Malware Analysis Report

2025-01-18 22:08

Sample ID 240501-xlafragb36
Target https://tenor.com/view/tweakin-gif-22987107
Tags
adware discovery evasion persistence stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://tenor.com/view/tweakin-gif-22987107 was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence stealer trojan

Sets file execution options in registry

Modifies Installed Components in the registry

Downloads MZ/PE file

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Installs/modifies Browser Helper Object

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks installed software on the system

Checks system information in the registry

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System policy modification

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of UnmapMainImage

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-01 18:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-01 18:55

Reported

2024-05-01 19:32

Platform

win11-20240419-en

Max time kernel

2158s

Max time network

2158s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tenor.com/view/tweakin-gif-22987107"

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=C9B5D502FB2D415C89F5DBB233F5AAEE" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DesignSystem\ButtonX.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\canary.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialManager\Grid_LT.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\AudioPreview\play.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\backspace.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\9SliceEditor\Dragger2Right.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\ScrollBarTop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\ErrorPrompt\SecondaryButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\families\Roboto.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AnimationEditor\icon_checkmark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_5.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\btn_grey.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\pa.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\avatar\defaultShirt.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialFramework\List.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\Oswald-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CollisionGroupsEditor\delete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Slider\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundLightTheme.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ka.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\models\ViewSelector\Axis.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\MaterialGenerator\Materials\Ground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\StudioSharedUI\import.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\loading\loadingvignette.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AvatarImporter\img_light_R15.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ro.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\LegacyRbxGui\health_greenBar.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\dxil.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\fonts\Ubuntu-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperStorybook\Story.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\ButtonSelect.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\AnimationEditor\btn_collapse.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Settings\Radial\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\debugger_arrow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperStorybook\Folder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\PlatformContent\pc\textures\water\normal_02.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaApp\dropdown\gr-tip-up.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\ExtraContent\textures\ui\LuaChatV2\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\msedgeupdateres_sr.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\CompositorDebugger\default.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\content\models\RigBuilder\RigBuilderGUI.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll\AppID = "{31575964-95F7-414B-85E4-0E9A93699E13}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3928 wrote to memory of 4452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 3824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4452 wrote to memory of 536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tenor.com/view/tweakin-gif-22987107"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tenor.com/view/tweakin-gif-22987107

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {485ed892-6075-45d4-ab8b-c63092dc7300} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7fdd23-8555-4630-8550-4eb1d366a6c6} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3292 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7476d38d-f70d-4f7d-9204-92c9efc9b1ff} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2700 -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e0c064-6f69-46cc-9f83-0150aecb7814} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3e748b7-688f-4bae-8795-3241f36797c4} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5296 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18637c33-84bd-4833-8e4d-6e14799ec95c} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ed75cc-3cb0-450a-8fb3-4fe7c52cde69} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb9f40a-f15f-444d-a003-44d3491b0fbb} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -parentBuildID 20240401114208 -prefsHandle 5340 -prefMapHandle 5976 -prefsLen 31077 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96c63db-68d5-497d-912d-9aae9bd36188} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 31077 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abaa75cf-ad93-45bc-b11c-f117e1c7dae1} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6412 -childID 6 -isForBrowser -prefsHandle 6388 -prefMapHandle 6408 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01c19ba8-3e50-4829-bf3a-2df46fa284e1} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1508 -childID 7 -isForBrowser -prefsHandle 3032 -prefMapHandle 3180 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03aa3fad-cc9b-49ac-ba86-df4ac0793c1b} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6908 -childID 8 -isForBrowser -prefsHandle 5916 -prefMapHandle 1348 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddb397cc-06b3-4d60-80ca-6433881dd846} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 9 -isForBrowser -prefsHandle 5420 -prefMapHandle 5944 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49778d1f-9027-4700-8988-afb280d6bc62} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -childID 10 -isForBrowser -prefsHandle 5440 -prefMapHandle 6272 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d2f2f5e-5cc8-47d9-a4af-b6925ad008f7} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7596 -childID 11 -isForBrowser -prefsHandle 5312 -prefMapHandle 5432 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e5ab29e-1a19-4944-980a-6d3bae13e1a4} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEQxMEM4NS03OTFELTRGQ0QtOUIxNS1DOTIwOUNFODgyQjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1MjE0NjU1MTciIGluc3RhbGxfdGltZV9tcz0iNDkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D3451FB7-4F84-41D3-AFA9-7C424537D196}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMzY2NEQ3QS00MzU0LTQ2RTQtQTEwOC1GMDQwQjU5NkJDODl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1MjUwMzUxNjIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83437D7D-E952-410D-8FE6-5161E904BA36}\EDGEMITMP_E462A.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6930788c0,0x7ff6930788cc,0x7ff6930788d8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SaveJoin.vbs"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDM0NTFGQjctNEY4NC00MUQzLUFGQTktN0M0MjQ1MzdEMTk2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRjZCRTZFNi1GNjA0LTRGMDYtQTNGOS1CQUEyNDUwRjdEQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTM3MDE1MzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzUzNzA0NTE3NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NTgwOTA5MjYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1MTk0OTAyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVg0Y05acTdaJTJiNDNSdGJkTSUyYjNldFNRZ0U0dTZDNUF4UUdvRXFaV2kzOFVsNnlGakRwQWJXaUNhYzBSNkZPSjViaTlob3gybngzaktFQ1hkVXBFNldSdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgZG93bmxvYWRfdGltZV9tcz0iMTU2MTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzU4MTgxMTMyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc3MjUxMTQyMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIwNjQ2MjMyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcwMCIgZG93bmxvYWRfdGltZV9tcz0iMjIxMTEiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDMzOTMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 12 -isForBrowser -prefsHandle 7820 -prefMapHandle 7856 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a79d39e-28e9-449f-9087-5f6d53fb0280} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8984 -childID 13 -isForBrowser -prefsHandle 8992 -prefMapHandle 8996 -prefsLen 28134 -prefMapSize 244658 -jsInitHandle 1344 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3fa244-bef9-4d8c-9569-5c4503a9290f} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" tab

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Xse3Bq-lgvNHluHjvRcqq3xUsTqFJgtZLoMl0xhW9784Rw9dYgyL1P1mYVM4dzwULGoYtCGkfzQl5scgVP53K0vcfXua8ljwtZyNc_sPNoAehIrW50UAM1bVVpNBhuRq26RITiKix14UMYBs_LsVy1shZekBiBrLV-eC8uNYKix1pb1SiFTXOS3egdZEBH8I96pZwtOlGe_az4OP1XK8trthZK2-P2hcDapGzzC5fNg+launchtime:1714590195925+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714590002338001%26placeId%3D2569453732%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8fed928b-0487-499e-a47c-96b7c95fa094%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714590002338001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:e7GNfNp3_rZi-ScoIhOegU7s4Jj5I3dAZcaOLuuh7ShhvyPyAHz5N5QXABc2n1G46-4XLEunDasXh3BuRsW1Ql1T8ufRAzfEzEysqOStbd1ydjk1gScs39FmygU_VUVk48XHiN-ui7SfPmuluKosi4djbwQGtL7Il32isXKBib1CQaAE9xTBYqmD60Vof2alCFE1ISvXnDU8YKy-97nagRXCl7DRSeN5MvYOvXVZJ00+launchtime:1714590281724+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGameJob%26browserTrackerId%3D1714590002338001%26placeId%3D2569453732%26gameId%3Db58f4ad2-81e9-48e4-a6ca-116547da730c%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db3242635-0603-47ba-b8ea-96c291b186fe%26joinAttemptOrigin%3DServerListJoin+browsertrackerid:1714590002338001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AD7CA840-72AF-442F-B124-340CE5419609}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{43061875-92B0-47C5-991A-1BF4BF3B8D74}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDMwNjE4NzUtOTJCMC00N0M1LTk5MUEtMUJGNEJGM0I4RDc0fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5QTQwQ0QxMi01M0U0LTRDODMtOTNBNC0wRTI4RjhEQzFGMDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODA1MDc4NDgxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODA1MTI4ODc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTI3Nzc1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MTk1MjI5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVY2R2ZkeXUxbTZmQWVPTFNXQ1FoZ3pSWXpXdTFEQkNFdUlNSDlnNDIyckNqbmwyaWNobTJrJTJmTDRaeGlrcHcyYTBwczZWTE5KNWZlamNVck1aSDBneXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTMyODIxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNzJlZDgwODctZWU5OC00MjljLTkzMzAtY2EzYzE5M2Q0MWFmP1AxPTE3MTUxOTUyMjkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VjZHZmR5dTFtNmZBZU9MU1dDUWhnelJZeld1MURCQ0V1SU1IOWc0MjJyQ2pubDJpY2htMmslMmZMNFp4aWtwdzJhMHBzNlZMTko1ZmVqY1VyTVpIMGd5dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzA3OTIiIHRvdGFsPSIxNjMwNzkyIiBkb3dubG9hZF90aW1lX21zPSI5MjI2MCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc2OTMyODIxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc3NDU3ODg4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc5OTYyMTU3MjY0NDYwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7N0ZDMkUzQTAtQTE2Ri00NzExLUJDNDQtMjM1M0FFQ0Y0NTk0fSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU65D9.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{43061875-92B0-47C5-991A-1BF4BF3B8D74}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDMwNjE4NzUtOTJCMC00N0M1LTk5MUEtMUJGNEJGM0I4RDc0fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NjcxRkQzQTgtOTVCRi00OTU0LTk2OTItRDQ2QzNGOUFGNUMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQ1OTAxMDAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzg2Mzc5OTgzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBEM0JBQzktNzQ0RS00QURCLTg2RDItODI5NDk1MzJGRTQxfSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QjVDOUY0M0UtQjMwRS00NjI4LUIyMjEtMjg5QkNDNzJDQTI1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTM1MTk4ODMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODAxNzc1Mjg5MzIwNTYiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDc4NDcyNzk1MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31F00201-13BF-4D3B-9129-D3712BE69180}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBEM0JBQzktNzQ0RS00QURCLTg2RDItODI5NDk1MzJGRTQxfSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4MjZGNEJBOC05QzdBLTQzQjYtQTMxNi01NjIzNDg1OTM4NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0Nzk4ODUwMTg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ3OTg4ODE0MTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg1MjExNzgyNDgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5NTYyOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XMnBGYnJLVFJlYkhzaFNDaDdsYVBxSEpZTFZ3dmNwMkN0JTJmcWFvVDJUOHdib2xIRkclMmZoTHVzQ2syUG1ZWFJTVWFKaUpaN0RScUxRS2VFeXJQS0ZpSGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4NTIxMjI4NjE0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTE5NTYyOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1XMnBGYnJLVFJlYkhzaFNDaDdsYVBxSEpZTFZ3dmNwMkN0JTJmcWFvVDJUOHdib2xIRkclMmZoTHVzQ2syUG1ZWFJTVWFKaUpaN0RScUxRS2VFeXJQS0ZpSGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSIzNjc4NDMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxODUyMTI2ODk5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4NTI3MjQ0NjgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg1Mjg4ODY4NjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MDciIGRvd25sb2FkX3RpbWVfbXM9IjM3MjIzNCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTYwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x250,0x254,0x258,0x24c,0x25c,0x7ff6de4c88c0,0x7ff6de4c88cc,0x7ff6de4c88d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x250,0x254,0x258,0x24c,0x228,0x7ff6de4c88c0,0x7ff6de4c88cc,0x7ff6de4c88d8

