d0b1e7dae4e0cb6e4 |
| SHA256 | e4b32904432d6c3aa90e6c2b1c64221bc4cf06ccb1fc7753a34bcaa79f26f0ac |
| SHA512 | 6deacb2ff71f7ed516b57f81f51bdeb24c2e43dc1e5b8df170227a5d4a028c9ab0f4e8dc2f90d8241bd73ecd120d5ad0f0ae0c1d820d8e03b8d20cc08a2483f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 71f189065246119d65b92e1775fa372d |
| SHA1 | 4e1edbb0aa848b6f8cb91fbe63776555aa9141ef |
| SHA256 | 4628010d066b27098e3836df57809036c5af280676259ca717e35dc6012f57b7 |
| SHA512 | ae0c31b9fa4fa5bbd78f64459d267cc99d46253182cc9fda69a07b22310840f3ce04d4d19ebba0d945332f12734752a8aac5ba20ec201a56bb6b030e4c5460a9 |
C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fil.dll
| MD5 | 7c66526dc65de144f3444556c3dba7b8 |
| SHA1 | 6721a1f45ac779e82eecc9a584bcf4bcee365940 |
| SHA256 | e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d |
| SHA512 | dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gu.dll
| MD5 | f9646357cf6ce93d7ba9cfb3fa362928 |
| SHA1 | a072cc350ea8ea6d8a01af335691057132b04025 |
| SHA256 | 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150 |
| SHA512 | 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hu.dll
| MD5 | f4976c580ba37fc9079693ebf5234fea |
| SHA1 | 7326d2aa8f6109084728323d44a7fb975fc1ed3f |
| SHA256 | b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791 |
| SHA512 | e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kn.dll
| MD5 | 60dfe673999d07f1a52716c57ba425a8 |
| SHA1 | 019ce650320f90914e83010f77347351ec9958ab |
| SHA256 | ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af |
| SHA512 | 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ml.dll
| MD5 | 7e90d4306c5768dfd1160ad9e2168a19 |
| SHA1 | 4f7b17843ad226d51cfb0090235b55a29b5a674a |
| SHA256 | 8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c |
| SHA512 | f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_mk.dll
| MD5 | 064035858a1df697913f06c972461901 |
| SHA1 | b6be99ae8e55207949076955389bc8fec81937fd |
| SHA256 | 4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6 |
| SHA512 | 9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_mi.dll
| MD5 | 1866ddadd9397dbf01c82c73496b6bff |
| SHA1 | b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b |
| SHA256 | 9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17 |
| SHA512 | 76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lv.dll
| MD5 | 30849a9c16061b9a46a66e8e7d42ff81 |
| SHA1 | 2d0e86535d964acce8912c6bef3cc12346b22a6c |
| SHA256 | b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9 |
| SHA512 | 298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lt.dll
| MD5 | 7071c732cf3e4b3144cf07c49d8eb44f |
| SHA1 | 3800bf304b44d9d27ac26bed6ccc899669dc3b4f |
| SHA256 | 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6 |
| SHA512 | be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lo.dll
| MD5 | 864edbc77831a64a3e3ab972291233bb |
| SHA1 | fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe |
| SHA256 | aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51 |
| SHA512 | 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lb.dll
| MD5 | 269e84b82973e7b9ee03a5b2ef475e4d |
| SHA1 | 4021af3bfde8c52040ad4f9390eb29ae2a69104b |
| SHA256 | c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07 |
| SHA512 | db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kok.dll
| MD5 | ca3465347e57624ee2a5dd2299d4f4cd |
| SHA1 | 551a151a8d49489c90400e18c34633aa2c2b8a4b |
| SHA256 | 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0 |
| SHA512 | a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ko.dll
| MD5 | cf91a1f111762d2bc01f8a002bd9544d |
| SHA1 | db2603af55b08538a41c51fc0676bc0ed041d284 |
| SHA256 | baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75 |
| SHA512 | 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_km.dll
| MD5 | 2ea1200fdfb4fcc368cea7d0cdc32bc2 |
| SHA1 | 4acb60908e6e974c9fa0f19be94cb295494ee989 |
| SHA256 | 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3 |
| SHA512 | e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kk.dll
| MD5 | bcb1c5f3ef6c633e35603eade528c0f2 |
| SHA1 | 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e |
| SHA256 | fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1 |
| SHA512 | ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ka.dll
| MD5 | 3bc0d9dd2119a72a1dc705d794dc6507 |
| SHA1 | 5c3947e9783b90805d4d3a305dd2d0f2b2e03461 |
| SHA256 | 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb |
| SHA512 | 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ja.dll
| MD5 | b507a146eb5de3b02271106218223b93 |
