Malware Analysis Report

2024-10-10 08:10

Sample ID 240611-rxnjvszgqd
Target SolaraB.zip
SHA256 2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
Tags
discovery evasion persistence themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

Threat Level: Likely malicious

The file SolaraB.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets file execution options in registry

Downloads MZ/PE file

Loads dropped DLL

Registers COM server for autorun

Themida packer

Checks BIOS information in registry

Executes dropped EXE

Checks whether UAC is enabled

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of UnmapMainImage

Checks processor information in registry

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 14:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 14:34

Reported

2024-06-11 15:20

Platform

win10-20240404-en

Max time kernel

2696s

Max time network

2413s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\MicrosoftEdge_X64_125.0.2535.92.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ABBCA4F-D0E3-44D2-A521-66AB55DD7A14}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainTools\checkbox_square.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\ic-more-create.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\identity_proxy\win11\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AvatarImporter\img_light_Rthro.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\AssetPreview\star_stroke.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\icon_whitetriangle_down.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Settings\Radial\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ClassImages.PNG C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainTools\icon_regions_rotate.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\sky\indoor512_dn.tex C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Chat\MessageCounter.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\Checkmark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\account_under13.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\water\normal_02.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\9SliceEditor\HorizontalDragger.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainEditor\volcano.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Capture\Shutter.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\LegacyRbxGui\popup_warnTriangle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\image_scrollbar_vertical_bot.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\GameSettings\copy.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_22.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\avatar\compositing\CompositExtraSlot0.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioUIEditor\icon_rotate3.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\MenuBar\icon_menu.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\VRStatus\ok.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\Controls\DesignSystem\ButtonR2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\avatar\meshes\leftleg.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\CollisionGroupsEditor\delete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\Gamepad\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainTools\mtrl_cobblestone.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\MenuBar\arrow_right.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\back_hover_zh_cn.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\is.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AvatarEditorImages\Stretch\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\MaterialFramework\PlasticWithBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VoiceChat\New\Unmuted40.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\SingleButtonDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\scroll-top.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Chat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\ic-clear-solid.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_dark_timetag_bg.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainTools\icon_flatten_grow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\9-slice\input-send-message.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\Voting\Thumb.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TagEditor\TagEditorPluginIcon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\CompositorDebugger\dot.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 344 wrote to memory of 3800 N/A C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4988 wrote to memory of 372 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 1564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 1564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 2128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 372 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.0.1878069257\1366405414" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51291f86-c163-4d13-8fd9-7dec4c8a7dda} 372 "\\.\pipe\gecko-crash-server-pipe.372" 1828 275a98d3758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.1.312151956\1994848576" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac6fbf0-381e-43b1-8a0c-9a71cbd5216e} 372 "\\.\pipe\gecko-crash-server-pipe.372" 2184 2759e772258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.2.654683236\552224693" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3012 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a98b36e-92c7-479e-85f0-389dcaec8d01} 372 "\\.\pipe\gecko-crash-server-pipe.372" 2708 275ad997b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.3.1976465376\1184476460" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1eb6d2b-afac-49c9-be3e-e0e223494932} 372 "\\.\pipe\gecko-crash-server-pipe.372" 3516 2759e76e258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.4.1677212208\16237555" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c06da340-afc5-4c27-a559-5e9b47e2258c} 372 "\\.\pipe\gecko-crash-server-pipe.372" 4224 275aefaf058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.5.47172004\12188821" -childID 4 -isForBrowser -prefsHandle 4212 -prefMapHandle 4004 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0b28c7-2c15-4ee3-9180-1a0f7145e1ad} 372 "\\.\pipe\gecko-crash-server-pipe.372" 4660 2759e76cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.6.407162076\2099439599" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 4988 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d122521a-f2c1-4859-933c-6b94c220cb3f} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5004 275b0c8f958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.7.148856799\1249363286" -childID 6 -isForBrowser -prefsHandle 4656 -prefMapHandle 5004 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5010ff7a-ad31-4fac-9ab1-4a58463fe3b3} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5196 275b0c8f658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.8.1224458879\1624809224" -childID 7 -isForBrowser -prefsHandle 2744 -prefMapHandle 5316 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f6c0cc-bc05-4218-a203-e4232257ef3e} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5560 275b1619b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.9.283887329\1529969482" -parentBuildID 20221007134813 -prefsHandle 2760 -prefMapHandle 5808 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae295c6-ba6d-42cb-afb1-7064a915a2e4} 372 "\\.\pipe\gecko-crash-server-pipe.372" 2932 275b212db58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.10.1074330008\469978689" -childID 8 -isForBrowser -prefsHandle 6180 -prefMapHandle 6168 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ce62918-0553-4fdf-a7a8-2bc3d8374b23} 372 "\\.\pipe\gecko-crash-server-pipe.372" 6160 275ac226d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.11.719179742\630393808" -childID 9 -isForBrowser -prefsHandle 10360 -prefMapHandle 5160 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23cb9777-7363-4863-97cc-7e2da0719144} 372 "\\.\pipe\gecko-crash-server-pipe.372" 4604 275b5c18858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.12.2129118737\2100212147" -childID 10 -isForBrowser -prefsHandle 7428 -prefMapHandle 7424 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0d2e922-e9dc-4bec-9f1d-6f2c68f67712} 372 "\\.\pipe\gecko-crash-server-pipe.372" 7440 275b5c18e58 tab