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6bfc488c0,0x7ff6bfc488cc,0x7ff6bfc488d8

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzc1RjQ4OTAtMTYwQi00MEU1LUFCOEUtNjA5NkUzMDM1REM2fSIgdXNlcmlkPSJ7M0RENEJGMTYtREQ4Ny00Nzc2LTkzQjgtRjlFQzkwMUNCNzU0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswMUE0MzIzMy1EMjc4LTRCRjctOTU5Qi03MzJBOEQwNTQzQkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg1LjI5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjUxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0ie0YwODRCREQ3LTI2OTgtNDRFMi04MjdCLUQ0OEE2ODJGNEZFMX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1Nzk5NjIxNTcyNjQ0NjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODQyMTc2MjcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODQyMjI2NjE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODY4MzE5MjExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4ODgxNjc4NzkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTI0NDM3OTM0NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxMCIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNjI2NiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzMzAiIHBpbmdfZnJlc2huZXNzPSJ7NjZERTI0NzItMzgxNS00NUYyLTg1OTEtNUU4NzY1MUYwRkJFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC41MiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzMwIiBwaW5nX2ZyZXNobmVzcz0iezYxNjA3QTY1LTI3MTctNEU1QS1BN0UwLUQyQUI0QTNGNDk5Nn0iLz48L2FwcD48L3JlcXVlc3Q-

Network

Country Destination Domain Proto
N/A 127.0.0.1:49740 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 tenor.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.13.18:443 tenor.com tcp
US 34.120.13.18:443 tenor.com tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 35.164.250.149:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.13.18:443 tenor.com udp
GB 172.217.169.74:443 media.tenor.com tcp
GB 142.250.200.10:443 tenor.googleapis.com tcp
GB 142.250.200.10:443 tenor.googleapis.com udp
GB 216.58.201.97:443 c.tenor.com tcp
GB 216.58.201.97:443 c.tenor.com udp
GB 172.217.169.74:443 media.tenor.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
N/A 127.0.0.1:49748 tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 52.24.210.222:443 location.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
GB 173.194.3.70:443 r1.sn-aigl6n6s.gvt1.com tcp
GB 173.194.3.70:443 r1.sn-aigl6n6s.gvt1.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com udp
US 18.239.208.36:443 d3vmvmej3wjbxn.cloudfront.net tcp
US 18.239.208.36:443 d3vmvmej3wjbxn.cloudfront.net tcp
GB 142.250.200.42:443 tenor.googleapis.com tcp
GB 142.250.200.42:443 tenor.googleapis.com tcp
US 104.18.5.175:443 global.localizecdn.com tcp
US 18.239.190.154:443 d3e54v103j8qbb.cloudfront.net tcp
GB 142.250.200.42:443 tenor.googleapis.com udp
US 104.18.5.175:443 global.localizecdn.com udp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 18.239.208.36:443 d3vmvmej3wjbxn.cloudfront.net tcp
GB 142.250.200.42:443 tenor.googleapis.com tcp
US 18.239.190.154:443 d3e54v103j8qbb.cloudfront.net tcp
US 18.239.208.121:443 d1r5qv5z4elg7c.cloudfront.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
US 162.159.130.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.130.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.136.232:443 discord.com udp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.134.234:443 remote-auth-gateway.discord.gg tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.136.232:443 discord.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.3:443 id.google.com tcp
GB 142.250.178.3:443 id.google.com udp
GB 128.116.119.4:443 metrics.roblox.com tcp
GB 128.116.119.4:443 metrics.roblox.com udp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 metrics.roblox.com tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 18.239.208.32:443 d143j4fdqe1jki.cloudfront.net tcp
US 8.8.8.8:53 27.208.239.18.in-addr.arpa udp
GB 128.116.119.4:443 contacts.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
GB 128.116.119.4:443 contacts.roblox.com tcp
GB 128.116.119.4:443 contacts.roblox.com tcp
GB 128.116.119.4:443 contacts.roblox.com tcp
US 2.18.190.82:443 a1818.b.akamai.net tcp
GB 128.116.119.4:443 contacts.roblox.com udp
GB 128.116.119.4:443 contacts.roblox.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
US 18.239.208.20:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 contacts.roblox.com udp
GB 128.116.119.4:443 contacts.roblox.com tcp
GB 128.116.119.4:443 contacts.roblox.com udp
GB 128.116.119.4:443 contacts.roblox.com udp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
GB 128.116.119.3:443 us-central-origin-px.roblox.com tcp
GB 128.116.119.3:443 us-central-origin-px.roblox.com udp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com udp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
US 18.239.208.27:443 css.rbxcdn.com tcp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 18.239.208.104:443 dw04ej0wrfjel.cloudfront.net tcp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
NL 2.18.121.18:443 a1831.dscd.akamai.net tcp
NL 2.18.121.18:443 a1831.dscd.akamai.net tcp
GB 128.116.119.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.3:443 realtime-signalr.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1a-lms.rbx.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 aws-us-east-1a-lms.rbx.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
GB 128.116.119.3:443 gold.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
GB 128.116.119.4:443 games.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
DE 18.158.172.208:443 nfd-prod-c-1057709867.eu-central-1.elb.amazonaws.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 44.212.235.97:443 aws-us-east-1a-lms.rbx.com tcp
DE 18.197.13.215:443 nfd-prod-a-1803867744.eu-central-1.elb.amazonaws.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
NL 2.18.121.18:443 tr.rbxcdn.com tcp
US 18.239.208.25:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 c0cfly.rbxcdn.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
GB 35.177.180.245:443 nfd-prod-a-931214499.eu-west-2.elb.amazonaws.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 18.239.208.99:443 d13im6y9zsyqh9.cloudfront.net tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
US 205.234.175.102:443 roblox-c0.cachefly.net tcp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 d13im6y9zsyqh9.cloudfront.net udp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
US 18.239.208.114:443 d19ha9ylcjiuiu.cloudfront.net tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 18.239.208.114:443 d19ha9ylcjiuiu.cloudfront.net tcp
US 18.239.208.114:443 d19ha9ylcjiuiu.cloudfront.net tcp
US 18.239.208.114:443 d19ha9ylcjiuiu.cloudfront.net tcp
N/A 127.0.0.1:52555 tcp
N/A 127.0.0.1:52559 tcp
N/A 127.0.0.1:52562 tcp
GB 128.116.119.4:443 followings.roblox.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
NL 2.18.121.24:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
NL 2.18.121.24:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.129:443 www.bing.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:53123 tcp
NL 128.116.21.4:443 roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
US 18.239.208.47:443 d19ha9ylcjiuiu.cloudfront.net tcp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
NL 2.18.121.18:443 a1831.dscd.akamai.net tcp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
US 151.101.0.176:443 m.stripe.network tcp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1a-lms.rbx.com udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
NL 23.63.101.171:443 a1913.dscw27.akamai.net tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
PL 128.116.124.3:443 pulsar.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 35.177.164.191:443 nfd-prod-c-722425490.eu-west-2.elb.amazonaws.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 44.237.131.121:443 m.stripe.com tcp
GB 128.116.119.4:443 followings.roblox.com udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 191.164.177.35.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 121.131.237.44.in-addr.arpa udp
GB 128.116.119.4:443 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com udp
US 162.159.136.232:443 discord.com udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 128.116.119.4:443 www.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
GB 128.116.119.3:443 client-telemetry.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
GB 128.116.119.4:443 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com udp
US 18.239.208.24:443 images.rbxcdn.com tcp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 24.208.239.18.in-addr.arpa udp
NL 2.18.121.18:443 a1831.dscd.akamai.net tcp
US 44.239.252.40:443 m.stripe.com tcp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
NL 2.18.121.16:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 16.121.18.2.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 13.67.191.143:443 msedge.api.cdp.microsoft.com tcp
NL 2.18.121.24:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\6e52d5e4-4295-4e52-90c9-ef4ed9c97884