| SHA1 | 0f1faddb06d775bcabbe8c7d83840505e094b8d6 |
| SHA256 | 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed |
| SHA512 | 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_iw.dll
| MD5 | 45e971cdc476b8ea951613dbd96e8943 |
| SHA1 | 8d87b4edfce31dfa4eebdcc319268e81c1e01356 |
| SHA256 | fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d |
| SHA512 | f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_it.dll
| MD5 | 497ca0a8950ae5c8c31c46eb91819f58 |
| SHA1 | 01e7e61c04de64d2df73322c22208a87d6331fc8 |
| SHA256 | abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7 |
| SHA512 | 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_is.dll
| MD5 | 5664c7a059ceb096d4cdaae6e2b96b8f |
| SHA1 | bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec |
| SHA256 | a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e |
| SHA512 | 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_id.dll
| MD5 | 03d4c35b188204f62fc1c46320e80802 |
| SHA1 | 07efb737c8b072f71b3892b807df8c895b20868c |
| SHA256 | 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95 |
| SHA512 | 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hr.dll
| MD5 | 0b475965c311203bf3a592be2f5d5e00 |
| SHA1 | b5ff1957c0903a93737666dee0920b1043ddaf70 |
| SHA256 | 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0 |
| SHA512 | bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hi.dll
| MD5 | 34cbaeb5ec7984362a3dabe5c14a08ec |
| SHA1 | d88ec7ac1997b7355e81226444ec4740b69670d7 |
| SHA256 | 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9 |
| SHA512 | 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gl.dll
| MD5 | 84a1cea9a31be831155aa1e12518e446 |
| SHA1 | 670f4edd4dc8df97af8925f56241375757afb3da |
| SHA256 | e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57 |
| SHA512 | 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gd.dll
| MD5 | c90f33303c5bd706776e90c12aefabee |
| SHA1 | 1965550fe34b68ea37a24c8708eef1a0d561fb11 |
| SHA256 | e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c |
| SHA512 | b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ga.dll
| MD5 | 3b8a5301c4cf21b439953c97bd3c441c |
| SHA1 | 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a |
| SHA256 | abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0 |
| SHA512 | 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fr-CA.dll
| MD5 | b534e068001e8729faf212ad3c0da16c |
| SHA1 | 999fa33c5ea856d305cc359c18ea8e994a83f7a9 |
| SHA256 | 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511 |
| SHA512 | e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fr.dll
| MD5 | 64c47a66830992f0bdfd05036a290498 |
| SHA1 | 88b1b8faa511ee9f4a0e944a0289db48a8680640 |
| SHA256 | a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961 |
| SHA512 | 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fi.dll
| MD5 | d45f2d476ed78fa3e30f16e11c1c61ea |
| SHA1 | 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e |
| SHA256 | acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2 |
| SHA512 | 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fa.dll
| MD5 | cbe3454843ce2f36201460e316af1404 |
| SHA1 | 0883394c28cb60be8276cb690496318fcabea424 |
| SHA256 | c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59 |
| SHA512 | f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_eu.dll
| MD5 | a7e1f4f482522a647311735699bec186 |
| SHA1 | 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd |
| SHA256 | e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4 |
| SHA512 | 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_et.dll
| MD5 | b78cba3088ecdc571412955742ea560b |
| SHA1 | bc04cf9014cec5b9f240235b5ff0f29dbdb22926 |
| SHA256 | f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085 |
| SHA512 | 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | ddf9db24c285abc683bf2fa36040a5e5 |
| SHA1 | 138a14db73fc709027bea74eb890e38cd83d19fa |
| SHA256 | 0f2f31a0b4a8d1a915f983ecc2c69b59594ed2221867394c50902443351b80ba |
| SHA512 | 963cc708dc5cffb0831660fad1457da2f3d129b7ffb3a345982e95d9d9ad1666147278d5c181e14f377696ac14303a09a9ad3e17dabb7019debe137f4846b7cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 9a1fba83979dbb7cb8c20e14d36b7439 |
| SHA1 | 95bd0afd6a464cf0e77d87f3ad13d26dc5589edd |
| SHA256 | f0b9b90bb70d522ee577655c0344cdfc1d6db03617bc55258b35fd40300c6002 |
| SHA512 | 4be5a2614f60e4cd44bf8f3a27813fd56d4006dd8b4cb962d93156cfac6619d9e7ef292fb860b7bd74b61ce7401f0e1d417435cbe1f0a4fde9a94a471ac1da55 |
memory/1084-2948-0x0000000073090000-0x00000000732A0000-memory.dmp