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0MTY2NjctQzk5RS00QUZELTkxMEUtNzYyMEI5MURCNjE2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyODE2QkVERS1DM0EzLTRENjktOTE5Qy1EQjQ4NDAyMEJDM0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTk0NjcyNDIzIiBpbnN0YWxsX3RpbWVfbXM9IjM4MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{25416667-C99E-4AFD-910E-7620B91DB616}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0MTY2NjctQzk5RS00QUZELTkxMEUtNzYyMEI5MURCNjE2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0OTJFNkQ3RC0zQjJELTRBN0UtOTU1OC1GRENFM0M2NUQyMjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE5NzkyNzMyNyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\MicrosoftEdge_X64_125.0.2535.92.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A5BDD44F-93CB-4296-B2D9-78FE3F65DC17}\EDGEMITMP_5D172.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff780254b18,0x7ff780254b24,0x7ff780254b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0MTY2NjctQzk5RS00QUZELTkxMEUtNzYyMEI5MURCNjE2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQzQxNTJFNi1GRTc0LTQzRDQtOUNCNy1CRkI2QzNEQkU1ODF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4wLjI1MzUuOTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMzk0NDY5NTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MjM5NDc2Nzg1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQyOTQ5NTM0MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMTk5ZDZiMjItNmY4ZS00NjIwLTgwMjktZjdlM2EyYTNmZGVhP1AxPTE3MTg3MjE0NzUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Tm9SR0JGUEVaRlZZUzhaY1NFVHBBTW9QTlBkNWxzNFpTclJWVVJUSCUyZjdOd2IlMmJoYmk3V0dmJTJiM1dBb3pzd25xNUptM2o4TjB3TEdpJTJmTWZ5cVRkWE5TQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzgxMDc1MiIgdG90YWw9IjE3MzgxMDc1MiIgZG93bmxvYWRfdGltZV9tcz0iMTQ3NTMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDI5NjA1NDQwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ0Mzk0NzQyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg2MjY2NDE0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgzNyIgZG93bmxvYWRfdGltZV9tcz0iMTkwMTAiIGRvd25sb2FkZWQ9IjE3MzgxMDc1MiIgdG90YWw9IjE3MzgxMDc1MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDE4NzAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ABBCA4F-D0E3-44D2-A521-66AB55DD7A14}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2ABBCA4F-D0E3-44D2-A521-66AB55DD7A14}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{9DD8FA0D-0352-4B11-823C-6C683FB575D1}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUREOEZBMEQtMDM1Mi00QjExLTgyM0MtNkM2ODNGQjU3NUQxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszNzAxRjgwQi02NTlELTQ2MjMtQUYwMi1FRkM1MDRGRURGQjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMzM3NTYxNzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIzMzc1NjE3MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDc5NDM4MTI4NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MTg3MjE3NzQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9V01QeHFJTzRKZlBJJTJma0xXMENBYzV5eHdFd1FnZFpuVWFDSkVkdGh4M0NGMzBnOEpqcWNSNHdiaFplMEpmODUyaTNsRVNmQzd2WGo2SVlGRUNZS05IZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSIxNTM4MjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA3OTQzODEyODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA3OTk1Mzc3MDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNS4wLjI1MzUuOTIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins2QTA2NUVERC1BNDU4LTQ1NkUtQTY3NS1BQkVFNzM2ODgxNjd9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUCD28.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{9DD8FA0D-0352-4B11-823C-6C683FB575D1}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUREOEZBMEQtMDM1Mi00QjExLTgyM0MtNkM2ODNGQjU3NUQxfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OTZBQUQ1MjQtNTRBNy00NzNFLUI1ODgtNDVDMDAxQzYyMzk5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzcwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTgxMTY2NzAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODQwNDc0OTM3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjBDNEFDQkItMzYwMy00NUE5LUI2MUYtRjg4RjRFMTdEM0YwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTE4NzlDNDYtRjMzNy00REEwLThBQzktNTFBMDREQUEyQzhDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtzRzlESjZNM2Zaa1A3Q0VMV0duRHhDK3dhUmFRRXVFTHZMSWZYay9NQXRjPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNjgiIGluc3RhbGxkYXRldGltZT0iMTcxMjIzMzcyMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU2NzA2NTkyODM2MjIyNyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQzMjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjU5NjkzNTMzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjBDNEFDQkItMzYwMy00NUE5LUI2MUYtRjg4RjRFMTdEM0YwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NUU2MjBDQS1FMEI2LTQxRTctQjA0MC0xOUIyMjEzMTVCQjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODcuNDEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNzAiIGNvaG9ydD0icnJmQDAuMTQiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzNzEiIHBpbmdfZnJlc2huZXNzPSJ7RDNBRTY5QjgtNTg4Qy00OEYwLTg3N0MtQTIzQjg0RTc5NjYxfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjUuMC4yNTM1LjkyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzcwIiBjb2hvcnQ9InJyZkAwLjU0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzcxIiBwaW5nX2ZyZXNobmVzcz0iezZENUMyQzE5LUREQjQtNEY3Ri1BQzZCLTc2MTZBQjMxRjRGOH0iLz48L2FwcD48L3JlcXVlc3Q-