MD5 90b2b9f2000ca8306c309652e3cca304
SHA1 71ec131f62cb0d04c7ca3136f00a6424cda41945
SHA256 4346bca0fe6f1563c24c57cc09d17a3246f0dbc6e73d5beaee4ad7603ee6bf7d
SHA512 c202a8f96a0b4412a0d334381f617348c5ec3c47e258d61c59b04e5c7ba88878a2c001731c68935c9e4978bc2840fd18eee42f9b5e08f4090bfca918866c48b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 a177da2f29edffa6bd4b7edeae92531d
SHA1 445866df3dac8bb79de1f428b60ac1be99bd958b
SHA256 31b3da120f7db58f01d6d2ad2b6bbae5c4b782db10cc8d8fd283e7bac64cf0fa
SHA512 60919e5e6b4674ca41f3d9236c30df05995cb031dc8f9cf972ec55d08e177004df24e670b05dca5a239ee188f36fee51482251924378e60457c22da57fcb51ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\95a56656-76a4-40b5-ac0e-3f5e3a3f5dda

MD5 0d6c5fde5ada1c20e3bc8a91e5fc15f6
SHA1 4de66ad94fca8fe732442db44f083fdc60c18ad7
SHA256 9e3ebe2c4d4b4e46f577f3eac187483dd08e1476ed2fee301c6a9537940cfe23
SHA512 6b6ae79a95d3fd7cc92759ed461d2b97ba8c1f07edbcb5080da569893e79a998b5c0bd580629815a9a7ef36bea0210e6b588221ee84b6651cf70284bf4110aa4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\fef62c94-405e-48e6-ab2e-e067c7908186

MD5 09c0f67862238fd1e33911639e7df45a
SHA1 a2417876850f4a7610a966d591ad0df88dfc755f
SHA256 73f7fbae3fd3a07d8f41fb4a19b7145c00a93ad41534865cd583e457c009534d
SHA512 5ebbce0185720a6fcbb4312805612f2c2cbf199e2fe6267e6c8462086336120068296e257b806e7f251b719b518ba75a6a290f4f3b00f7693f09dd3eac0a3fc3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 d6e28319988fa6ed853c778fb931fe8f
SHA1 335e30511333e842efce5693065cb6a44bb7e93a
SHA256 8cc5fa0062426f5ec882ce9c20c417b9711bb69ef47b487c6301c9157900b1db
SHA512 6ccb8c230917814124d125c9afd4c08123bb417a64dd73b4a82e81bd488241f091b0ffedcd5e9a957d91cef6440ec8d2b71a18c59d3d6d54305c4b6b965b8708

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 0457ce0e0e73fd93f91e35ce8f11a771
SHA1 428ca944de487a4953bc499d7c0c5f1d4e4b2ba6
SHA256 6f1ce3d6aefe9f9a99e653142a639215620d9b9152114a42ff07548da38dfa2a
SHA512 8570d3fa8cd8c7aca015020d4aee6b6fa44056e82ca2f05e76fde25c93fd996c22b973ffd37b94fdb23cb7bae0c8c9178194cbc1dc7fa6b61e2e954bef993e41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

MD5 b83df547d37bcabc298b7a7b1003e6fa
SHA1 ae909905b4c879ad9ec92398e209e031e8009ced
SHA256 69d963e436b3f569a45a7c5f99a7e01d82950d19df8ddc318fa65a136203b643
SHA512 5cf9aca8b5d8ebebf29f9297623d6d660beabe1eb2e7d99e8b4c8e9f0e5777d1e97cd1d2ede557cc123f6b7319772c42549a1acea909780dbd5fc6dab5713646

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

MD5 1513fe027f0e1122844176ec47a2f1f0
SHA1 f6b30e08c5877f63c5f01026f72bb3948ff8ed19
SHA256 5b19e2849d2decbb94ed0be4bf3950d6f33c5fa0a7045506a5e2cb57a3599e9c
SHA512 5a2a4f278fa21bda9e41d489c3149cc2e28184a1e225c4a9c5b84a28f0210c3f426b615d4ee67135177eb76977f768ea9ab84f2b8fc305642df8af14acc67d7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

MD5 e3880325208bbe7931b028a0c6053d10
SHA1 08d13bebf760b464e5c9f112976d11bfa8d1cf8a
SHA256 9132f9e8b5728d8a11fb5484e39196484577d2d1c424f4c339dbcdf884dad9c3
SHA512 1f56b79c22421a80b61359d7c4d0baeb1f8c563e4b3c664073b96555b97bb24df3462f849ae4d0a02874988ed2feea658e978fb3a520c1fb0c965b33002d8789

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 cc10b4eeb3513d97503b9f2aec7e8637
SHA1 b4998dc85c08ef4807f3b0e30f9a8a831225c37c
SHA256 20d11fd5c2104f84e6012ef803cb1f58127bc4ebcb90951d093ca01f4d5f23a1
SHA512 c164e95082be2610461b8364ae26f76a881ebac6c00a435105982bf2febb84764de786baa68afefebce4d60c10f346349559c2af797a4882f59f6fb196fa2e5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 51d904a67cbdfc7906d3c84178294343
SHA1 c485fb604260805907f953d8b22ba2ec61cf3096
SHA256 b98f3ca06b9ca68ab886a803aa0eb2d4d1be89a67dee4c2a703741b1ff57987f
SHA512 4a01cb7da1f74008b54c95e984f368c414cf00cb2c3f880c180df6dac4ff6cd33ae655fdd33233138ccb9b048c30aafdc2fac56b58f87d0ce3ff7ead79b82388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 c6b759f18a1cbf30be75cebe31103bf4
SHA1 ed99b238182b8be3bd3413d6f8febda86d8ca539
SHA256 21d1898f869634c9291a2422b64476bce4c266d81403611ee423a4468e4f5159
SHA512 7c4ff7edf32d59b34b2463052a0ebd9cbf60fcd4bf0038bb2e98d3936f80694a08a20d54462d6f6aaa72a86a3656a47f1a4a7cf3aa698a53cfb3a9bfb96d8607

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 16705b05a045f1332076b9c539f2ad60
SHA1 77f74e384778037558a6540d94ac9e73f621dbd0
SHA256 77d63d8bf0007f36e49424a18066bc76f0edb1b251ce831f9aa8cb2ef127c36e
SHA512 d0000795a4044ef2ee35988a5564640751d3460ec1709f9348ea6a22d4e42640ee70b31465b5fd542c7730a7a8636e6a207717fc3493b3b940e0dc2bf06332ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0F6E48FC2FE3BA07CF39A943382347AA9FC8C2FC

MD5 0ac398fc7d07bdfb103b668fe2e8badd
SHA1 bddca48b6973a30b4f0c7519483babea0db07325
SHA256 64428ae60a2a0b5862ffd4ee8d7d7b3ba93cd3ede770bccfecc83a93ef19e944
SHA512 ce6591d6ed9cb8654bfbf393dead29aa6a0a23aa9d2f02b626ca130efcfb43a2f10ddc3ad0ac5c1d25c27a61aa1ca2970ff0b02476f0495ce650766f58570783

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 3c8bc46a1a288b8b882fc10e9d8fae73
SHA1 6b9f0f7cce771130ef7991e7ff0ee4737585854e
SHA256 c6b3fbb1a3110f9e0a5e36c4748d0bdc4c3fe78968b2b658f525e931120d8bf0
SHA512 fba6bc04267e25794fdbdcbc2beb5e76ac3eb920e2a7317fa0a0b695b677f9f509282ee18eb5b439aa4561c074a5734dc611a2e50f9055738ffeecae5ee14b06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 774b6488b59a08d10b904ce6e9daeeee
SHA1 e98349929499e9b148e88b7bbe9f9bd97c2b02c9
SHA256 293307aa5016c7a31610f21ed4dbc9a13d0c12df8d021524cf0afcc6dbe14ab1
SHA512 9567ee99de8fdaa13253ec55e840fc666384921e7feba1595a832ebc67074e8010ab46ae40dec8c397b4c9b36c09f104672887a0744df2510472581651409033

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 a69c8e89667e26f7a57cd54d41474e93
SHA1 cf05c23341387baf5405819b688dc96094cacea1
SHA256 7a7c6170ab8eb712427b43d782476ab34f2afd1652c2472e276f16b554b119ff
SHA512 6057cda268a8c684c9f25fe4b804a6212c5675eb1868cd5d9e0ab785711401e78f5e050b447cb4cfa7fa804cb41810c5ccbb2e0adf66ec0d3b4342ca2997c86e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 7fb0470eda29fbabc8d55287cfc69876
SHA1 65ef7e742ac58bb9e1235049313a877e3197ff36
SHA256 b03d05fe62632dcca76fb7b16d8084b3e746dde10f074d27bb993f8118022ab2
SHA512 bbd2efb55fb96ebf3c10ab5b14f30b515a95ee2d1ea588b7ec082f05c3e8e7c6d354da7e19c0a141043e42b5914544a69ae41d252c917389583759f3e360c821

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\da8498f8-a822-4e5b-90d5-400f22ba8ca9

MD5 fca1ab2b0e0897676f4926d4b733f2df
SHA1 1a7763977ddcdac9c3ea405087152a4a2b785782
SHA256 970a354002ee5219acdfc19693bad4f4f903fc60c806237c282d7cb34d8f029d
SHA512 c0fd6afe8594d0b31e3d23e7a777198db6cfee0cf9de02e1496ff120725deeffae11ffaa8e0471e55b127945c0ad0fd955453ed956a841fd4568d5185fdb5e83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\17a5ba14-99b5-4ff3-8f64-88e7e2ab4028