memory/1084-2947-0x0000000000300000-0x0000000000335000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 1a4d7fee125a69e90a598ec1895954e1 |
| SHA1 | 0cb4106e1a5e9326b1b41d7bdb62f77aef47ac01 |
| SHA256 | bab2a47f979a1ca533e9a2c8abd6e6602015df2108ef399f173216d32e51bd1d |
| SHA512 | c4c1ca07ed9a754eb8aea06ec0be3cc2b2d8bd40bad88284ef61f7335e21605b5425c43f1a53b3a698650840f5a28193ce3578e99db2d2a8ef2a8278ced5b001 |
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | 280cacb586fc9830dc73a22790a17e04 |
| SHA1 | de2a5b78181dd39eb97c96db9912952c61582052 |
| SHA256 | 8b7bbe047c4ef274c4e6a484b2d2c7910ab23481ac1a01d24bb102bede7fdb0a |
| SHA512 | 462dce8777be2dadad8e71a49e65ef517cd1ca1b7853345fbd15180c2593fd0decd4b387b3745c46c8592e1f4e6be235fc1f30b7615991b950cd2537dbbee978 |
memory/1084-3006-0x0000000073090000-0x00000000732A0000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe
| MD5 | c31297188ec9fbaa60449f769339963e |
| SHA1 | 8502d9e0cef18137529f0a46ad6e69a1577e6cae |
| SHA256 | 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9 |
| SHA512 | 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e09979ec146d11878f1023b1e805a6ac |
| SHA1 | 79b383ff83b6b86675d9f2626e7635e4d3ffaf07 |
| SHA256 | e5b84d8ce2704cb64fe99ef30fe50e4a87f89aa7873e9ff9e9e3713bcaffefa0 |
| SHA512 | 12cc7161f808aa5d1f350683125e405a7a5c8e1a60b24406037e6d1228ddb585cd3b60b5141e1b2f0829e3508c01d6f1f00ad59e776bfe7f294ba493204d3517 |
memory/1084-3089-0x0000000000300000-0x0000000000335000-memory.dmp
memory/4068-3096-0x00007FFF35330000-0x00007FFF35360000-memory.dmp
memory/4068-3101-0x00007FFF353C0000-0x00007FFF353C9000-memory.dmp
memory/4068-3100-0x00007FFF35330000-0x00007FFF35360000-memory.dmp
memory/4068-3099-0x00007FFF35330000-0x00007FFF35360000-memory.dmp
memory/4068-3097-0x00007FFF35330000-0x00007FFF35360000-memory.dmp
memory/4068-3110-0x00007FFF33170000-0x00007FFF33190000-memory.dmp
memory/4068-3111-0x00007FFF33260000-0x00007FFF3326C000-memory.dmp
memory/4068-3109-0x00007FFF33170000-0x00007FFF33190000-memory.dmp
memory/4068-3121-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp
memory/4068-3120-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp
memory/4068-3139-0x00007FFF35040000-0x00007FFF35049000-memory.dmp
memory/4068-3145-0x00007FFF32860000-0x00007FFF32870000-memory.dmp
memory/4068-3144-0x00007FFF32860000-0x00007FFF32870000-memory.dmp
memory/4068-3143-0x00007FFF32750000-0x00007FFF32760000-memory.dmp
memory/4068-3142-0x00007FFF32750000-0x00007FFF32760000-memory.dmp
memory/4068-3138-0x00007FFF35040000-0x00007FFF35049000-memory.dmp
memory/4068-3137-0x00007FFF35040000-0x00007FFF35049000-memory.dmp
memory/4068-3136-0x00007FFF35040000-0x00007FFF35049000-memory.dmp
memory/4068-3135-0x00007FFF35040000-0x00007FFF35049000-memory.dmp
memory/4068-3134-0x00007FFF35020000-0x00007FFF35030000-memory.dmp
memory/4068-3133-0x00007FFF35020000-0x00007FFF35030000-memory.dmp
memory/4068-3132-0x00007FFF35020000-0x00007FFF35030000-memory.dmp
memory/4068-3130-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp
memory/4068-3129-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp
memory/4068-3128-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp
memory/4068-3127-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp
memory/4068-3126-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp
memory/4068-3125-0x00007FFF34650000-0x00007FFF34660000-memory.dmp
memory/4068-3124-0x00007FFF34650000-0x00007FFF34660000-memory.dmp
memory/4068-3123-0x00007FFF345E0000-0x00007FFF345F0000-memory.dmp
memory/4068-3122-0x00007FFF345E0000-0x00007FFF345F0000-memory.dmp
memory/4068-3119-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp
memory/4068-3118-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp
memory/4068-3117-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp
memory/4068-3116-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp
memory/4068-3115-0x00007FFF32C90000-0x00007FFF32CA0000-memory.dmp
memory/4068-3114-0x00007FFF32C90000-0x00007FFF32CA0000-memory.dmp
memory/4068-3113-0x00007FFF32B20000-0x00007FFF32B30000-memory.dmp
memory/4068-3112-0x00007FFF32B20000-0x00007FFF32B30000-memory.dmp
memory/4068-3108-0x00007FFF33170000-0x00007FFF33190000-memory.dmp
memory/4068-3107-0x00007FFF33170000-0x00007FFF33190000-memory.dmp
memory/4068-3106-0x00007FFF33170000-0x00007FFF33190000-memory.dmp
memory/4068-3105-0x00007FFF33150000-0x00007FFF33160000-memory.dmp
memory/4068-3104-0x00007FFF33150000-0x00007FFF33160000-memory.dmp
memory/4068-3103-0x00007FFF330C0000-0x00007FFF330D0000-memory.dmp