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:51256 tcp
N/A 127.0.0.1:51263 tcp
US 8.8.8.8:53 89.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:51270 tcp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:80 roblox.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
NL 128.116.21.3:443 roblox.com tcp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
GB 128.116.119.4:443 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
BE 88.221.83.8:443 static.rbxcdn.com tcp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 roblox-api.arkoselabs.com.cdn.cloudflare.net udp
BE 88.221.83.40:443 css.rbxcdn.com tcp
BE 88.221.83.40:443 css.rbxcdn.com tcp
BE 88.221.83.40:443 css.rbxcdn.com tcp
BE 88.221.83.40:443 css.rbxcdn.com tcp
BE 88.221.83.40:443 css.rbxcdn.com tcp
BE 88.221.83.40:443 css.rbxcdn.com tcp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 2.22.144.92:443 js.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 8.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 40.83.221.88.in-addr.arpa udp
US 172.64.154.86:443 roblox-api.arkoselabs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 92.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
PL 128.116.124.3:443 metrics.roblox.com tcp
US 8.8.8.8:53 edge-term4-waw1.roblox.com udp
US 8.8.8.8:53 edge-term4-waw1.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 104.117.77.80:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 a1818.b.akamai.net udp
US 8.8.8.8:53 locale.roblox.com udp
GB 128.116.119.4:443 locale.roblox.com udp
PL 128.116.124.3:443 edge-term4-waw1.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 a1818.b.akamai.net udp
GB 128.116.119.4:443 locale.roblox.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
BE 88.221.83.27:443 images.rbxcdn.com tcp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
GB 128.116.119.4:443 auth.roblox.com udp
GB 128.116.119.4:443 auth.roblox.com tcp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
US 8.8.8.8:53 80.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 27.83.221.88.in-addr.arpa udp
GB 128.116.119.4:443 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 2.22.144.92:443 a1993.g.akamai.net tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 a1992.w27.akamai.net udp
GB 128.116.119.4:443 roblox.com udp
BE 2.17.198.185:443 a1992.w27.akamai.net tcp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 8.8.8.8:53 roblox.com udp
PL 128.116.124.3:443 edge-term4-waw1.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 a1818.b.akamai.net udp
BE 104.117.77.89:443 a1818.b.akamai.net tcp
US 8.8.8.8:53 a1818.b.akamai.net udp
US 8.8.8.8:53 185.198.17.2.in-addr.arpa udp
US 8.8.8.8:53 89.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 assetgame.roblox.com udp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com tcp
GB 128.116.119.4:443 assetgame.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 2.22.144.92:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 assetgame.roblox.com udp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 8.8.8.8:53 images.rbxcdn.com udp
BE 2.17.198.130:443 a1899.dscw27.akamai.net tcp
BE 88.221.83.26:443 images.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 a1899.dscw27.akamai.net udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 26.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 130.198.17.2.in-addr.arpa udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 edge-term4-waw1.roblox.com udp
PL 128.116.124.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 2.22.144.41:443 tr.rbxcdn.com tcp
US 2.22.144.41:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 a1831.dscd.akamai.net udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 a1831.dscd.akamai.net udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
GB 128.116.119.4:443 thumbnails.roblox.com tcp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com tcp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 cs.ns1p.net udp
GB 128.116.119.4:443 metrics.roblox.com udp
US 8.8.8.8:53 41.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com udp
DE 35.157.138.20:443 a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com tcp
GB 128.116.119.4:443 chat.roblox.com tcp
GB 128.116.119.4:443 chat.roblox.com tcp
GB 128.116.119.4:443 chat.roblox.com tcp
GB 128.116.119.4:443 chat.roblox.com tcp
PL 128.116.124.3:443 contacts.roblox.com tcp
PL 128.116.124.3:443 contacts.roblox.com tcp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
US 8.8.8.8:53 a4c9427a-pulsar-pweb-4287-639546627.eu-central-1.elb.amazonaws.com udp
GB 128.116.119.4:443 notifications.roblox.com tcp
GB 128.116.119.4:443 notifications.roblox.com tcp
US 8.8.8.8:53 nfd-prod-c-142502592.us-west-1.elb.amazonaws.com udp
US 52.52.192.222:443 nfd-prod-c-142502592.us-west-1.elb.amazonaws.com tcp
GB 128.116.119.4:443 notifications.roblox.com udp
GB 128.116.119.4:443 notifications.roblox.com udp
US 8.8.8.8:53 nfd-prod-c-142502592.us-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 aws-eu-west-2b-lms.rbx.com udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 8.8.8.8:53 s.ns1p.net udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
DE 13.32.27.107:443 c0aws.rbxcdn.com tcp
BE 88.221.83.35:443 c0ak.rbxcdn.com tcp
PL 128.116.124.3:443 contacts.roblox.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
DE 18.193.195.191:443 s.ns1p.net tcp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
GB 3.9.154.15:443 aws-eu-west-2b-lms.rbx.com tcp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 d13im6y9zsyqh9.cloudfront.net udp
US 8.8.8.8:53 d13im6y9zsyqh9.cloudfront.net udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 a1913.dscw27.akamai.net udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 a1913.dscw27.akamai.net udp
US 8.8.8.8:53 nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 nfd-prod-b-1076442370.eu-west-2.elb.amazonaws.com udp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 8.8.8.8:53 20.138.157.35.in-addr.arpa udp
US 8.8.8.8:53 222.192.52.52.in-addr.arpa udp
US 8.8.8.8:53 107.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 35.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 191.195.193.18.in-addr.arpa udp
US 8.8.8.8:53 3.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 15.154.9.3.in-addr.arpa udp
US 8.8.8.8:53 3.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
GB 128.116.119.4:443 presence.roblox.com tcp
GB 128.116.119.4:443 presence.roblox.com tcp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
GB 128.116.119.4:443 presence.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
BE 88.221.83.35:443 a1913.dscw27.akamai.net tcp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 8.8.8.8:53 b.ns1p.net udp
DE 18.193.195.191:443 b.ns1p.net tcp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 js.stripe.com udp
US 13.225.78.124:443 js.stripe.com tcp
US 8.8.8.8:53 dexeqbeb7giwr.cloudfront.net udp
US 8.8.8.8:53 dexeqbeb7giwr.cloudfront.net udp
US 8.8.8.8:53 followings.roblox.com udp
GB 128.116.119.4:443 followings.roblox.com tcp
US 8.8.8.8:53 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com udp
GB 128.116.119.4:443 games.roblox.com tcp
GB 128.116.119.4:443 games.roblox.com tcp
GB 128.116.119.4:443 games.roblox.com tcp
US 8.8.8.8:53 124.78.225.13.in-addr.arpa udp
GB 128.116.119.4:443 games.roblox.com udp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 badges.roblox.com udp
PL 128.116.124.3:443 badges.roblox.com tcp
PL 128.116.124.3:443 badges.roblox.com tcp
US 8.8.8.8:53 edge-term4-waw1.roblox.com udp
GB 128.116.119.4:443 voice.roblox.com tcp
GB 128.116.119.4:443 voice.roblox.com tcp
GB 128.116.119.4:443 voice.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
PL 128.116.124.3:443 badges.roblox.com udp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 151.101.0.176:443 m.stripe.network tcp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
US 8.8.8.8:53 aws-ap-east-1c-lms.rbx.com udp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 aws-ap-northeast-1c-lms.rbx.com udp
HK 43.199.80.88:443 aws-ap-east-1c-lms.rbx.com tcp
US 8.8.8.8:53 nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 silver.roblox.com udp
GB 128.116.119.3:443 silver.roblox.com tcp
PL 128.116.124.3:443 pulsar.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
JP 35.76.184.243:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 aws-us-west-2a-lms.rbx.com udp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
US 54.212.189.199:443 aws-us-west-2a-lms.rbx.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
HK 43.199.80.88:443 nfd-prod-c-1420969030.ap-east-1.elb.amazonaws.com tcp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
JP 35.76.184.243:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 8.8.8.8:53 nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 nfd-prod-a-646748404.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 nfd-prod-a-646748404.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 nfd-prod-c-1199815139.ap-northeast-1.elb.amazonaws.com udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 88.80.199.43.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 m.stripe.com udp
US 52.33.51.5:443 m.stripe.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
US 8.8.8.8:53 243.184.76.35.in-addr.arpa udp
US 8.8.8.8:53 199.189.212.54.in-addr.arpa udp
US 8.8.8.8:53 5.51.33.52.in-addr.arpa udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
PL 128.116.124.3:443 realtime-signalr.roblox.com tcp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 a1993.g.akamai.net udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 2.22.144.79:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 a1694.dscg.akamai.net udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
GB 128.116.119.4:443 voice.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
N/A 127.0.0.1:53144 tcp
N/A 127.0.0.1:53148 tcp
N/A 127.0.0.1:53151 tcp
N/A 127.0.0.1:53155 tcp
US 2.22.144.79:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
US 2.22.144.79:443 setup.rbxcdn.com tcp
US 2.22.144.79:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 2.22.144.9:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 2.22.144.9:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 9.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 251.86.200.23.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:53915 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 edge-term4-lhr2.roblox.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 2.22.144.14:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 14.144.22.2.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54149 tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54393 tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54510 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54603 tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
N/A 127.0.0.1:54696 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54789 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54882 tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp

Files

memory/344-0-0x000000007396E000-0x000000007396F000-memory.dmp

memory/344-1-0x0000000000810000-0x000000000081A000-memory.dmp

memory/344-2-0x0000000005080000-0x000000000508A000-memory.dmp

memory/344-3-0x0000000073960000-0x000000007404E000-memory.dmp

memory/344-5-0x0000000005AA0000-0x0000000005AB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 15cdabcecc4ae0ec3253b1625156b0a7
SHA1 fa1b2c6a2be53578ef278706cdee6f725e00b003
SHA256 6dbcc562d627628e45187afbd2421be88797e20e36910393a883e361973da553
SHA512 c9a1740bf5fed7cbc6d91ab92222b178fe4a8ab2d75dd8f18d827046bab88d7632b0751e953e77e29aaf9a9bf390697e94f23e172cfe034a4263bcf7c7149106

memory/344-1466-0x0000000073960000-0x000000007404E000-memory.dmp

memory/3800-1465-0x00007FFA56F63000-0x00007FFA56F64000-memory.dmp

memory/3800-1467-0x0000024057B10000-0x0000024057B2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/3800-1470-0x00000240725B0000-0x0000024072AEC000-memory.dmp

memory/3800-1469-0x00007FFA56F60000-0x00007FFA5794C000-memory.dmp

memory/3800-1471-0x0000024072230000-0x00000240722E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