MD5 2346edeb9fc103179eb68966a7f4cb16
SHA1 fe1951e57b3d8ab367824cdcf79ee8358412bb18
SHA256 36a3d372b29bb963879b4135baf1203c41db8c5324be83a354722d41d3ae3025
SHA512 c4b4c5b78f64cc3718cc4de1dfe7f4eadf9d1d4537a44b5b01989481b888ad0b5b92ff5b3608de0ff2834c69a686009b245f3cfa48c1839f610f0a3599b77aac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 aa8c1a2f20abee51a38fc5c9c6195ed6
SHA1 406e2503b08034389c085d0d230925e0c26cdf20
SHA256 3a593aba6042133f3b88821f0f39d3b8a3ae39d5631618971ca94e5d2d52576a
SHA512 d8c2bcfd98831f2c0526f7214aecef6d8a8ba10a371fabbfb2f55f5fd867ccabb83a390500a07b0a7db165c6139b75daf10f9530ed5f497f59780946639a1850

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 9bcd21e41c3545e7e600e170ca8ef5bc
SHA1 c57ef68af3fbab4eadfa6e717662a0396b49a845
SHA256 bf8f39878b38df607069e715af37594c5d3f56c3936fa54a3aeb664dcf60b2c0
SHA512 958829a346e0cdc548a1ccbb70450835a0af28cc98a2946843a34103ae34ed16c2329ddd202614a559f74e08ce1f6da88e4fc4d8c5467d362d4c95ca83374555

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 f01a0d6d981a86f0566449f8f58cb740
SHA1 6bd97d4cbcca8783609d29bc9f9cac4a2c6f798a
SHA256 66e1e41b8cd3e115507006de07fb8f964d74be20e717ce69cbdc7738196a93cf
SHA512 4b0d91cd06e455506f6a747e88725d0b48604312a25b6a5ba936392b0113dc372e9a7ae026390dd9cbbe09bac47139e11e8336f89cc4cbfed0a541e72cd76816

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 237853fa19007d2cd93331e612601f77
SHA1 2be167852b23faac808db82ff9ae2737e8eefd5c
SHA256 41eeaa068fcadf058984a401a17c2e372a296020fd799cc88c034da00aaf5db5
SHA512 7632326e29a3add8138eb8f33c7fb6403b55097606946a8da6feab45b00101e926e866e6dd69bfe6c79014f0d15570df763f125cfc8b2848c6611c60937eb04c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1ff92271cd90165454cf5003113850a3
SHA1 8b5f71573a333352a14fc10e97b06ac2829b76a0
SHA256 a6cdad3eb6cd0e20f5241385a792e2ae8ab4bba267e7b5599f1ee08f9fe84240
SHA512 e728355efe17279af63acbf0457d2d709dd56b6d5812613a72256e5cbb579756da48ddd1acf06b29995c0d0a5dde04d28bdadc9e52c5406eabaebfdf1046f86d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 5051dc7bbca6bff115a378501dfdf079
SHA1 173dff1f19aad412aced8a77ad661ce4166825ac
SHA256 ed0d5019a0dfce1bc9f2363fcbce953e35e736699fb3f6bef9de4f8b1e8bdef0
SHA512 cc15f9a200589fca9cfaf67ff73a742d8499483c7e4529e25bf1b624ff45290916b9486650551a0d97ceb4b6bb34e198247fc7f05eb534bbc097e150494f235e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

MD5 033952bd237311de79282f9045a810db
SHA1 48c57a4edb19d6d4e394aec6a22455a3d599e0ca
SHA256 adb92d33e1b65b5bac5bd2a80a6c944501f6c17f4033c8afc6676c4856717bd2
SHA512 59c2b29d0102172be9fffd51d60621c5b2206868e6b8e2a9b8a777c5e24cbf435f4479e256f619885af01123d5a515e6b989327d149b8356e777e32fa1530f7c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 157ec335e9bf2851bfb98a46e1c20b94
SHA1 d48048ce11fefa0e159d44bf5b063424a690e947
SHA256 60a9cdd943551a9725ba5c36f644751662d742c104fd59b5c066d2e9862bfa6a
SHA512 d75a9a00bb11a583c1a048aeac6af14b9a665ebc9c40cf15de8ee948dcdbaff61105261ead07877c30c1a2abc0a902821a555784250957d2d341521a6920843d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\SiteSecurityServiceState.bin

MD5 06f1fda48aff3cf73d1379c5c3f610ac
SHA1 7c265f57533aa8b75cca52c1fa9c5b3910bc3f1d
SHA256 c3e65c4229b6664c1396b95d055d097fcc86d65e1ea494d82d611e1f9b28959b
SHA512 2c3ecb1bec8b43fd4fe8e9161da69f80d482d196c705b30841e9baa52c3d4e1800555516c4e5d350687b14690458741cefc6c1af7160274c286cfc9b8d979609

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 027ccd6003b445cf4c8966897d2b3e77
SHA1 6105ebdeb2e48fb66442fbca8ddc259ec5107f63
SHA256 89cd9f45803b8feb9694cf41eec90ee58439a321447969a94ce8146620cfc17d
SHA512 f882be9afac9cd26133d0de9a0b745f2d0ceee9ef8c93f52bd81ca5b61c349867bf5b29e6d8d651dbeb7a2922916a9a1a5f3f288170b44aec641283c17a5a6ce

C:\Users\Admin\Downloads\RobloxPlayerInstaller.r_A26kJf.exe.part

MD5 a2f58a117c60b1622eede88d2163ef19
SHA1 91ed6cf5b0efb2c0bd3e06ab5775775ccd1bd631
SHA256 e74d896bc3469b5a28eb5a04ea364a9ab32737d573868fb08a327820ea624c04
SHA512 19964984f66876032ef15283c25e31737e1f56c27a3f9d7fe204dccdc0a45c64e3380a5924f4b82301e55a5371bd7c9c61776e8ae6cb15a0e0502d189384c14f

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

MD5 4579fc1cdf1789f565fa2cfd1f6d5143
SHA1 db4064622f6fd94b2af5e316e2c5a7d58796be25
SHA256 c9560cbd412b8271145bad647dfbc0df343b86e5d8c362a64037c9e2fe482beb
SHA512 d4d8996413e1e706c1b65e79060a436d272db033f6939c69d1f887e464a43039a0afd02bc7626f607ddd3a5dc837ab4449c2ad330d2903ee46a9f79439523347

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 e284a7bdf53b953d5514c6abe985ed60
SHA1 91655419b0e29b53bebbd102127056f396af6bb0
SHA256 de29073ba5d2f701473a80f14c9dc35b2a11194918b8f682357b09d57c2aeb2e
SHA512 2066d8dd92d2c64df6eae441fc25914a6214ff52ad264a38c156f59fd1587d6a7627f19a1b537fd82d95b7c66acaf73169b855df55fce0163bd3b05333377195

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\523f61d67bf4c528e001c52e84c35ef0

MD5 523f61d67bf4c528e001c52e84c35ef0
SHA1 f26774809dc1ea0bc7376606964ebcc06bfdc398
SHA256 834bd41f708d1393a528da769b015538b45b279b4af4969e1df54c0c426add3a
SHA512 d99d834d3632804160428367360f8a4c0ab6e1c9146ab12b07d6f44c30def1482809d5cac41ae84a64e5d8b99a4fcf2090c74e39b2692094168737501301b15f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\ls\usage

MD5 6cde3c9759954276cd6e8444c8f3c810
SHA1 466d65177981800c61bbfb7d0b1e7dae4e0cb6e4
SHA256 e4b32904432d6c3aa90e6c2b1c64221bc4cf06ccb1fc7753a34bcaa79f26f0ac
SHA512 6deacb2ff71f7ed516b57f81f51bdeb24c2e43dc1e5b8df170227a5d4a028c9ab0f4e8dc2f90d8241bd73ecd120d5ad0f0ae0c1d820d8e03b8d20cc08a2483f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 71f189065246119d65b92e1775fa372d
SHA1 4e1edbb0aa848b6f8cb91fbe63776555aa9141ef
SHA256 4628010d066b27098e3836df57809036c5af280676259ca717e35dc6012f57b7
SHA512 ae0c31b9fa4fa5bbd78f64459d267cc99d46253182cc9fda69a07b22310840f3ce04d4d19ebba0d945332f12734752a8aac5ba20ec201a56bb6b030e4c5460a9

C:\Program Files (x86)\Roblox\Versions\version-7d64f40489634ca5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gu.dll

MD5 f9646357cf6ce93d7ba9cfb3fa362928
SHA1 a072cc350ea8ea6d8a01af335691057132b04025
SHA256 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150
SHA512 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hu.dll

MD5 f4976c580ba37fc9079693ebf5234fea
SHA1 7326d2aa8f6109084728323d44a7fb975fc1ed3f
SHA256 b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791
SHA512 e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kn.dll

MD5 60dfe673999d07f1a52716c57ba425a8
SHA1 019ce650320f90914e83010f77347351ec9958ab
SHA256 ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af
SHA512 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ml.dll

MD5 7e90d4306c5768dfd1160ad9e2168a19
SHA1 4f7b17843ad226d51cfb0090235b55a29b5a674a
SHA256 8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c
SHA512 f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_mk.dll

MD5 064035858a1df697913f06c972461901
SHA1 b6be99ae8e55207949076955389bc8fec81937fd
SHA256 4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6
SHA512 9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_mi.dll

MD5 1866ddadd9397dbf01c82c73496b6bff
SHA1 b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b
SHA256 9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17
SHA512 76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lv.dll

MD5 30849a9c16061b9a46a66e8e7d42ff81
SHA1 2d0e86535d964acce8912c6bef3cc12346b22a6c
SHA256 b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9
SHA512 298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lt.dll

MD5 7071c732cf3e4b3144cf07c49d8eb44f
SHA1 3800bf304b44d9d27ac26bed6ccc899669dc3b4f
SHA256 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6
SHA512 be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lo.dll