memory/4068-3102-0x00007FFF330C0000-0x00007FFF330D0000-memory.dmp
memory/4068-3098-0x00007FFF35330000-0x00007FFF35360000-memory.dmp
memory/4068-3095-0x00007FFF352E0000-0x00007FFF352F0000-memory.dmp
memory/4068-3094-0x00007FFF352E0000-0x00007FFF352F0000-memory.dmp
memory/4068-3093-0x00007FFF351C0000-0x00007FFF351D0000-memory.dmp
memory/4068-3092-0x00007FFF351C0000-0x00007FFF351D0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\13ECA6BE8CA6822FF3428A894A7EE25F3F985283
| MD5 | 7b9222e3a05efb16336a36c7d53e77db |
| SHA1 | 7adff16689cc8714b133c4651315a39a068e6725 |
| SHA256 | fcdd6d8b5bd55fd5a3a03c1435aeb2d844ed7ec7e785df8e67ff2c577710c9b4 |
| SHA512 | 8e2bea91c9ffa4d2fd6fd1705cc21db4abf5bb2c687e8a44252183e6e1178cf1592589ad70bc94967b2a020715ca62c6eb8d79d7c1844788c3570057ef5bdf5a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\50C867D2139E0B16EC8C911A86840C354297E944
| MD5 | ada49d6ff3b0f40d8bbf86a16daebe8c |
| SHA1 | 724a4566e946a33d96913924aa37e574d7a2315d |
| SHA256 | fd836ae84c12f815971836851be8f33460c7bf2371e9af0853f3d008a87f8f3c |
| SHA512 | 234703ef143f0ef1c12bda331d8bb21c934cc6116b88a75426335e6ab585e9d2ecd352718d39e7d52ad275ba8fd4a8b06be40dda2613f99d9e67e5c6fbda5d62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134
| MD5 | f44e5ad5efef5c64a3377f710f5c18cf |
| SHA1 | 5260ff965dd1f7f94e725252534be310b905335f |
| SHA256 | b52d4f08cc668dc43156339cf99523d7bdf642c21149495f68e12926ff265080 |
| SHA512 | 17eb86dfc4fcb9ec669c93df89beb8ec430a23eb37f79208082582147d7cb09ea7ade070a70f72fae458d2858ad8932c46495b2a2b735a6bc7895decd6b7e377 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54
| MD5 | 2785b5255fbfa2d954e8ad3e8a8837df |
| SHA1 | 7f9585403b858bad80c837be2429df9e01ce283c |
| SHA256 | ace943883476f52e54b98394bb63cb7267fdcdf469ed03cecd9b695732dc85b4 |
| SHA512 | edbb24c96a8d9ddac60642e05fb0c88563eab14a9e18eafffb4eeefa54885c25ef9dbde95557af6c4563813b9e760ae8d15059b4de4714fb563544f5041e7c3a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB
| MD5 | a60022aff7b0968f10c2632632cb98f2 |
| SHA1 | 67c71c8f6232bbea81479f00384ab3aee82bba11 |
| SHA256 | 66adc5cb4016035ff5a06cc5237897afc5137f8460f56d1b5be1da98b088be40 |
| SHA512 | ab8ae2bcdd8eabac152a84770818a6d017ec3887c7886db04a0e320c0daf849ff7d9efe1fa28547684348f09faebaf2dad73fd69ae9a6afd8a79654e8ec3d23c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F
| MD5 | 78be4e1fb2550b7d608a2b0b18924b3b |
| SHA1 | db7497807385eaf935b71f5e0bb78a53d4918e94 |
| SHA256 | 9e79527635c9aa5e73ecc4d189eeb58bea0e52f077c4255195e0ffd7c03446c6 |
| SHA512 | 06100b62f1f8bb169c875859589a71f0e845446654fac4c766d1a3fdccfba06747f5d1d3112881accaaa1435e2e632fc76b33bb74c56942acbb3e77b77f71462 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9
| MD5 | b9f6b50bc48e076d8056fdd06d86fa6c |
| SHA1 | 31b15d7f32aba9b883d56589d8860615185db291 |
| SHA256 | b0480d8aeaf9befce220d9b941fcd0e0166d40b22dec84c1e35931a21a8a776c |
| SHA512 | 183733f60e2f0b8c54f638f5e5f9ca02aec0a0affaac096128fd66e099956571e671c7e83d92c9f6d1cce654d762a931df98d049034bb6e229e93c5be635a28d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8637EC1244B61084D530B4C2FD1CA5490C6EFAEF
| MD5 | 91dbeaf7ab9ec6786ecfda697eb20517 |
| SHA1 | 8a72272aac857c945644e5aed8ab19cf6e520a75 |
| SHA256 | f64eba416d24b995a34926c004cfb57c7f4f4abd64cab6e5b3a82cb3b0e98c07 |
| SHA512 | 49dcc5c7837e134328fc55c8ff4562c9470d3f40294669811699c6e073913cc30b43edafe3f446492ad415168496a18b5615935c1722cb85fd5639eb8668136b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8D2C754DEA256EF7C46F48B25026A09FBA5D33A9
| MD5 | baa5dfa5647b8a736bc92e3d9b8483c5 |
| SHA1 | a94691a7b6d55b8bb39374f7abdcca06bf51c414 |
| SHA256 | 855be268fb2f77a75746ed9e287083e05682998832f4a824e8eb454eadf75e2c |
| SHA512 | e4bd416436f102e7c584470695e4c96f7c7b89544849901fb2e0e36eca34b3b5a02c8be89a4812ca502e5825260c72d8e8b9b7a37c5126d3531177b262fa826d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608
| MD5 | c037d041472184d740a90f4089ea23bc |
| SHA1 | 84f96a9a937c76ea23221c2dff42b7db9530e90a |
| SHA256 | 2f8a6aed9b71ea0dd32f644354350e5aff06971f3e182a349e0b03c01fa4730c |
| SHA512 | 72d8a79ab5df34698932d8a239b0a19a889a34e5d6597c2ac3717c00910da1c451850ba586439ecedd9c295d49d53eaa2f266c66d06bd066770b858602640b2c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\84DCC1FA6B673A3677DB8D8001C56DCE773AA014
| MD5 | 89fe49d40f31f6dd8dee35cfe78b4725 |
| SHA1 | 0d3f8ac40e9f1fcfa2f9380ca4f4a54964e8012b |
| SHA256 | a9f8e89bcacfd2cca92f53dc549899c102cf0f6b1b347325078120a87f2844a6 |