MD5 34ec990ed346ec6a4f14841b12280c20
SHA1 6587164274a1ae7f47bdb9d71d066b83241576f0
SHA256 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512 b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

memory/3800-1473-0x0000024059810000-0x000002405981E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

memory/3800-1475-0x00000240722F0000-0x000002407236E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

memory/3800-1478-0x00007FFA56F60000-0x00007FFA5794C000-memory.dmp

\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 8518e81caa4b5a961656b687300b64f3
SHA1 3079b0a84cca1f8b270a331c68cf0c134f42aedf
SHA256 4179c99032b9698a74a0b395541b8a7124531ecc053428fae0916a02b78364e1
SHA512 20a99e88e1657ca41ba7ecf31e4a1fff56b721dfa55b7a10531715bb674ab11abfa08c5e7d53ce9cef78cf63bcc3248e8131ca5674d8169d7ac4ac8f0a1385bf

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

memory/3800-1487-0x0000000180000000-0x0000000180B19000-memory.dmp

\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

memory/3800-1489-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1488-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1490-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 6b09afc61af8884f2fc6204922e970be
SHA1 fe3da40f27e8dc2b8e2392c9590666982fff3398
SHA256 f99a87a0c9006940f0d9efa1331d253dcf56016c82f4e266b507c303bb8493a6
SHA512 69ac27dbd690d1919a5da98e5f427328147c18a338596a0cf7ccb2cd09594da388fc4bb5df660bb4ca5a630f3ffc3ee3783b24c262683d2c5992db2f1abca8ea

memory/3800-1492-0x0000024076F40000-0x0000024076F48000-memory.dmp

memory/3800-1493-0x0000024077120000-0x0000024077158000-memory.dmp

memory/3800-1501-0x0000024072B00000-0x0000024072B0E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\596971c9-1e84-4380-b923-d2799b9831f8

MD5 f997c03ec192dc9bf314e695d09c27f4
SHA1 d825345ea65e37c30b57398123df947ee9333f63
SHA256 cba86db9b5017ce17e7eeefa6880ea654c5c80445f0c672feed6728ca6e70c49
SHA512 df65f886e786fc14dfb9dd21724c34469359f1189884efdad2caf856bb59946e36c6337b9a3e47a3412278c5fdf7cc422e11aeb82ddfcd2e16f8159cde95c66d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\c503a998-5586-4bdc-be5f-a7afa9d34d5d

MD5 357d380bd57733df8c370a2dd30aa195
SHA1 5da6c102a08d83064d338ff8817f67b21ce7cc5e
SHA256 e9e9607d7dc1c34546c7ba9eb3b9524c7274550d187ded95934e792f1d159d56
SHA512 323a36a3ba7e41865e5dccfea631f5723e55329a18113e4016a01807ae557809b343d7abdd638b960d54fb96c0d4f76cafbadf846a01a3bae5a3e3470a7edfb5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

MD5 4d85caebee1e1966bc0a436d259a9a33
SHA1 21b32206ad7beafe0e810b81b296baf2c073acfc
SHA256 4c80f6b654524c641af3c1d62896ee100dbd1551c4248ed1a4feb26b24089cd3
SHA512 580bd93dc53da6af6c89254a6773cc15c8c2dc4a7969764465a2878b18f43e4c172a2473bb09dd46fea981013b4ecf964badabe87dd3d1f53605e5a672b073b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

MD5 716e9caad78b7e4e353044c0e2920a2b
SHA1 4aa1703230a7aba12f8472a2448b128c1f40c8e2
SHA256 699fc83f70230fe71d23ab09c7449e324ac01c32e247466989940b5f79725f8f
SHA512 26ddad9d9c294030034e749b548804049939e0d01e61b4d429b2bce65667d507648ff21f9c609ddab815c556dce6f3d6d4be56db113bba0bd85a7ee727107a82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3018d1aad8385b734068dbad441e344e
SHA1 2a3925bc92ec843db64b6db2cd6fe18ccf084a86
SHA256 f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88
SHA512 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

memory/3800-1584-0x00007FFA69D80000-0x00007FFA69DA4000-memory.dmp

memory/3800-1583-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1592-0x00007FFA56F63000-0x00007FFA56F64000-memory.dmp

memory/3800-1590-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b7e6b6d3356384cd586c8ff829205b03
SHA1 0b5a0825d2e899315c818b6f98c09fe39f10adb2
SHA256 bab59fb408b524eac60b4ed42944553af8f7755cd97b67a574ad3324b5ab7159
SHA512 107dc77a6fa5b2c349d837e4715f0202faade4b12a684854d6d5376425a716819cef5a58c9f45cd69232f273ae75751b0e5d5721e40c0262caa08a8f58ab6004

memory/3800-1598-0x00007FFA56F60000-0x00007FFA5794C000-memory.dmp

memory/3800-1599-0x00007FFA56F60000-0x00007FFA5794C000-memory.dmp

memory/3800-1772-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1770-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 8693cdd7171c3f9076788e1158d4efc5
SHA1 f1f15fd16c2a4536d07fdce3dc7e26d6777881d5
SHA256 3cdf1d177b531204b0b24a27bbe7fee4ecaf555871522089cff16701ed5154d8
SHA512 ecdf2e31bfc9bc368c54c7188ea5d2e41dd83c0a6aedc52a4f290a07d7d68dfb24a15cf1e72fe0fb6f676ff59e4625ebd7e8706e29a575f5f13c4b950e6f7b27

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 7ad2ca6e6926def6fde745ecc025dcb9
SHA1 8b270854ee1fb7ed82d3f712b685bf3c602c3cf1
SHA256 a1a572c43aba1f4b1d43d3cc7269ea360767c14519515ea0b452291e8c9ab07d
SHA512 8427ebbebb1127f1ad8310182ee91445f74ddb1253b4bb2974909ce61d5dd12ca7c4600d76a4f68413c06c08fb934ca6e94f26968ace637669a2d2cb8593d4bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b3187eafb59da54bee24bce81fab2c91
SHA1 df47c29abc407e3344e76055f0a6f8f91be648dd
SHA256 da060acb95cb8749e851aec5c918825e54952019b190862ab66c1ab8d0ebbb38
SHA512 8e2b306bebe81bc626499e6d787cb1195a81f3cd68dff45ed6fd418f9e94a78a7b6622a3bd72cf141dbb6082d4b2157970f8cac3805813722b985d928b303c04

memory/3800-1864-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1891-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7f2b020430faac22512c321849199214
SHA1 fc7eb4049829127d56988cd5697e122ac7092b41
SHA256 9081cfc2dc33fe991ebf8d47c35f8cbc6c18de5399e7acc9be299553c6f2419d
SHA512 2ae2199ad6821173ee434557230673f3bf9fcea9c1ef392e4bd994641ce46ac7df1e10498c657186d85fd1e1730aee9baca648cdc4ab2b6769359dba0d25c43e

memory/3800-1902-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 66b04401d63fe656dee771ded93487ea
SHA1 c088bc90dccb42258c2b512f223022e406e3a70b
SHA256 a504147ad9f4ec7c530798281d5abfa67b9636887ff522f41c6d5a76d60a39b0
SHA512 63977114fa5362c734b8ea0dc8efbd49b7ed6bacbd3029379afa2d97c65dab95d87c0bd0b1311f42b51811a5747161443c153a00b72e4085cec71ed46b8465c8

memory/3800-1917-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/3800-1922-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0ce2c05c9080fb2cc2c7a024697a6f3b
SHA1 202d530a668791c128e1e1784bacf2efad7df6ad
SHA256 69e8cf8feb929401b3f9ea9582c4226bcabd6dd938aa8a1fd62406b4883f6d41
SHA512 b2f35ccbab31c108a43bc5a7055e5950e246a2d431d57e593d06d32430b87a7cad28e4d6fb1e2c79cf8ba9e8d2cebdc110fb0e0749e2cb97f2b54f918fd92415