MD5 864edbc77831a64a3e3ab972291233bb
SHA1 fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe
SHA256 aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51
SHA512 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_lb.dll

MD5 269e84b82973e7b9ee03a5b2ef475e4d
SHA1 4021af3bfde8c52040ad4f9390eb29ae2a69104b
SHA256 c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07
SHA512 db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kok.dll

MD5 ca3465347e57624ee2a5dd2299d4f4cd
SHA1 551a151a8d49489c90400e18c34633aa2c2b8a4b
SHA256 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0
SHA512 a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ko.dll

MD5 cf91a1f111762d2bc01f8a002bd9544d
SHA1 db2603af55b08538a41c51fc0676bc0ed041d284
SHA256 baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75
SHA512 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_km.dll

MD5 2ea1200fdfb4fcc368cea7d0cdc32bc2
SHA1 4acb60908e6e974c9fa0f19be94cb295494ee989
SHA256 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3
SHA512 e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_kk.dll

MD5 bcb1c5f3ef6c633e35603eade528c0f2
SHA1 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e
SHA256 fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1
SHA512 ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ka.dll

MD5 3bc0d9dd2119a72a1dc705d794dc6507
SHA1 5c3947e9783b90805d4d3a305dd2d0f2b2e03461
SHA256 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb
SHA512 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ja.dll

MD5 b507a146eb5de3b02271106218223b93
SHA1 0f1faddb06d775bcabbe8c7d83840505e094b8d6
SHA256 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed
SHA512 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_iw.dll

MD5 45e971cdc476b8ea951613dbd96e8943
SHA1 8d87b4edfce31dfa4eebdcc319268e81c1e01356
SHA256 fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d
SHA512 f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_it.dll

MD5 497ca0a8950ae5c8c31c46eb91819f58
SHA1 01e7e61c04de64d2df73322c22208a87d6331fc8
SHA256 abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7
SHA512 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_is.dll

MD5 5664c7a059ceb096d4cdaae6e2b96b8f
SHA1 bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec
SHA256 a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e
SHA512 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_id.dll

MD5 03d4c35b188204f62fc1c46320e80802
SHA1 07efb737c8b072f71b3892b807df8c895b20868c
SHA256 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95
SHA512 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hr.dll

MD5 0b475965c311203bf3a592be2f5d5e00
SHA1 b5ff1957c0903a93737666dee0920b1043ddaf70
SHA256 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0
SHA512 bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_hi.dll

MD5 34cbaeb5ec7984362a3dabe5c14a08ec
SHA1 d88ec7ac1997b7355e81226444ec4740b69670d7
SHA256 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9
SHA512 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EUE442.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 ddf9db24c285abc683bf2fa36040a5e5
SHA1 138a14db73fc709027bea74eb890e38cd83d19fa
SHA256 0f2f31a0b4a8d1a915f983ecc2c69b59594ed2221867394c50902443351b80ba
SHA512 963cc708dc5cffb0831660fad1457da2f3d129b7ffb3a345982e95d9d9ad1666147278d5c181e14f377696ac14303a09a9ad3e17dabb7019debe137f4846b7cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

MD5 9a1fba83979dbb7cb8c20e14d36b7439
SHA1 95bd0afd6a464cf0e77d87f3ad13d26dc5589edd
SHA256 f0b9b90bb70d522ee577655c0344cdfc1d6db03617bc55258b35fd40300c6002
SHA512 4be5a2614f60e4cd44bf8f3a27813fd56d4006dd8b4cb962d93156cfac6619d9e7ef292fb860b7bd74b61ce7401f0e1d417435cbe1f0a4fde9a94a471ac1da55

memory/1084-2948-0x0000000073090000-0x00000000732A0000-memory.dmp

memory/1084-2947-0x0000000000300000-0x0000000000335000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 1a4d7fee125a69e90a598ec1895954e1
SHA1 0cb4106e1a5e9326b1b41d7bdb62f77aef47ac01
SHA256 bab2a47f979a1ca533e9a2c8abd6e6602015df2108ef399f173216d32e51bd1d
SHA512 c4c1ca07ed9a754eb8aea06ec0be3cc2b2d8bd40bad88284ef61f7335e21605b5425c43f1a53b3a698650840f5a28193ce3578e99db2d2a8ef2a8278ced5b001

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 280cacb586fc9830dc73a22790a17e04
SHA1 de2a5b78181dd39eb97c96db9912952c61582052
SHA256 8b7bbe047c4ef274c4e6a484b2d2c7910ab23481ac1a01d24bb102bede7fdb0a
SHA512 462dce8777be2dadad8e71a49e65ef517cd1ca1b7853345fbd15180c2593fd0decd4b387b3745c46c8592e1f4e6be235fc1f30b7615991b950cd2537dbbee978

memory/1084-3006-0x0000000073090000-0x00000000732A0000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e09979ec146d11878f1023b1e805a6ac
SHA1 79b383ff83b6b86675d9f2626e7635e4d3ffaf07
SHA256 e5b84d8ce2704cb64fe99ef30fe50e4a87f89aa7873e9ff9e9e3713bcaffefa0
SHA512 12cc7161f808aa5d1f350683125e405a7a5c8e1a60b24406037e6d1228ddb585cd3b60b5141e1b2f0829e3508c01d6f1f00ad59e776bfe7f294ba493204d3517

memory/1084-3089-0x0000000000300000-0x0000000000335000-memory.dmp

memory/4068-3096-0x00007FFF35330000-0x00007FFF35360000-memory.dmp

memory/4068-3101-0x00007FFF353C0000-0x00007FFF353C9000-memory.dmp

memory/4068-3100-0x00007FFF35330000-0x00007FFF35360000-memory.dmp

memory/4068-3099-0x00007FFF35330000-0x00007FFF35360000-memory.dmp

memory/4068-3097-0x00007FFF35330000-0x00007FFF35360000-memory.dmp

memory/4068-3110-0x00007FFF33170000-0x00007FFF33190000-memory.dmp

memory/4068-3111-0x00007FFF33260000-0x00007FFF3326C000-memory.dmp

memory/4068-3109-0x00007FFF33170000-0x00007FFF33190000-memory.dmp

memory/4068-3121-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp

memory/4068-3120-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp

memory/4068-3139-0x00007FFF35040000-0x00007FFF35049000-memory.dmp

memory/4068-3145-0x00007FFF32860000-0x00007FFF32870000-memory.dmp

memory/4068-3144-0x00007FFF32860000-0x00007FFF32870000-memory.dmp

memory/4068-3143-0x00007FFF32750000-0x00007FFF32760000-memory.dmp

memory/4068-3142-0x00007FFF32750000-0x00007FFF32760000-memory.dmp

memory/4068-3138-0x00007FFF35040000-0x00007FFF35049000-memory.dmp

memory/4068-3137-0x00007FFF35040000-0x00007FFF35049000-memory.dmp

memory/4068-3136-0x00007FFF35040000-0x00007FFF35049000-memory.dmp

memory/4068-3135-0x00007FFF35040000-0x00007FFF35049000-memory.dmp

memory/4068-3134-0x00007FFF35020000-0x00007FFF35030000-memory.dmp

memory/4068-3133-0x00007FFF35020000-0x00007FFF35030000-memory.dmp

memory/4068-3132-0x00007FFF35020000-0x00007FFF35030000-memory.dmp

memory/4068-3130-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp

memory/4068-3129-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp

memory/4068-3128-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp

memory/4068-3127-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp

memory/4068-3126-0x00007FFF34690000-0x00007FFF3469D000-memory.dmp

memory/4068-3125-0x00007FFF34650000-0x00007FFF34660000-memory.dmp

memory/4068-3124-0x00007FFF34650000-0x00007FFF34660000-memory.dmp

memory/4068-3123-0x00007FFF345E0000-0x00007FFF345F0000-memory.dmp

memory/4068-3122-0x00007FFF345E0000-0x00007FFF345F0000-memory.dmp

memory/4068-3119-0x00007FFF32E60000-0x00007FFF32E70000-memory.dmp

memory/4068-3118-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp

memory/4068-3117-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp

memory/4068-3116-0x00007FFF32E40000-0x00007FFF32E50000-memory.dmp

memory/4068-3115-0x00007FFF32C90000-0x00007FFF32CA0000-memory.dmp

memory/4068-3114-0x00007FFF32C90000-0x00007FFF32CA0000-memory.dmp

memory/4068-3113-0x00007FFF32B20000-0x00007FFF32B30000-memory.dmp

memory/4068-3112-0x00007FFF32B20000-0x00007FFF32B30000-memory.dmp

memory/4068-3108-0x00007FFF33170000-0x00007FFF33190000-memory.dmp

memory/4068-3107-0x00007FFF33170000-0x00007FFF33190000-memory.dmp

memory/4068-3106-0x00007FFF33170000-0x00007FFF33190000-memory.dmp

memory/4068-3105-0x00007FFF33150000-0x00007FFF33160000-memory.dmp

memory/4068-3104-0x00007FFF33150000-0x00007FFF33160000-memory.dmp

memory/4068-3103-0x00007FFF330C0000-0x00007FFF330D0000-memory.dmp

memory/4068-3102-0x00007FFF330C0000-0x00007FFF330D0000-memory.dmp

memory/4068-3098-0x00007FFF35330000-0x00007FFF35360000-memory.dmp

memory/4068-3095-0x00007FFF352E0000-0x00007FFF352F0000-memory.dmp

memory/4068-3094-0x00007FFF352E0000-0x00007FFF352F0000-memory.dmp

memory/4068-3093-0x00007FFF351C0000-0x00007FFF351D0000-memory.dmp

memory/4068-3092-0x00007FFF351C0000-0x00007FFF351D0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\13ECA6BE8CA6822FF3428A894A7EE25F3F985283