| SHA512 | a33eeddd3242eeb49ef387a5257429e7cc72705f35fcc3dd7da55d66560fe8734765b391fdc67a76957682346ec21933d5c12c7a2b472ee691637d9b1986acba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C4A98151F7F4365D06407FC1FCA4114EBCEF385E
| MD5 | 10f709162296bdeccd057e7a403d4dc9 |
| SHA1 | 2739efd90c7f61bf9e0a0722e8966ceebfd58952 |
| SHA256 | 94867ddb18e55e8b7f2b232a78b8d4c2d5a8cf4c14a2943cfc4c9438fe39b436 |
| SHA512 | db4d1bee2928a20d16cab9653f56cb22f8d3d9fb017d3606abb6838a088f9e904874ccd7d4f140913fb46688392e2f91670e3fd746cb71631b5e703e82b62d82 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3E94249D3ECBE02CB9A5BFC6A16F080F38DFC2EC
| MD5 | 64362c7d2f141a43ab9e6d44aca5d7ad |
| SHA1 | 895e35b5ae3f89c68929545dac7feff0ead628e7 |
| SHA256 | af6ccc8f0d7e79e0df39ccb42653c0d5e32720f8e5a359cce28da50b7528a08e |
| SHA512 | 2248d206547780c642885fbb6187136d3b8435f1cdface56a4576e9313215be07f6c1bf43791f9c82ee65b6641529170787c80d04ebdfb073ff8b2d0be3f0343 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C020CBC5ED54178DE75BD3A92FA0EA7E234C83A8
| MD5 | c9336acce8037108e0baee415314e500 |
| SHA1 | 7f22f27f1a55ab4533e63fd26f1bcfc94e2c3288 |
| SHA256 | 11a55d6092c796f106b5dd7e2481e131f0881136a1a16073e4f4643d15e5af28 |
| SHA512 | 29e047bed290559e04daa92c485c5c1d52d374b756db71a7d36538d04866edebae9f5ba2c972e9aa3a5b2745a25f33b9a9c82b062eb6c40dd21115424ca28b93 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\739261025B6871CDC158A1001D4B7849AEB2D5FA
| MD5 | 42b73816fb9d6e3aeb0621ed8e80b027 |
| SHA1 | 17d30c51cbe5f531fc888eef36ebf789c747fd92 |
| SHA256 | e7b6c0521c2068c2a1f366f653ddb04b7b9b7e00d0103bc717db156d3a1de3f4 |
| SHA512 | 678319927d554a870579a1855266ede368c13322c322ce58d44b4a3077afffcb28b0dbc0d134e34b8455bd3c012511c9b5e68ae89c038a8f7d7b223312c9c95a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E1E5F90C5D42E8AAF6267CF5C1D4F4D7211B2A50
| MD5 | 1f9fdffa3ca6966e3fb77ecc0832d3b7 |
| SHA1 | ee8b595e138b9042317ac1dccd72e126459deccc |
| SHA256 | 832421c9c7afef2a7cf73f13baa247af9533f08d1571d9c7c63654b3f3b90e0b |
| SHA512 | 9bb45d4f54c9b6170b90df4164742318ff6c44d3855c985bed6ab5e38ffc57f93399f8182408682cc1a7167175eb86ca256b0360f987edbd801023555a22cd5d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E
| MD5 | a7e5457bcfad84e243652d13b3a2d0a5 |
| SHA1 | e6b577915c1dabac39bde045d51eed6be26ba13d |
| SHA256 | 5875c7b1ce01000b3fd963cb1489bcd0405f73f7f76347489b8a690b88e1d9fb |
| SHA512 | 534ef10890054edfae720fbe174fe3e6d0c0cb21019aab75db3f08b1f51f407f2d230009f982a1da52064b0c8dd5bf656974562aacb34a9de1986e5f2f71aaae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B01FCB2908755BD2F571ADD006C4D3609CFB24EF
| MD5 | 9f016b7f3d655e31f85ae9f05ecb4775 |
| SHA1 | 724357f37128d4b2400ed72597eaff3d8008d30f |
| SHA256 | 8c3c6661c75769321fbff48af89ca4a84bf769e8700214e2be4dd1197e79fe55 |
| SHA512 | 48e2af87d1f5048c07819a357eed46192ff75c6fe42981869e69bf3e5a9a669d5eb0e4a7ecc511614c4e46fe11b0bab3581692b31ea2b1fa5ebb10a4adbe871f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82
| MD5 | 5d4159c00224bc4cefcd6c88ef01d4a2 |
| SHA1 | c15399d81c635182b7d466af59bedcc6cb9862af |
| SHA256 | 3a1b13ab36934712dd465ea72db3df1a9f8dc59b60c004fe2254889a37906fce |
| SHA512 | efa1109f1df199e5a878928353641210ecc437925766b680cc80677b31d83343eac1f3dc883640010e5993783e9335f5b336e1b6ae930e09e1aa1f03ddfec0bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3CC64668187C540A26A18501F41B51C0CD662225
| MD5 | eb6fba4c8ecb4caa639ce35c86a2a0c0 |
| SHA1 | c8cdc34b8410b529c3902c4a0af0402cc73f5ca2 |
| SHA256 | 236f50d66c9e0157b23f2a1ed37153b6f910eb2453e8d4b2c6fa08687552777e |
| SHA512 | 5536497d6ba1e745c319be991a66a712fb35dea2bbd369ca8bd42b042157d463aa295d36ac2c3887c5e143caf80610b27b9f0359e49d77781b0e09ad03f54ec9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6B995C7CA46FC5BA0EFF9F15DA86A8CAE4C276DF
| MD5 | d3b2a75ea612dc78d1ab7e0bdcbeb8c4 |
| SHA1 | 37d270d4a2d33afeceaddc491208e5e1ecc99780 |
| SHA256 | 37806175f506d75b33b86ae8ae4d78268c1eb5658333462a0f28fe41aaed3752 |
| SHA512 | 97c6dcc2ff53f7429ac52ba2b9fe04f65f089edf2673a22885e7dbececfa46ba1038cee42f4c5deb61591bfa0077cff0984c04bad8dd1d066e1ec6f48735de33 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\11993EA3BF3D355927605B079BF182BDF694A9FC
| MD5 | 907a56c4eadd1df2bb81e4cccab3282d |
| SHA1 | 2ff451bd3266fb0f147a1d9007cccd616c8cf1e3 |
| SHA256 | abd785ee1c0aca24b32e7a182fa506504c29b2eb390756376a9469dce29499b6 |
| SHA512 | 3c28024169f9ce23a0f2e89eeae4d335abb4d981e4e2284251baffb53b639f96edc1b40225c03b71b88b14b51ff095acb9abec502c6eb7d3787a30e88d199924 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565