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\23440

MD5 525df70ea9ca3538fe81432b4e94ff99
SHA1 6c3dc9fe4ba75256160905d558e75f6e5fec573d
SHA256 e589afeb0f942ad9d19700ddcbdaa463213ba8115a4b85f31631a92074bb3492
SHA512 2f11d7f3050751e3b06339906ad584999673d52272c96dc34c7d1433ccd442c1e9f09fc3a78b95d6a333eafaec6b0d2fe1fe1cb2669f4f857e9128795cfe6d5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\31353

MD5 7fc8a0cbafd4bcdf7937d3ab5facf009
SHA1 edf6bef75100aed54cc572e387fdd53f15bdd192
SHA256 cd2a6715df94ed4d3b4d2bd8a78df38f9e4a64af54f59a0654d825bb086ef042
SHA512 05039454e78c9cce6954ac5b26fcc72cfd6150c022632837c701d9a99847ed1427fc095ea4c247e17984a5350ad63e1a653784f192897bf55ea0d3fb890aa72d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\18290

MD5 b32272a86a3b6f0c3eeb1e70ca95d48a
SHA1 82236ab95fac8ca524c9a228f9731a73b13d54eb
SHA256 f3508e1d1b5e8f2a1e21cb65c299ed0b0c2bdf191996c419bc2af6e9f78e3a0c
SHA512 55b2bb6245c77b27fe8821bac12bd8cc08e105c93cdade3c8eb920c3b3a0b1b031f5be8b0cc5f9e4eaa1765f585ede3d15a336a09662d8927eff4b139c928f65

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\4779

MD5 b58554094a36c224cc322a24ea7aad0a
SHA1 36edf27aae0dbf51c669dc9b9365c64250da6cfa
SHA256 ad0ea4342f09b3b103830edf3400be2c63ba263c7079dc718ed6ca5f3ea93643
SHA512 0edcfbc5654f028cdc7a8380001337b18ce57b1ae1f7ab8f86eea55b36292cfbaeab0c0da98f3eba3facfe73e63531d345989c7ef55d773f88aa197bda5ddd2a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\17617

MD5 99f95ae124111f2f1dc0916835f69cf1
SHA1 093a645e713022c51346848d8736efd279c3900e
SHA256 b9a3d7f42464ea618ac1b4dcad047b3c5a9311eaa0cca83573bf19256f55431f
SHA512 06a7ed797961371861f8b95003e00ea48618a3c7cb993457f045096b4cccbe5eb5e7def6354deb818178c74ada6944752a6b2660b79c2f85b10c28b130a88e74

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\11198

MD5 b0c90784fa2ec880aea08da0b72ae2ad
SHA1 d974787f83777123186bd0ea97ff87ca09bbf33c
SHA256 7ef0eb4ce47dd07b09ae1a37f8a14cc3710ef99583f3c75dde04f7b91c6da667
SHA512 84915b07b29384b966f59516b3c0cb93f283f4afc584b1d7112bd0cd25cab24ea0f06bb998cc5272efbf76a3c8ffed8f643b7af66db232b13145c0b5702b08ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\4609

MD5 45d228c39b312535035bf1934daf9d61
SHA1 a2d40b5dffd6dd0a8d93b7d44e1fa4d63308cd93
SHA256 a7b8ab7cf85db2161c379c8e8c559dba9abe75f9244a5c42db5b82591ade483f
SHA512 e6508e013a9ea4b3c1d4b8f8ab42ff2844b27600a9703bf5c350da063ce93080e47b54c2a9ae53b77ded3c69f3c012a710143fcb4913dd9903cdd151d4ef6d47

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\4106

MD5 c9ce840af80295bf8938081cfb36648f
SHA1 64750d705901780791f4858a45ee49343e15a5cf
SHA256 c3b1ec54c158e3d96908e443719e236c009179a1f8cffc5611b88d28d087264b
SHA512 cfb6383801cafc204fc28a3800c8d892ef1cb94eb175cefdb16f7c73b0ec5c302456fe14f5462bdf34a9c3f208aa923f9e5a9fef4bdf34c13d180ff9ae782c08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\21792

MD5 5f0434ad177744a82ac185686c59f8cd
SHA1 434d862f5ca7fd693508cf3bc596319ca98668ec
SHA256 77dfa5bd495e53c8aa54d089b10cbfa549f3d71db03ce22aa16c9241f08c1333
SHA512 756d55e1c4c47afc98c9cca90013144803568f92887adfc989dba4c9fa800da8716e6dd754212988d4ee1d8ae76458488cd4346e42963c7d3626f7cef48083af

memory/3800-2123-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f9373590517a60f194ba111b4b316926
SHA1 c93be2ac1159030d0e2b8de733ba9adb8b3b5385
SHA256 9b349881236e58ec4877b8a1a009b1d2ac0e37b8be047f967ffb2638538d89a3
SHA512 9d493a131b9cf9e52aa3a112f40a2d95c97e4bf4f35e713efbfef4d99c440d8c061733527ca37f1d96a3954e90fe29432592734a3f6898ed20f761a6557ab318

memory/3800-2154-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

MD5 d18831b03b23050dfffbfccb4d8097cd
SHA1 6a100540bad95c98beed4c90e577260c1dc46f52
SHA256 03910475a8c8f52d4e546eb5f9749f0af3c4771176f208db4b6c5122d65ee925
SHA512 65212ee7bbc11956635090283bceb28f0f9e51e8349b19f98ba4d2327ce53a56ed6e5bae0de6d38d62219598222b271257fe8fd2d1373d88e07fdd2fe32ed364

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\28277

MD5 ba4b8d851c85c8ff79f34d28f1f6ccb8
SHA1 4360b69e6ce427fb1adf021862b24329cf09d34b
SHA256 d627cc515a1e5b7ef5af37a3c96372e9ff2cf244828746468cf4ec2c8fd6a0a7
SHA512 17ce7402228561aed1500e4df65f14cf150924368bee58efb33283e4e8312a89dedeb965f9f07db8cafa27297fa1ad1fef883f7acb1a868dbe898919f2943be8

memory/3800-2204-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7a6a16745d42ffc2c0d4698370152340
SHA1 780fd641fc6989c5fdb0b6716d16cf33ef16b5ef
SHA256 7cac802a7d1d73982bb0014f06dd0ea8e6fbdc9bcd1444c475bc0959d567322b
SHA512 21a6963f782ae09701f48967a0b305263588517390032ace00bfb2a7d771c0c01eef923f2ad6833d0f4b04fba740f806cbb4488d60fce545c97afca0ca0343ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\31604

MD5 328281a5414e8acebafc0fec19fcec17
SHA1 ad76b716d383b026f7ba7ad6bcd4894de1eafc49
SHA256 bcdb053d847a33a200eee2eda88505dfdae6cdf78824e67134a9fd1e31a7d45b
SHA512 6a1bd7b1a46043ab860d09abd60b9ddeda6b4ceb7b26bb1f98af2a4323197c487672e7e4f90d5bd1b3ae3bc85d463fba3f79fddaf8689f82c75b09cf4a0ad028