MD5 7b9222e3a05efb16336a36c7d53e77db
SHA1 7adff16689cc8714b133c4651315a39a068e6725
SHA256 fcdd6d8b5bd55fd5a3a03c1435aeb2d844ed7ec7e785df8e67ff2c577710c9b4
SHA512 8e2bea91c9ffa4d2fd6fd1705cc21db4abf5bb2c687e8a44252183e6e1178cf1592589ad70bc94967b2a020715ca62c6eb8d79d7c1844788c3570057ef5bdf5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\50C867D2139E0B16EC8C911A86840C354297E944

MD5 ada49d6ff3b0f40d8bbf86a16daebe8c
SHA1 724a4566e946a33d96913924aa37e574d7a2315d
SHA256 fd836ae84c12f815971836851be8f33460c7bf2371e9af0853f3d008a87f8f3c
SHA512 234703ef143f0ef1c12bda331d8bb21c934cc6116b88a75426335e6ab585e9d2ecd352718d39e7d52ad275ba8fd4a8b06be40dda2613f99d9e67e5c6fbda5d62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

MD5 f44e5ad5efef5c64a3377f710f5c18cf
SHA1 5260ff965dd1f7f94e725252534be310b905335f
SHA256 b52d4f08cc668dc43156339cf99523d7bdf642c21149495f68e12926ff265080
SHA512 17eb86dfc4fcb9ec669c93df89beb8ec430a23eb37f79208082582147d7cb09ea7ade070a70f72fae458d2858ad8932c46495b2a2b735a6bc7895decd6b7e377

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54

MD5 2785b5255fbfa2d954e8ad3e8a8837df
SHA1 7f9585403b858bad80c837be2429df9e01ce283c
SHA256 ace943883476f52e54b98394bb63cb7267fdcdf469ed03cecd9b695732dc85b4
SHA512 edbb24c96a8d9ddac60642e05fb0c88563eab14a9e18eafffb4eeefa54885c25ef9dbde95557af6c4563813b9e760ae8d15059b4de4714fb563544f5041e7c3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

MD5 a60022aff7b0968f10c2632632cb98f2
SHA1 67c71c8f6232bbea81479f00384ab3aee82bba11
SHA256 66adc5cb4016035ff5a06cc5237897afc5137f8460f56d1b5be1da98b088be40
SHA512 ab8ae2bcdd8eabac152a84770818a6d017ec3887c7886db04a0e320c0daf849ff7d9efe1fa28547684348f09faebaf2dad73fd69ae9a6afd8a79654e8ec3d23c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

MD5 78be4e1fb2550b7d608a2b0b18924b3b
SHA1 db7497807385eaf935b71f5e0bb78a53d4918e94
SHA256 9e79527635c9aa5e73ecc4d189eeb58bea0e52f077c4255195e0ffd7c03446c6
SHA512 06100b62f1f8bb169c875859589a71f0e845446654fac4c766d1a3fdccfba06747f5d1d3112881accaaa1435e2e632fc76b33bb74c56942acbb3e77b77f71462

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9

MD5 b9f6b50bc48e076d8056fdd06d86fa6c
SHA1 31b15d7f32aba9b883d56589d8860615185db291
SHA256 b0480d8aeaf9befce220d9b941fcd0e0166d40b22dec84c1e35931a21a8a776c
SHA512 183733f60e2f0b8c54f638f5e5f9ca02aec0a0affaac096128fd66e099956571e671c7e83d92c9f6d1cce654d762a931df98d049034bb6e229e93c5be635a28d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8637EC1244B61084D530B4C2FD1CA5490C6EFAEF

MD5 91dbeaf7ab9ec6786ecfda697eb20517
SHA1 8a72272aac857c945644e5aed8ab19cf6e520a75
SHA256 f64eba416d24b995a34926c004cfb57c7f4f4abd64cab6e5b3a82cb3b0e98c07
SHA512 49dcc5c7837e134328fc55c8ff4562c9470d3f40294669811699c6e073913cc30b43edafe3f446492ad415168496a18b5615935c1722cb85fd5639eb8668136b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8D2C754DEA256EF7C46F48B25026A09FBA5D33A9

MD5 baa5dfa5647b8a736bc92e3d9b8483c5
SHA1 a94691a7b6d55b8bb39374f7abdcca06bf51c414
SHA256 855be268fb2f77a75746ed9e287083e05682998832f4a824e8eb454eadf75e2c
SHA512 e4bd416436f102e7c584470695e4c96f7c7b89544849901fb2e0e36eca34b3b5a02c8be89a4812ca502e5825260c72d8e8b9b7a37c5126d3531177b262fa826d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

MD5 c037d041472184d740a90f4089ea23bc
SHA1 84f96a9a937c76ea23221c2dff42b7db9530e90a
SHA256 2f8a6aed9b71ea0dd32f644354350e5aff06971f3e182a349e0b03c01fa4730c
SHA512 72d8a79ab5df34698932d8a239b0a19a889a34e5d6597c2ac3717c00910da1c451850ba586439ecedd9c295d49d53eaa2f266c66d06bd066770b858602640b2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\84DCC1FA6B673A3677DB8D8001C56DCE773AA014

MD5 89fe49d40f31f6dd8dee35cfe78b4725
SHA1 0d3f8ac40e9f1fcfa2f9380ca4f4a54964e8012b
SHA256 a9f8e89bcacfd2cca92f53dc549899c102cf0f6b1b347325078120a87f2844a6
SHA512 a33eeddd3242eeb49ef387a5257429e7cc72705f35fcc3dd7da55d66560fe8734765b391fdc67a76957682346ec21933d5c12c7a2b472ee691637d9b1986acba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C4A98151F7F4365D06407FC1FCA4114EBCEF385E

MD5 10f709162296bdeccd057e7a403d4dc9
SHA1 2739efd90c7f61bf9e0a0722e8966ceebfd58952
SHA256 94867ddb18e55e8b7f2b232a78b8d4c2d5a8cf4c14a2943cfc4c9438fe39b436
SHA512 db4d1bee2928a20d16cab9653f56cb22f8d3d9fb017d3606abb6838a088f9e904874ccd7d4f140913fb46688392e2f91670e3fd746cb71631b5e703e82b62d82

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3E94249D3ECBE02CB9A5BFC6A16F080F38DFC2EC

MD5 64362c7d2f141a43ab9e6d44aca5d7ad
SHA1 895e35b5ae3f89c68929545dac7feff0ead628e7
SHA256 af6ccc8f0d7e79e0df39ccb42653c0d5e32720f8e5a359cce28da50b7528a08e
SHA512 2248d206547780c642885fbb6187136d3b8435f1cdface56a4576e9313215be07f6c1bf43791f9c82ee65b6641529170787c80d04ebdfb073ff8b2d0be3f0343

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C020CBC5ED54178DE75BD3A92FA0EA7E234C83A8

MD5 c9336acce8037108e0baee415314e500
SHA1 7f22f27f1a55ab4533e63fd26f1bcfc94e2c3288
SHA256 11a55d6092c796f106b5dd7e2481e131f0881136a1a16073e4f4643d15e5af28
SHA512 29e047bed290559e04daa92c485c5c1d52d374b756db71a7d36538d04866edebae9f5ba2c972e9aa3a5b2745a25f33b9a9c82b062eb6c40dd21115424ca28b93

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\739261025B6871CDC158A1001D4B7849AEB2D5FA

MD5 42b73816fb9d6e3aeb0621ed8e80b027
SHA1 17d30c51cbe5f531fc888eef36ebf789c747fd92
SHA256 e7b6c0521c2068c2a1f366f653ddb04b7b9b7e00d0103bc717db156d3a1de3f4
SHA512 678319927d554a870579a1855266ede368c13322c322ce58d44b4a3077afffcb28b0dbc0d134e34b8455bd3c012511c9b5e68ae89c038a8f7d7b223312c9c95a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E1E5F90C5D42E8AAF6267CF5C1D4F4D7211B2A50

MD5 1f9fdffa3ca6966e3fb77ecc0832d3b7
SHA1 ee8b595e138b9042317ac1dccd72e126459deccc
SHA256 832421c9c7afef2a7cf73f13baa247af9533f08d1571d9c7c63654b3f3b90e0b
SHA512 9bb45d4f54c9b6170b90df4164742318ff6c44d3855c985bed6ab5e38ffc57f93399f8182408682cc1a7167175eb86ca256b0360f987edbd801023555a22cd5d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

MD5 a7e5457bcfad84e243652d13b3a2d0a5
SHA1 e6b577915c1dabac39bde045d51eed6be26ba13d
SHA256 5875c7b1ce01000b3fd963cb1489bcd0405f73f7f76347489b8a690b88e1d9fb
SHA512 534ef10890054edfae720fbe174fe3e6d0c0cb21019aab75db3f08b1f51f407f2d230009f982a1da52064b0c8dd5bf656974562aacb34a9de1986e5f2f71aaae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B01FCB2908755BD2F571ADD006C4D3609CFB24EF

MD5 9f016b7f3d655e31f85ae9f05ecb4775
SHA1 724357f37128d4b2400ed72597eaff3d8008d30f
SHA256 8c3c6661c75769321fbff48af89ca4a84bf769e8700214e2be4dd1197e79fe55
SHA512 48e2af87d1f5048c07819a357eed46192ff75c6fe42981869e69bf3e5a9a669d5eb0e4a7ecc511614c4e46fe11b0bab3581692b31ea2b1fa5ebb10a4adbe871f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

MD5 5d4159c00224bc4cefcd6c88ef01d4a2
SHA1 c15399d81c635182b7d466af59bedcc6cb9862af
SHA256 3a1b13ab36934712dd465ea72db3df1a9f8dc59b60c004fe2254889a37906fce
SHA512 efa1109f1df199e5a878928353641210ecc437925766b680cc80677b31d83343eac1f3dc883640010e5993783e9335f5b336e1b6ae930e09e1aa1f03ddfec0bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3CC64668187C540A26A18501F41B51C0CD662225