| MD5 | 61525c634a0ca8dbae1ef1ea7551c67f |
| SHA1 | c1b445749e22a560a393c9bb3d113c243f4dbd7e |
| SHA256 | 6e2e4d3013894d7625a38bfdb292b05266fe6d2f9427d5a990e07fb932e5339c |
| SHA512 | 8273acc9c0f776b55d4198d2056ff2bc0c936112df36cef5436a5c0ecbccdf21138e4dbf291cd8cc466dd503ac48f57b0a3e239f79563145c320629a94e62949 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B
| MD5 | 360aed0547a5b48ab4a24d4132b684b7 |
| SHA1 | 62ace40d1033789f24235daf671da0edcae67eb4 |
| SHA256 | d2211ddafdbf347ea1a6b3c26139046600c06775f21f618c0ad5613461acd989 |
| SHA512 | 0166d04a0934bf16cda89658d7932c0583f85f606627e4eba8c5454421146ab36356acf7569ee49cc5e92738007d3ee65e322d4b8510750b7e6ca7e7abbf55c3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5759696408CC362AAD43661B4E32560E15A7872C
| MD5 | 153383f55970ab45f0824679eb20cd43 |
| SHA1 | da2e168b1afdd71b61f08a1d139021d97c102ffd |
| SHA256 | 7547a34f4260f169f026f6f2aee504fa4de1551f8aec60157c99425fa051f7e6 |
| SHA512 | 82c73fcbd714eb4bcaf1ae032cabd01b1b0dbe74874285cbc23700333f8908ea599934db81e37aee6ca5b979e02436265bc4fa4664044d36a8fe774d89e4b6f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7DAE16A7D2B8F15C1F2F344E862C788B8D054798
| MD5 | 8ebd7ae701c020a524a2b17efddbf2b2 |
| SHA1 | 36d1f5ba60469b97ecc855c57e535855ba9d3e1b |
| SHA256 | 3c0f5b0719147cce049a9893025d398dba9f67a0774c3f1c377db8d92f9c53f8 |
| SHA512 | 6f89759e39cc1154ce4d4791507697e6a354eb8017a3388d16395cfaf9a75011b69679446f37a481d0af9da2df73268e636b13f94af4f50275654fbef55043fa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0FE05F0C7396FD9F3371FC9BE08CDD52A2783F80
| MD5 | 71fb8dfba40f7d23e709c69f1c29fd8a |
| SHA1 | a7eff45d83b08dbb08e81707e5dc3e5ca035c469 |
| SHA256 | f58c51615eb8684aafcce2cb41d502ad30f377478a2cc553a578cda8d3396ae7 |
| SHA512 | 37f841964e8dae55c45430179a2380f453c532bbe262a9ee79e620142fa3474790b37ffc98f45ad96e42527421be49a7c1733fc578f28b0aa20dda85851b890c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AA1F346A9657DFDC0470D6629859DFEEE28AB7D4
| MD5 | 248804b2b39aeaf6e9fc7dd7169dc450 |
| SHA1 | 017c342bcb7127eef58c74cb1de70ad9ec909ea0 |
| SHA256 | 5a8a4ec53e067bc8ac994ce3a81fccd10fec646c8a07d6448c8ab46a7a9c6612 |
| SHA512 | d87d33640e0f255189e727536b7ab102cf3a230d2034298c97484fff4e1fe924e285cbb41e38da393b56f64316de324e17f1499ca6c107d1c78b64c6abd80127 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E049536DEABDF445A5A39B7D6289FDA9A6F2C5AF
| MD5 | 3abf71a2afc0ca070eec7b85eab031d2 |
| SHA1 | 00dba861b1809026c905f077251a68efe43dc0c1 |
| SHA256 | 6396bc69ff5fec946ebd40ef0e5a213339452d350c3e0620123bebee15e92081 |
| SHA512 | 8c2d8e2367788ef241513ca727327629fcd0cefe4bd766fe368bb7a26a8aa926e6c20d556deff23a6a74e4a341afc2efd362e1d24e85dcf7a967a7862f1775b2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257
| MD5 | 5248419c3334e96b0eb1afd95a954272 |
| SHA1 | 66bf1aa32f293d164167892fd80318348a5fbf0d |
| SHA256 | 52b121fbdfc1420ef9fbf34c5da45db7a30609583adbe590c256200e182c17ba |
| SHA512 | 92474d81d085bf90544b4b2dfd49d8f932803f8c12359b7abb1be3db1328a75b0bb9b23080ea74f060c2ebbad46259a0a6b1962624a8acd46d44dd89778b9637 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A876C8AF86717633E6E46572013B957E820A5E24
| MD5 | 0f4f883a7f1d8ad8b0d514af88c2dcfe |
| SHA1 | ae3e5b78b622a67ff6642557bc14f48777e5fe8c |
| SHA256 | fea999814da3d5a0fb5f09c77c2b0edf0d1676b2022d5c5d8385b8c67bd5b267 |
| SHA512 | f2502b5524ce2e77866d966189b6489374054581535b3e488207c94557118d2ce639eceff0cad6e186e55935259550f529d534232c999f50235c5cadad2bdaa4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB
| MD5 | 3a7fdf35f87e6d4623099c48aee90d4a |
| SHA1 | 1c6ed98e9992d01cc8be527f9d3b840e80514c08 |
| SHA256 | 563bc403c1f39958c2ae5d8c786cdb69e38a23ab75f356a1dad2aed20a99e992 |
| SHA512 | c4c7121f63d13122ac58e17e668703fb307af9147ca1fa03c3a3af896e451797307cc0287d59e3066eddb7a7ff644cce83c61eb56522e63d20817ee9731181aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | aab352737259bb50472f6f87a20ee410 |
| SHA1 | 300d11f710a665dd5de500567515a38215d487e5 |
| SHA256 | c50025ba320e8b8968a1c6ee3877c6054c1784821d983a99255ec84e03e1410d |
| SHA512 | ec72cf4a5c1cc477dd96ae904bf8f599c095f44fbe486b75757e392893a96be6c3006429f7464cf1467e6c434e337495f0ae3d2863452542a22724d3fc4fa6ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 482723ade4d954878e4c01bce024dba0 |
| SHA1 | a91b88871db36241b64ea90411cfc13a26cea8fb |
| SHA256 | c2246d795a86201781dbee53f73529644e7356c1dcb73c8b84b42c71c6456592 |