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\7410

MD5 7d4115d6864acf674b4c3311316b1fb1
SHA1 5ca871d97cb5d05f221eee618a8f651289b99b4c
SHA256 07c368796a6b34686ec229e28e7b9dfcf7e83e9074165e7047b1140aa3c1df9d
SHA512 72fc2bd2292af468dd4597b3d22d0668dc447045b3622c5e715cedc87fd70229edee1193841a558b5550e6f6832730ecf7832a8d902c4f720b705fcb9cbc5e11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\21045

MD5 6212d7d6b70e6eb0d8dee3b2d15c06c5
SHA1 259823dfed01bde6bfd44b1fc5ea4c0f4f49c31a
SHA256 afa4f1b322bddaafef8cb69cf049a4bbad7cb4d9971d01ab957d51c63570ab2b
SHA512 5716e0d866805458c700b4f9923add9bd8334fe210b8a4d37ba601d1b4df946720dfcf67f84a12f11b65031c05d9e119cdb809792b187e11d8017924bb9e18b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\CD266DEAC2A9A59C41FE9D8838D5B4D414B2712A

MD5 d77dcd46cfb41ef2d546b319b93af09c
SHA1 97bb1e0bf0132a7bdb82e780b1cfedee7e510a27
SHA256 7dc1dca6f0fb92a2dca0053726809d4b0b9243f3648ab9e7f8b0680ff8cf5497
SHA512 50e6acaaf0880ae76a66d4abde54e5a931df2814b8cb1126a7f12c5da2807f539ab43a30fd7d6b845a0222e13c064805c8819254636441f74bfca25dbadccbe7

memory/3800-2742-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0D0C8B41B123A60A76177A339C5D673D74E526C6

MD5 566ec07ab159acb88e5aeaba901ecede
SHA1 de42f135f2620bb2ff731598a3fde1aa19a5704a
SHA256 40e359c66a046093fcae1793e67462fdaf3cdba1d9ca250ba105e5ec905fff3c
SHA512 d3e592545bd08e00428de5efdde2cb4fab7a0893905036c5139b0f804856d64bebcdaba4693749f4f2d4fbb813097d8f370ef32a58b850a268d39ca52c3e0eb5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\28178

MD5 f833b7b06530181ff0d27222afd39cc5
SHA1 e3a73ba3a0969808fa0beba157c6b6a4b6e99091
SHA256 87e061a786eda4b22616a5b5649c93ccafee93cf0aebf0a9e975eab94ad27d58
SHA512 ba8e685929a7523372cd6ceb0ee93fa31e96d79851e0a3d5d5a1420ada86c38c49d23125c1ad3550a54c0cfa204e07ff82773faddc03ccaaaa955647bb278529

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\A876C8AF86717633E6E46572013B957E820A5E24

MD5 012f5621e25961312afd62871f467cac
SHA1 9062804ebe7a4a31154090a9ed4006722d08174e
SHA256 7a72f976628df3da5f8d134b1d8dcbde7babc5bb100c0bd3df0bdd36b4e074e9
SHA512 fa442119f8b982e050f0fa0f8a5c1de63338d590f2f40480510c6d6f2fac3f564fb189ffee0e668fcc4ade4399bb77b792746dc007362cd42600577117b573f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1953

MD5 e9ce2fee475818cbaf2580dc25142be8
SHA1 d781212d4a7dd9a6110facaaa32d6c68cf5db997
SHA256 685375d51dc00c14531ed1e485244447aee733c2b7237fbc5c4b00ae2837c0eb
SHA512 93d61612e4a45ed55e93bb3b60fb48be370e8f030dda4f9d80ca67df4fa9921b8da7eed40fa9fcc40c1d0ef9c2fb81565c1222f6b3943d91a594be85803d2d3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\14915

MD5 8b1189b2b619ce056d9eed6bfa7d8027
SHA1 40f7d9d0d497ce3a1e1f9f97aed413c7c391ca63
SHA256 3fdb5ff7bfade64ba88d2b630a815625e1c8816f2ba43bca28babc85176640e9
SHA512 c034e3972ae802c0b334948652cd59154d5adeca38a0dab21caeedf4e0d6e26004e8ab5bdd4b264666e242dadfd5d211e16c7b5763de58a7c29f134517737050

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\21109

MD5 9bbad02d5fadc20eb6b0a9262c4097ea
SHA1 e017f4056f03b9d536ec07f4e9f363b60c9c6734
SHA256 67cc1abeff6511ef64315521ada738b0f844541c4d8b2dc4c08a442c83403bb8
SHA512 a5a1ab3a0744e3dabfa5b676505b764054a4bad5674cfaa3affda9e86d7e76589ac2eb0814e9bec264aa74aff310fb7fe389f8e4bdaef5a626dbcf2530839183

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\21334

MD5 0c1a6a7188d64f0018a6245206cc6457
SHA1 c6b8b1b30a5ecbdef6aa1d382d23be32a2156371
SHA256 4739b0ebb1b4292d784695aafae152d76e69a30cc4006e350f5717cbb8d0d7ee
SHA512 ba5946d7b232fa432f9ad40f4fc865f6f49177ff5bdea0ff4194a5deac610ec9c4aba1b13750a590e36ae82a8c1205970cdd3db61676fe05037977d5b3de9ba0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\8271

MD5 eeea6afe38ea7774b5d0ce2a7eef00c9
SHA1 d988c09b8e4ffaf0b57b539f29120fecdc1366a9
SHA256 dc665e5488d8b061dafb7d7776b4cb7a02dab4b91a3ac472a229e5d31ef5b3ec
SHA512 aa1e348a4da2b00c75cedfa060c3549cff012884d874eb373d3aa8917ffb44de64f8ef8b1d2be08cb689fae2dc8c7e1e36c30fc548fd47861d8baaa92eeb7ac1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\27155

MD5 8a69176ab5f7254be6be889b17a836a2
SHA1 6f2bbe83d433bfcc04761e095ffd8e5231fca8aa
SHA256 00fb28df0f6709cfa211cbaa3b6e5dade611e8e8c321fd1df047ba2b10c48c1d
SHA512 1f8ac8f8d49d2a1eb6d06d62add970ce0e344cfbd1e317c6f29c989f6ee7070d6a1a8a54b6e8e84c1241a3e64a8e0fc6cee264fcc327286ad0d7a3666a905871

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\5230

MD5 053c674d6794948bd96a6e22b2404620
SHA1 c8d12e9bf79a4d8bb371013cf59ef3b5ddb65cb7
SHA256 747cb2ebe00dbfa8b08ee4430c42b65db5ea5688b7e59ab2ed02906d862c5ecd
SHA512 9f03350ed78143852f7b316b0fef46d4bedd08b2abe877fdbb7b79eb8afe787b776bfdaf7e5972a129098ac499a84502e61615112f40f76e40f831a8eee261a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1964

MD5 e94cd1876e87094f3861f432a3dfc8c5
SHA1 20e3fdaba1e879bfa72b635378e87147c3a833aa
SHA256 58f298b32cc526b2d7fe69768f28fdebf2524552c2bdd6d716bc2a6ed9c13816
SHA512 10bb06222ecbfbbf4b2c3ac66f51185b47e700024d1de91dc4ad72c8c235ee593e95396f0dd01707d8d7c7884356d6988ee705aaaf36f00f13bfab0a53c20e98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\5118