MD5 eb6fba4c8ecb4caa639ce35c86a2a0c0
SHA1 c8cdc34b8410b529c3902c4a0af0402cc73f5ca2
SHA256 236f50d66c9e0157b23f2a1ed37153b6f910eb2453e8d4b2c6fa08687552777e
SHA512 5536497d6ba1e745c319be991a66a712fb35dea2bbd369ca8bd42b042157d463aa295d36ac2c3887c5e143caf80610b27b9f0359e49d77781b0e09ad03f54ec9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6B995C7CA46FC5BA0EFF9F15DA86A8CAE4C276DF

MD5 d3b2a75ea612dc78d1ab7e0bdcbeb8c4
SHA1 37d270d4a2d33afeceaddc491208e5e1ecc99780
SHA256 37806175f506d75b33b86ae8ae4d78268c1eb5658333462a0f28fe41aaed3752
SHA512 97c6dcc2ff53f7429ac52ba2b9fe04f65f089edf2673a22885e7dbececfa46ba1038cee42f4c5deb61591bfa0077cff0984c04bad8dd1d066e1ec6f48735de33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\11993EA3BF3D355927605B079BF182BDF694A9FC

MD5 907a56c4eadd1df2bb81e4cccab3282d
SHA1 2ff451bd3266fb0f147a1d9007cccd616c8cf1e3
SHA256 abd785ee1c0aca24b32e7a182fa506504c29b2eb390756376a9469dce29499b6
SHA512 3c28024169f9ce23a0f2e89eeae4d335abb4d981e4e2284251baffb53b639f96edc1b40225c03b71b88b14b51ff095acb9abec502c6eb7d3787a30e88d199924

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565

MD5 61525c634a0ca8dbae1ef1ea7551c67f
SHA1 c1b445749e22a560a393c9bb3d113c243f4dbd7e
SHA256 6e2e4d3013894d7625a38bfdb292b05266fe6d2f9427d5a990e07fb932e5339c
SHA512 8273acc9c0f776b55d4198d2056ff2bc0c936112df36cef5436a5c0ecbccdf21138e4dbf291cd8cc466dd503ac48f57b0a3e239f79563145c320629a94e62949

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B

MD5 360aed0547a5b48ab4a24d4132b684b7
SHA1 62ace40d1033789f24235daf671da0edcae67eb4
SHA256 d2211ddafdbf347ea1a6b3c26139046600c06775f21f618c0ad5613461acd989
SHA512 0166d04a0934bf16cda89658d7932c0583f85f606627e4eba8c5454421146ab36356acf7569ee49cc5e92738007d3ee65e322d4b8510750b7e6ca7e7abbf55c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5759696408CC362AAD43661B4E32560E15A7872C

MD5 153383f55970ab45f0824679eb20cd43
SHA1 da2e168b1afdd71b61f08a1d139021d97c102ffd
SHA256 7547a34f4260f169f026f6f2aee504fa4de1551f8aec60157c99425fa051f7e6
SHA512 82c73fcbd714eb4bcaf1ae032cabd01b1b0dbe74874285cbc23700333f8908ea599934db81e37aee6ca5b979e02436265bc4fa4664044d36a8fe774d89e4b6f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7DAE16A7D2B8F15C1F2F344E862C788B8D054798

MD5 8ebd7ae701c020a524a2b17efddbf2b2
SHA1 36d1f5ba60469b97ecc855c57e535855ba9d3e1b
SHA256 3c0f5b0719147cce049a9893025d398dba9f67a0774c3f1c377db8d92f9c53f8
SHA512 6f89759e39cc1154ce4d4791507697e6a354eb8017a3388d16395cfaf9a75011b69679446f37a481d0af9da2df73268e636b13f94af4f50275654fbef55043fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0FE05F0C7396FD9F3371FC9BE08CDD52A2783F80

MD5 71fb8dfba40f7d23e709c69f1c29fd8a
SHA1 a7eff45d83b08dbb08e81707e5dc3e5ca035c469
SHA256 f58c51615eb8684aafcce2cb41d502ad30f377478a2cc553a578cda8d3396ae7
SHA512 37f841964e8dae55c45430179a2380f453c532bbe262a9ee79e620142fa3474790b37ffc98f45ad96e42527421be49a7c1733fc578f28b0aa20dda85851b890c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AA1F346A9657DFDC0470D6629859DFEEE28AB7D4

MD5 248804b2b39aeaf6e9fc7dd7169dc450
SHA1 017c342bcb7127eef58c74cb1de70ad9ec909ea0
SHA256 5a8a4ec53e067bc8ac994ce3a81fccd10fec646c8a07d6448c8ab46a7a9c6612
SHA512 d87d33640e0f255189e727536b7ab102cf3a230d2034298c97484fff4e1fe924e285cbb41e38da393b56f64316de324e17f1499ca6c107d1c78b64c6abd80127

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E049536DEABDF445A5A39B7D6289FDA9A6F2C5AF

MD5 3abf71a2afc0ca070eec7b85eab031d2
SHA1 00dba861b1809026c905f077251a68efe43dc0c1
SHA256 6396bc69ff5fec946ebd40ef0e5a213339452d350c3e0620123bebee15e92081
SHA512 8c2d8e2367788ef241513ca727327629fcd0cefe4bd766fe368bb7a26a8aa926e6c20d556deff23a6a74e4a341afc2efd362e1d24e85dcf7a967a7862f1775b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257

MD5 5248419c3334e96b0eb1afd95a954272
SHA1 66bf1aa32f293d164167892fd80318348a5fbf0d
SHA256 52b121fbdfc1420ef9fbf34c5da45db7a30609583adbe590c256200e182c17ba
SHA512 92474d81d085bf90544b4b2dfd49d8f932803f8c12359b7abb1be3db1328a75b0bb9b23080ea74f060c2ebbad46259a0a6b1962624a8acd46d44dd89778b9637

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A876C8AF86717633E6E46572013B957E820A5E24

MD5 0f4f883a7f1d8ad8b0d514af88c2dcfe
SHA1 ae3e5b78b622a67ff6642557bc14f48777e5fe8c
SHA256 fea999814da3d5a0fb5f09c77c2b0edf0d1676b2022d5c5d8385b8c67bd5b267
SHA512 f2502b5524ce2e77866d966189b6489374054581535b3e488207c94557118d2ce639eceff0cad6e186e55935259550f529d534232c999f50235c5cadad2bdaa4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

MD5 3a7fdf35f87e6d4623099c48aee90d4a
SHA1 1c6ed98e9992d01cc8be527f9d3b840e80514c08
SHA256 563bc403c1f39958c2ae5d8c786cdb69e38a23ab75f356a1dad2aed20a99e992
SHA512 c4c7121f63d13122ac58e17e668703fb307af9147ca1fa03c3a3af896e451797307cc0287d59e3066eddb7a7ff644cce83c61eb56522e63d20817ee9731181aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 aab352737259bb50472f6f87a20ee410
SHA1 300d11f710a665dd5de500567515a38215d487e5
SHA256 c50025ba320e8b8968a1c6ee3877c6054c1784821d983a99255ec84e03e1410d
SHA512 ec72cf4a5c1cc477dd96ae904bf8f599c095f44fbe486b75757e392893a96be6c3006429f7464cf1467e6c434e337495f0ae3d2863452542a22724d3fc4fa6ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 482723ade4d954878e4c01bce024dba0
SHA1 a91b88871db36241b64ea90411cfc13a26cea8fb
SHA256 c2246d795a86201781dbee53f73529644e7356c1dcb73c8b84b42c71c6456592
SHA512 6f67765eaa0ed9121262f9434f1b044514eda0e76c71caea0dd2da4c70244f52ca69f862222413c0392ec76e05bdafd2c801f1f6ede72c6ecfa9b3806e06f78a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 148639bfb561145a72bf299728b1b549
SHA1 ed5d38f6e4e8fad86d284f5fd65f60306ca9d355
SHA256 6f2fbe8d9f1f5314a2ae3d63890954af41ac89cabde167ab5d4fdf5ff8513331
SHA512 026a3a06e3645a9e56ad8375f739a5601c8287ff97be63b467b0e291ec218ad1244134154926ec518dcb39c9554c163ab86c1730119e1d8bb509f832b0ed7722

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 abe89fffbdb440a69f192643cca0f3ec
SHA1 e3eb4c3f7326fd524beec4e51d75f55f271f1584
SHA256 beefa61bb034dc056c006b1e65e1d985da033e55600a3de442d062f742711688
SHA512 103330fb932e9d975046eb60090153281ef3127565f56293f55d3a5fbd6af66ebcf6f35d1da59d9bb3b5899d182da48bdd44d2f5593b83b98f3452d3d5760dc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 92694f1319275db81cf81b29abfd3f09
SHA1 db8aec4f8f31fb4678fc1132d45fc8f8344a485e
SHA256 69c5300797a1ffa599eeaf88e9a5249e9bbda85ed4d0796237e96b1bc05bb698
SHA512 eb631de25ecd5e5b3da74681d9abea01189cab5a8c0a9d1cdd3585acbccdfd31bf50454d9436581fcc00b2f7dc1421e870af19a1052d23294abbf14433fede69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\CFEA5DFE136E15CD97A3C39D8D2A48B71BFE4694

MD5 6a25acf84c1165b0413f264332e55a38
SHA1 3355b7ae5539f291560bb7b5825d399119490290
SHA256 fdebe67d3819ec36e88929978ac68bbfdce0bb328eded3af3aac9cc6a299d58d
SHA512 86172be889085e0e1d08f06ecad28b4a9031fe852972e79acfb815dd692909b8529d3c6c77a3085c3e47fd1542b76b034f1be8c4701b15904122f2adb9c06f11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\2C4BAA6F19DAD1966BACFFE00E8A81C718359637