| SHA512 | 6f67765eaa0ed9121262f9434f1b044514eda0e76c71caea0dd2da4c70244f52ca69f862222413c0392ec76e05bdafd2c801f1f6ede72c6ecfa9b3806e06f78a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 148639bfb561145a72bf299728b1b549 |
| SHA1 | ed5d38f6e4e8fad86d284f5fd65f60306ca9d355 |
| SHA256 | 6f2fbe8d9f1f5314a2ae3d63890954af41ac89cabde167ab5d4fdf5ff8513331 |
| SHA512 | 026a3a06e3645a9e56ad8375f739a5601c8287ff97be63b467b0e291ec218ad1244134154926ec518dcb39c9554c163ab86c1730119e1d8bb509f832b0ed7722 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | abe89fffbdb440a69f192643cca0f3ec |
| SHA1 | e3eb4c3f7326fd524beec4e51d75f55f271f1584 |
| SHA256 | beefa61bb034dc056c006b1e65e1d985da033e55600a3de442d062f742711688 |
| SHA512 | 103330fb932e9d975046eb60090153281ef3127565f56293f55d3a5fbd6af66ebcf6f35d1da59d9bb3b5899d182da48bdd44d2f5593b83b98f3452d3d5760dc2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 92694f1319275db81cf81b29abfd3f09 |
| SHA1 | db8aec4f8f31fb4678fc1132d45fc8f8344a485e |
| SHA256 | 69c5300797a1ffa599eeaf88e9a5249e9bbda85ed4d0796237e96b1bc05bb698 |
| SHA512 | eb631de25ecd5e5b3da74681d9abea01189cab5a8c0a9d1cdd3585acbccdfd31bf50454d9436581fcc00b2f7dc1421e870af19a1052d23294abbf14433fede69 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\CFEA5DFE136E15CD97A3C39D8D2A48B71BFE4694
| MD5 | 6a25acf84c1165b0413f264332e55a38 |
| SHA1 | 3355b7ae5539f291560bb7b5825d399119490290 |
| SHA256 | fdebe67d3819ec36e88929978ac68bbfdce0bb328eded3af3aac9cc6a299d58d |
| SHA512 | 86172be889085e0e1d08f06ecad28b4a9031fe852972e79acfb815dd692909b8529d3c6c77a3085c3e47fd1542b76b034f1be8c4701b15904122f2adb9c06f11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\2C4BAA6F19DAD1966BACFFE00E8A81C718359637
| MD5 | 63d349310f76228e00dd4586ddce9fc9 |
| SHA1 | c9dba6b2b620e6e2ea0be06f88c3546dd58c5d03 |
| SHA256 | 27e45d68fa1ba5babce117da518d4ddea8fad7c6084c7e6fd5df153fc55b1d37 |
| SHA512 | e7de564aeb63869253ac1aaeec4f75616b587826b1ec72ca9ca5ccf647cf299561c864a1baa3f59bb4a4415a8932e6fec0a34e47e7dd0fb3f73a406b9c449023 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\key4.db
| MD5 | 8769b47ad77608268f2fef440590fe61 |
| SHA1 | 003b9822106f2302d4d573b5870dc0489ad396aa |
| SHA256 | 33e4b35914b9d151b5f8f0951333880e5792769cf8921f2ec7bc6ee9f1bf8f3b |
| SHA512 | 815ca7c84e799472916ab043bb3b39df0883f310b4be6f0e3af3431cfedfca39d7a060b68cedb17b46c421f1c5f8b550c8f4004f35cdd65cf0691d57461c0a77 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B5D9B00549A67C5E8FDA11F8BBFCECEDD00925E6
| MD5 | 945ecadca8a0e710563e73ec359632a7 |
| SHA1 | 237d65aaac12338b17d758f0ce2a739049b5d101 |
| SHA256 | 8bb15d97e1033734c6b224d8a970b408e5e8e8ea37bc9ff290e05827d8efe2eb |
| SHA512 | d17acdd27c951b757d7cf3423609ae53a5981f12bb37098a34479ea0589eac77a7740393225836b7460af8f0b3b8d5f69eecc690322be56fb8bbbf7402b02ba8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3D390C3690610E926E6E7D82E3D120B62A6D1C67
| MD5 | 6fbe7346200984129f02fcefb2492604 |
| SHA1 | d5fbe8e697f489db77a9d8618dfecf8c9d03cdd7 |
| SHA256 | 5b36d05c6f8d9c3ae95db03b3bf0cf2309c7b1c714f85d06bcf116ef36c3a8d0 |
| SHA512 | 184daf22c1f3ccb555b289474342a1b690c9d21830a7136d2a6a79075088d9db0dff481a929419292fa5fb5d7c4bc97b1b44c4a518e10a9d598eeb93a3d2df6f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D3FB7DFEE39173F53B5DDE4D1BF8A49007402BF3
| MD5 | 8b4276c76da4ca715ac1e96b5009315f |
| SHA1 | 6331a8b9991b42cb782b2f70ba341b2e4b481cca |
| SHA256 | b09ac03870d073c5c8e30200b07c36019f9e31d7e8bc560c4f7cc8398f131bef |
| SHA512 | 0da209c0e3dc8188b3a5ea0e97a1d56d40bf427c310a909ea61087132a864f4f9914b4955f021483f89cfcae5d7d6412807c1fdaec55b3c6e853819287799e99 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\2D8B1A13BF4DE864309FD52B7BF93789A675C733
| MD5 | 62498ecc24f88697c9747257f061251a |
| SHA1 | 0a3d8f806845e494d23c445c07742bbf1bbc7fe8 |
| SHA256 | 8eb46849a5ec3fb78bd16c879a1c123093ec985c208eea81bb7f4d35abfba668 |
| SHA512 | 17dd7379ed3008d6ef20a9dd6c118dd3ee3450e84b9df149ed9c0f7849caad71389c14366c86514a73269c7ff17733a4264449362e81d5563c0b4cd32928f2ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\44051AAE8D166EE6188B9FF63F26647F25735209
| MD5 | 7d25b8f6d8cfd01dd22835cc9cbec065 |
| SHA1 | 8bc8eef24dbbfd0e653799200ced32b6ece07b41 |
| SHA256 | c9bd23071cdb5b5756a6760779d4f7fb7406815789764aaf6c2ee765f20abd99 |
| SHA512 | c7659b72f3b2c45a81c37cf50d5bebc7f92891207dcdd193e9f78953c61fb369986068159962dbb70ee47134b9384f7d3b9e4412dd0701e6e09c1ae2c101522b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BB20B510857683697E6659E906F03B7F4E60F53A
| MD5 | 69316e79c20a1993602c3962fd4199a8 |