MD5 4516bbafe4ecc331597ea23c2a359411
SHA1 854ab7f598b3b9b814b37973d73126f3b13b4fbb
SHA256 0f43437d71419b9803787a76eb0a80ee458949032593fdedca66c973f9d85334
SHA512 79fe55290072d370a7670d95e51333b5d75492fb0ddd877446f4231997ed834597da85f6c70fd4871ae288c1ecb37a3ecad853b5e3d9d2ef584dfe13eece9cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\27652

MD5 1b16743fd2b1495216ae70918ee6945d
SHA1 817dc08e9119802769a4c51018c99e20cafbe1ae
SHA256 3a001c7ccbc94c41ed88bcef8fc3ba282c61f0ca23a8f4b028a3ed2d0751e9c3
SHA512 d9926f783170af675f6fcf845b61153ec4065e54a3003fee61aa9d3c003701f4366cb10a76bcf238e2c6a5421db3a7fc4c42eb551c51d0c3e5a0f4e70d298dbb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\854

MD5 b5294d58f737a12331b983cf40f4529d
SHA1 8da6548530307addf9b5fee09787d3c23cb7b824
SHA256 189965d194b3afb4d27f6e335cf65eabe9ad837e081d8b18610b200411f83547
SHA512 6f5a1370047a3ab1f9f4904fc3913bf5c40b4e54eea44286c8b39496841d78f0bc229a97f620ccdc6cfd891be0c1a7674e9188881f9d07f068ff666f23388f46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\20223

MD5 3b9f9b6d8820076033653e484c21f483
SHA1 77d084eb666f6cfafb55005eaf8367bf7f5ff286
SHA256 2e899eade447aadef46276105adb8f33f099388f15cfedd9dec3242bd07c587a
SHA512 f978b6020113ab048923d537a03649105ff5e587ebf5c6c0602e936f34250a7bfb8cb6fa5961cd1410ffbbabadf9dfd32db3c6ba1bd7382df57b7f2e6e5b90bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\181

MD5 581ba44d2a30453fe01922beeb74a129
SHA1 a661a7c46e6d7acd48ba63e4e69c3a471296444f
SHA256 344646b8a0095a7c34d864716d036939f5b8c202cfe289de3d599e9971065a67
SHA512 97ee3ad03a9cbeb76f626f70cdfa76562a19920307c44d8a3202d263b4812151909eb31a89cb6a687321b4697c12de545886a2610aadf0f3994367cb45a54645

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9

MD5 5f3318c18340e1d32e6ee7df2bb41d52
SHA1 d520d9b4694db2099c5e9eb61d0363335e4d47c5
SHA256 f3ba9f1a37e8a1cde3791479bd8a3b624f9fe75765dc5178e1d3d7355612654b
SHA512 7c4cbba01b1ee3096f428e264ef012692efa13aa4f0815507897e4635238623d7d4168a97049bfc7d32582d7f71099615e5dbf6ae58bcc9a3a3bbad0487b1848

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\AA1F346A9657DFDC0470D6629859DFEEE28AB7D4

MD5 e1336adebe90f4799159f30133c06c23
SHA1 1b8f7e75af7cfaf5e3771bc769144656f01113ac
SHA256 8bc172c6d065e2da7aba4ef4e863fb8408209297bd6625eae817ccf26dc2cae3
SHA512 c734b7a142056b54f62af0bd66ba2e616d90da74068c0489751fa03a13de1562d2de0394b37f6ca5e1c5bd3b973550649b9eeae1a8f3f916d6d713d3b206ba2a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7813A80B43785AF552A3CC0062925770C8AEB1DA

MD5 275ee78130c972b71ffe922ddcc79bda
SHA1 83570444dbaad4a39709fbe7649dbb5017d58c34
SHA256 0712799adf7292026003369145aba0bcbf57f016b38414028177871813473f20
SHA512 96895384be6868c5834107afc0883f3c993a2ba1b3baf2dd6b52f9973b63a30a52e20cd316fafe7f7a99c3b54c28229b0dcdedc456727cbdaa30cdae6a70d47f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D

MD5 b8c5f88fda1e5fe46b2facad56ac09ca
SHA1 792663ffb19864ecff462ddae11ea54936828cb0
SHA256 0668f0c0724e534eea247c5157cd9984c6a4fc49198ec59bfa26615d1097b40b
SHA512 2efa0e872cf0f765d4111db047586f99d55ceb778aefa4bd45740d1425a758da5643d4394390e3dc280c196b89e8e3b2458c69f57efe568ea45ccc1c34b9026b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565

MD5 2e5e3c26acaf89dc5cde1006be45d055
SHA1 98eaafa2b6d4c24e0e359e2a5a26a2dc2d4c426f
SHA256 acb8582d6c5929b19c898ca7f6b9e8f794c27e57c4e88484abae4007240b2d98
SHA512 28cb5f76343e6547d66e1b35d459b7d79ecbffe85c8e1a74a9fac54a8226f3886806e81552c0f4aa013719d2cc27804849e47a1b2d7b53373cf15151e16983c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\3CC64668187C540A26A18501F41B51C0CD662225

MD5 a9ed41a67a2ff4a0959c3cd03e74ad98
SHA1 5a96c96a511b6970f642f138d553346a076015a1
SHA256 e2b017da151d3671a35ec899577f2d42b097d4ce921b9c593ee0d360a66df0ec
SHA512 0255db008db3656ce49b673ef3e6a98eea472726ae65e47592c3e63aaedfcc3d6e13a921a5a1a9c7ec719dc61078fca5190eb4120665f5661c753aafab96dc55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9B652E5D4286B393D5A4026D505B06DED703EF99

MD5 4ae6d4da5ec7d7612a02c01be1acb707
SHA1 c7501a0f11929f709c5a7d8cfe33bccd14fbe7d8
SHA256 ce17bfc6db20ecffdb14d764d7d794e03dc842db51091b386862d5724e13e987
SHA512 e0fc5b02a229e06247f0bb143d3317322f64ee3c175c1337dcc06f9e0ebfc5328f9ecbc62724b47a9df74780ad6f778412e99cce79573ee0c84ec0c4f7d98eaa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\71BE13A736F7D4BDD8764170A171AA654BF9264E

MD5 229646246922c4650d61b3d708946be0
SHA1 f9a29bc155565fa5fb25ad29c659e15db3079767
SHA256 6dc1e43cb6bb81fc27ea6ab786c618c970766e5f29561f5497be4cb23b53d05c
SHA512 9461560cae5a7b3885d44f1eb9c3e9d89cfca25067893a189331f8a003bfcd917ab62e84e6019fc83fff49197d1d166da359ce6a6a77566a64a59ff67fee1cb3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

MD5 46c56c21e919685989cbf4463baf3f6f
SHA1 c03b28da6b1a05f15ada8b517fb27037808e3e2d
SHA256 60997df1debc3c3cb288376bd17a7b54b7902d949fb5c5a2feed3111a5978ac4
SHA512 aee4ff48d6836563a0503b0baa44900f16bd86cde509b0ec630e59875409424a014db3fd66b49ccb52dab4d5006b7138f4d56e22f4eb816b41b9ea438a9e23e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7505C2B294EFEF808B30D034AFB6A215F17E6F38