MD5 63d349310f76228e00dd4586ddce9fc9
SHA1 c9dba6b2b620e6e2ea0be06f88c3546dd58c5d03
SHA256 27e45d68fa1ba5babce117da518d4ddea8fad7c6084c7e6fd5df153fc55b1d37
SHA512 e7de564aeb63869253ac1aaeec4f75616b587826b1ec72ca9ca5ccf647cf299561c864a1baa3f59bb4a4415a8932e6fec0a34e47e7dd0fb3f73a406b9c449023

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\key4.db

MD5 8769b47ad77608268f2fef440590fe61
SHA1 003b9822106f2302d4d573b5870dc0489ad396aa
SHA256 33e4b35914b9d151b5f8f0951333880e5792769cf8921f2ec7bc6ee9f1bf8f3b
SHA512 815ca7c84e799472916ab043bb3b39df0883f310b4be6f0e3af3431cfedfca39d7a060b68cedb17b46c421f1c5f8b550c8f4004f35cdd65cf0691d57461c0a77

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B5D9B00549A67C5E8FDA11F8BBFCECEDD00925E6

MD5 945ecadca8a0e710563e73ec359632a7
SHA1 237d65aaac12338b17d758f0ce2a739049b5d101
SHA256 8bb15d97e1033734c6b224d8a970b408e5e8e8ea37bc9ff290e05827d8efe2eb
SHA512 d17acdd27c951b757d7cf3423609ae53a5981f12bb37098a34479ea0589eac77a7740393225836b7460af8f0b3b8d5f69eecc690322be56fb8bbbf7402b02ba8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3D390C3690610E926E6E7D82E3D120B62A6D1C67

MD5 6fbe7346200984129f02fcefb2492604
SHA1 d5fbe8e697f489db77a9d8618dfecf8c9d03cdd7
SHA256 5b36d05c6f8d9c3ae95db03b3bf0cf2309c7b1c714f85d06bcf116ef36c3a8d0
SHA512 184daf22c1f3ccb555b289474342a1b690c9d21830a7136d2a6a79075088d9db0dff481a929419292fa5fb5d7c4bc97b1b44c4a518e10a9d598eeb93a3d2df6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D3FB7DFEE39173F53B5DDE4D1BF8A49007402BF3

MD5 8b4276c76da4ca715ac1e96b5009315f
SHA1 6331a8b9991b42cb782b2f70ba341b2e4b481cca
SHA256 b09ac03870d073c5c8e30200b07c36019f9e31d7e8bc560c4f7cc8398f131bef
SHA512 0da209c0e3dc8188b3a5ea0e97a1d56d40bf427c310a909ea61087132a864f4f9914b4955f021483f89cfcae5d7d6412807c1fdaec55b3c6e853819287799e99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\2D8B1A13BF4DE864309FD52B7BF93789A675C733

MD5 62498ecc24f88697c9747257f061251a
SHA1 0a3d8f806845e494d23c445c07742bbf1bbc7fe8
SHA256 8eb46849a5ec3fb78bd16c879a1c123093ec985c208eea81bb7f4d35abfba668
SHA512 17dd7379ed3008d6ef20a9dd6c118dd3ee3450e84b9df149ed9c0f7849caad71389c14366c86514a73269c7ff17733a4264449362e81d5563c0b4cd32928f2ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\44051AAE8D166EE6188B9FF63F26647F25735209

MD5 7d25b8f6d8cfd01dd22835cc9cbec065
SHA1 8bc8eef24dbbfd0e653799200ced32b6ece07b41
SHA256 c9bd23071cdb5b5756a6760779d4f7fb7406815789764aaf6c2ee765f20abd99
SHA512 c7659b72f3b2c45a81c37cf50d5bebc7f92891207dcdd193e9f78953c61fb369986068159962dbb70ee47134b9384f7d3b9e4412dd0701e6e09c1ae2c101522b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BB20B510857683697E6659E906F03B7F4E60F53A

MD5 69316e79c20a1993602c3962fd4199a8
SHA1 143836859af383816f9e7dd1ff37b3afbc47ad35
SHA256 89f4fbc812120773e7f7259c207d1cd79ea6cd23e5b0d85d2c62fa6863e34b28
SHA512 1a91e2f00b00ebbaae791be7bf2e432174ec5401c25f68dce6479bda0dd4366c9128efab9632a16d4522feb245611b1c74e1cc8bcfa1130362ac29d72cbb19e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\36666FA3760CD3A6C81680EF8CBC1FEE73D74E31

MD5 5e208cddbd89c54044f35651cfceaec6
SHA1 fa2d0a47289be672087bb93eb9f66d2246218153
SHA256 22f7c6e0dc4e4eb1fc90e4f2175e3b216198a6f5c104a926273557ddb9af665f
SHA512 9e878f0d239b92454b745d88deaf07f48fdd6633459b037ea71f42aadd357eeb21be4d6a7fe685889f69f4a9b48f4673ef65f2e2529d19380f9a13b6e3b2310d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E63BB282E2060D26E713C67FFE0DCE4741AF2219

MD5 b530d5ae0cc1a4f5eaa5180b779a6609
SHA1 c976cf8c2ec2076a265219669c2ebb8c13fbc653
SHA256 dbb8a6cb4409061226700d51e88fb8711d1cc5fe34c0575c6cce0b43dace4765
SHA512 b4de88e88adaa4957adc375889749f1063a8623ba856e48d86593909fda377be0af1aaa6f2fbb32751b183865d15fdb944e52fc757e9923f7d57854ba69fd9ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5CAFF5C1E40766ECD6B981F4D1F0E33B406232A4

MD5 c46c92d9c016ee91adb106e6dd91d385
SHA1 40690ede9e4ac114ff8cefdb636349b6ef7309dd
SHA256 d217a6afcfb1340e166883e9083ea42598658d2a19cbc4867c62f42e221726ab
SHA512 cef09a475629d69336aaa1f983f5bfc306d99081d394f46a163497fe5a540c7c5025d2f72765529f7f0d19c3743f3a4d4fd2caa95d2279bd25935b8dd1ad8cbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\AFC332CBD99EDEA70FBD8F57B8897801A6383FDF

MD5 df964d31a4bb54a24fa6a38da25862d8
SHA1 73dd3b71dcb512d4fc0429164df83e3a70104a26
SHA256 e7d450d1f3b3ad1fa7320c6c11d89272ed1a94ae169e54d75d75ee9b77ca07f1
SHA512 2df2202f7b71cc99de0d40fd5370536613839cc168df2d309b45d4989222b73b1b95ce3334f6e28fc2b9c4055dcd13ee8820892fc633769eb03a99886724450e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0C6E875C3F4A80E544C5AE977C50F6987563E3DA

MD5 65d2f6b33c6960f0af32adb8b120456f
SHA1 145437572dcd56aa8eefebbc43141e43b58864ab
SHA256 188947e4ebc6044012279a65f69536face9ea1a38036d92f95f013c82ddebbd5
SHA512 1e036f3bfd4994fee0e4b817f695f55c1d6f398289beae5cd12772ba50ba9f8b91c2c27a080604716d09d22d9e779779236f8e7c67d1f1b11fda3e0248829397

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 4429e771f09c08baf6e92981cb5dc881
SHA1 ae4694345e95d9d1a4f0789cb2662b9235418d00
SHA256 e094453356cddeb8811878fdc3dcbe9bab147e93374c299f9afdd67362af05a7
SHA512 2f032a71c575e668e4137ae91cd07b7a45b83ebf985643651ba9b1fa51afacd3e53c87f9a3d8b37ccc7ab6a8c7fe818f113cce0e915d7f2bd69f339577fa1460

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\bookmarkbackups\bookmarks-2024-05-01_11_jd9W0U2wg3PE4xPg7hhnCQ==.jsonlz4

MD5 0f3e2acd1b261424e80d39a04c33068a
SHA1 edc5da8aa7768415db3b557178b2724d902afdf6
SHA256 ec0c1654120720f01e638c22acf8de4796ca2015745b2d3652d0e8071d362c9b
SHA512 d9fdcb0466588dcd52120b05912aa91ff24e5f99b2944212b512e7ee295326eeb694f7ced7b886782a0f303b1b0e0507de4eda7fdeba21424d22e15101231078

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.roblox.com\ls\usage

MD5 337e16c39b553503379c757c88a1dcf7
SHA1 e2e12451654d82aafd4cc6408781aefe0b1f1930
SHA256 1c38bd8ab614d461847b9afea54eb7dfa5e9613d06b70c2d4e59f88c0b08ce75
SHA512 33446efc29edffea1bba41e5b2f570d7a57c8c5e8d8e98d9578d5ddb24fa59fbaf988f72de4feb252dff6a7a864bc32398d6d2e3c9e99b1118c5ffc2dc0a238f

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CDB165F1-C4D6-4512-A07A-4AB5078DF73B}\EDGEMITMP_87162.tmp\SETUP.EX_

MD5 5070a34dbada1aaa375cc572b5fc7d0c
SHA1 e74b7ef714755870976abe3d2b4a7db0b9cc21e5
SHA256 03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20
SHA512 fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 28f5cf3c1d590016d7e5ecb1843571f5
SHA1 406f6637234211764c4e13753272caf704ffec2a
SHA256 a975a3a4ee010fbcc6a60c8c1798a19a1dd795655b4b629d20053bac9c5a3da2
SHA512 0e1fe3d1cbc9eb36c41a534b26ae95603bfad4e2f593fe1a8df9570209924772a0668d3c4a20006fdb700fed1decaffaebb189f34b8474eae0346ae924c6e938