| SHA1 | 143836859af383816f9e7dd1ff37b3afbc47ad35 |
| SHA256 | 89f4fbc812120773e7f7259c207d1cd79ea6cd23e5b0d85d2c62fa6863e34b28 |
| SHA512 | 1a91e2f00b00ebbaae791be7bf2e432174ec5401c25f68dce6479bda0dd4366c9128efab9632a16d4522feb245611b1c74e1cc8bcfa1130362ac29d72cbb19e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\36666FA3760CD3A6C81680EF8CBC1FEE73D74E31
| MD5 | 5e208cddbd89c54044f35651cfceaec6 |
| SHA1 | fa2d0a47289be672087bb93eb9f66d2246218153 |
| SHA256 | 22f7c6e0dc4e4eb1fc90e4f2175e3b216198a6f5c104a926273557ddb9af665f |
| SHA512 | 9e878f0d239b92454b745d88deaf07f48fdd6633459b037ea71f42aadd357eeb21be4d6a7fe685889f69f4a9b48f4673ef65f2e2529d19380f9a13b6e3b2310d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E63BB282E2060D26E713C67FFE0DCE4741AF2219
| MD5 | b530d5ae0cc1a4f5eaa5180b779a6609 |
| SHA1 | c976cf8c2ec2076a265219669c2ebb8c13fbc653 |
| SHA256 | dbb8a6cb4409061226700d51e88fb8711d1cc5fe34c0575c6cce0b43dace4765 |
| SHA512 | b4de88e88adaa4957adc375889749f1063a8623ba856e48d86593909fda377be0af1aaa6f2fbb32751b183865d15fdb944e52fc757e9923f7d57854ba69fd9ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5CAFF5C1E40766ECD6B981F4D1F0E33B406232A4
| MD5 | c46c92d9c016ee91adb106e6dd91d385 |
| SHA1 | 40690ede9e4ac114ff8cefdb636349b6ef7309dd |
| SHA256 | d217a6afcfb1340e166883e9083ea42598658d2a19cbc4867c62f42e221726ab |
| SHA512 | cef09a475629d69336aaa1f983f5bfc306d99081d394f46a163497fe5a540c7c5025d2f72765529f7f0d19c3743f3a4d4fd2caa95d2279bd25935b8dd1ad8cbc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AFC332CBD99EDEA70FBD8F57B8897801A6383FDF
| MD5 | df964d31a4bb54a24fa6a38da25862d8 |
| SHA1 | 73dd3b71dcb512d4fc0429164df83e3a70104a26 |
| SHA256 | e7d450d1f3b3ad1fa7320c6c11d89272ed1a94ae169e54d75d75ee9b77ca07f1 |
| SHA512 | 2df2202f7b71cc99de0d40fd5370536613839cc168df2d309b45d4989222b73b1b95ce3334f6e28fc2b9c4055dcd13ee8820892fc633769eb03a99886724450e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0C6E875C3F4A80E544C5AE977C50F6987563E3DA
| MD5 | 65d2f6b33c6960f0af32adb8b120456f |
| SHA1 | 145437572dcd56aa8eefebbc43141e43b58864ab |
| SHA256 | 188947e4ebc6044012279a65f69536face9ea1a38036d92f95f013c82ddebbd5 |
| SHA512 | 1e036f3bfd4994fee0e4b817f695f55c1d6f398289beae5cd12772ba50ba9f8b91c2c27a080604716d09d22d9e779779236f8e7c67d1f1b11fda3e0248829397 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
| MD5 | b18c705b3c68cc49d9bf3649abc75c24 |
| SHA1 | 6dc8963dea0f3185368790dee2a346301b4fa24c |
| SHA256 | c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa |
| SHA512 | 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 4429e771f09c08baf6e92981cb5dc881 |
| SHA1 | ae4694345e95d9d1a4f0789cb2662b9235418d00 |
| SHA256 | e094453356cddeb8811878fdc3dcbe9bab147e93374c299f9afdd67362af05a7 |
| SHA512 | 2f032a71c575e668e4137ae91cd07b7a45b83ebf985643651ba9b1fa51afacd3e53c87f9a3d8b37ccc7ab6a8c7fe818f113cce0e915d7f2bd69f339577fa1460 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\bookmarkbackups\bookmarks-2024-05-01_11_jd9W0U2wg3PE4xPg7hhnCQ==.jsonlz4
| MD5 | 0f3e2acd1b261424e80d39a04c33068a |
| SHA1 | edc5da8aa7768415db3b557178b2724d902afdf6 |
| SHA256 | ec0c1654120720f01e638c22acf8de4796ca2015745b2d3652d0e8071d362c9b |
| SHA512 | d9fdcb0466588dcd52120b05912aa91ff24e5f99b2944212b512e7ee295326eeb694f7ced7b886782a0f303b1b0e0507de4eda7fdeba21424d22e15101231078 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\ls\usage
| MD5 | 337e16c39b553503379c757c88a1dcf7 |
| SHA1 | e2e12451654d82aafd4cc6408781aefe0b1f1930 |
| SHA256 | 1c38bd8ab614d461847b9afea54eb7dfa5e9613d06b70c2d4e59f88c0b08ce75 |
| SHA512 | 33446efc29edffea1bba41e5b2f570d7a57c8c5e8d8e98d9578d5ddb24fa59fbaf988f72de4feb252dff6a7a864bc32398d6d2e3c9e99b1118c5ffc2dc0a238f |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
| MD5 | 3f208f4e0dacb8661d7659d2a030f36e |
| SHA1 | 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff |
| SHA256 | d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b |
| SHA512 | 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\SETUP.EX_
| MD5 | 5070a34dbada1aaa375cc572b5fc7d0c |
| SHA1 | e74b7ef714755870976abe3d2b4a7db0b9cc21e5 |
| SHA256 | 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20 |
| SHA512 | fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | 28f5cf3c1d590016d7e5ecb1843571f5 |
| SHA1 | 406f6637234211764c4e13753272caf704ffec2a |
| SHA256 | a975a3a4ee010fbcc6a60c8c1798a19a1dd795655b4b629d20053bac9c5a3da2 |
| SHA512 | 0e1fe3d1cbc9eb36c41a534b26ae95603bfad4e2f593fe1a8df9570209924772a0668d3c4a20006fdb700fed1decaffaebb189f34b8474eae0346ae924c6e938 |