MD5 968994b23854662299f5821f4c483d9f
SHA1 cc0fc3c5efea37eb9a164a28c7cce6978d9a4b15
SHA256 ff374f1b36bb96576a8ef3b8d6ef6d1442697994436a02e374a39035fb3f04ed
SHA512 1a3f44f94ce6de769ceeef8b87ff216ffa658013e02060f0b7923b7181d542cbeffb4453cb741b08aa2df8edfce08f1d8327e5223932d02ef720a07c3192c3e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\28147

MD5 38edc84544d519357bb259e93b7a7e16
SHA1 6752846a49ba79dcbe1c5eeb2e24648e52c37a58
SHA256 00d44cec67b5ccbcee0d791eac61a3094b049769dec3ee2f983da8216954a1c0
SHA512 ca6ba5ca55556e27521bf0e2d0c1cd468a28c14df4548d593b3c77d16efeb01b8da3216905050085b1d2baf7433f2c382ac4f38a986d0ed5eda8610e5bea84ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\CF5FBA70D7243048D4F0F4EAE7DB9D1742EB1D64

MD5 dea198332d82ec50b4457aa173c99458
SHA1 53c6258fbde26680763666cd205348621bcf1373
SHA256 5c12c1f3902540f9605fdc7283621babab5f3b9991bad759b5d5439786869628
SHA512 707bc0af22baa7db8ad05886d5d9727038e623e0a788cf4dc0869fc144ea87233c1b94f6e45f003aee025678c0a0337c1093baaa9c61ec317a01e688a5be7afa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C8346BE2A3CB54E99C43B824ABAC5F037264A4D4

MD5 e29850b4c2f18f029741b9017f5f2796
SHA1 e5fbe30c343646651d85b0675bd9c0d3512616b4
SHA256 589df9351f3faa2636ee4e444e850d65dfcf4674d5577205b8e3f6a97b58802d
SHA512 a319eb5865acdb24444c0385ef963c6be9ef78d054dcd3b6f5366fe51fd8630d5547de13e3b81b5d00a7db96a5e0c60400610186c05f53937c3978a517a20a2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\2241F205D64ECA1B98C5FF7640EE620A715AC9D3

MD5 cc1bb98647ec642dc8b85b6802484916
SHA1 7d671cf75b3059965251463d1216bb027b4085d7
SHA256 14f32f591bbdc2b69b36cdda694215d838ed9c19db2f520af960de9b6f73c980
SHA512 95f152bcd310d338cfbc4f14a75ede78ef66d3363da8353281c9214dd6e74e287253b438e43ba0eabb70a39c4d0f752a654403256d587f35cbe8c9edfaa74795

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\B5141334764A8AEF9D288548CE29C471E602A16A

MD5 702e7a32c3df20fcc2a529135969cd7c
SHA1 27dec1a4e84a2fc3567973b462d8e5dcd5a94daa
SHA256 68199a5ddd0c6eaea1aee842fea6ed318c868bc77453e8111beca37f404fbdd6
SHA512 1d9e99069befe64923d0d139ea97b906c7ff34a6698f466931986548ebe7d9721647bb37344918406e69df37c2aebc779ae3f95be45df5112ed56d444270510e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6C3E98A33DC9184060AAD2B595620A00C6B0F8DA

MD5 92c68c168a5bd2ffb0525c260de8f0d9
SHA1 10b1a722ecd94ca3de7fe6e0e396a9e744a81490
SHA256 b0ab6d361cbeb92c646b50a68763c8bcdd9a0912a838f6d859b812f7f3413d52
SHA512 35c0e6eed12e5659ffa7252c0c14076d38ef9194615224ad1e79017937217637b56f1ea0cf01dd663ba88a79589c745816a1082148dfb2bbdd27a9ec0ba33d23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\E1E5F90C5D42E8AAF6267CF5C1D4F4D7211B2A50

MD5 a18a679ff23518492106008383924d83
SHA1 7a52a7a1f98c74de66870a0b1cd60ca5b4f0d1fb
SHA256 b0b909e1e3425b5bb7f4abcf0102ae5e523c68c750f45bfd4240874f360825f1
SHA512 8aa6db29bed9d75b88b6dc088ef37d4df95ecd3e35de38f8818bb7b81dd698c5a91a2d5bc52ab000bab5163a4b7dc70818095f2ab8f334552dccc6137c09f1c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

MD5 560e27d571b1c7c399b8fbc124742357
SHA1 a10a3d4e049b4a50e7d91228f0b7586f38dff816
SHA256 6048e09461512e720a9aadcd3c2c11836d8e9dff646173469426a00c8dd7f196
SHA512 459421ada04756ab9a8c0dbd0a649a157b4ac7e8ccb78229171454041db4e2bb67309b1824df97230a12ee1aa3caa35ae6df024b840ad7b27471640a3178e3df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\8B7287CA6C1FA675E9D1A953060967D1E282BF10

MD5 46494bd26646ef10d9316926ea889850
SHA1 1cae13911ec466fd3f1628ec036619a5d35419b0
SHA256 b7c21c5892cdedaae7a65e33e3ad2a8ccc9a6f76e4cf48ec484f8d909a4a6d8b
SHA512 2328def2246b05085c54af99c46639660356b940dec798a2e120cc3d0224ed3176f92ee266fcb1fee19c97e083ba0014e596cd4e2e1b99b57baa473fedc6a943

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9

MD5 86fb256c55309f11fb56a4d31898a0fa
SHA1 5c67af27c5561b7f3232d7107b067f18ebcee7a2
SHA256 76b0fc816ed74197e2203282b5d07223a0b1d6bf42432872c3eecf729fcbec60
SHA512 6e3a0871817d1e0f3ad4ded23a646a5a2003681762b72f5d20a50770725af02be2457222175045c124310d107be6f3cc5ffd47d5ba2ba5027f4b3e01671ec74b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

MD5 af83f685d42895db75be1104c92de001
SHA1 31711362a60c0fb62b2d1d92a87345bc3268c00f
SHA256 026c569b4f54dc6b89d766eb0b476b739ffc3269db672d85cd71abea71ca586f
SHA512 7fa9b49f26a982f69863c2a226bf09fa3c8beb017f4fb6e8856df4cccb3ca3e8e8e6cbee879c6ac1862ae43f3bc4f059867e73fd3da5b04f8b9b471d122b79a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\22715

MD5 10440adc934224da5a39cd5b0b3c35fb
SHA1 d2fb4ac1d9bd80168edb0483b6a337cf63910e3b
SHA256 cb5ab0b5f0315547cbe1ed216bf1b818246f41fa3cef53eadc4b6b7f6f8d7442
SHA512 5544d5abb36e727877e2abd3b37c0fc6e2b0c48e03faa8b2438b26577c5d47fa597a227aac262569a0cba42eca916e7bfecb1b8abe0cf6dfc7ac54fef9940a8c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6B995C7CA46FC5BA0EFF9F15DA86A8CAE4C276DF

MD5 8ab643a0acc53c84eb1f9d309a9b759a
SHA1 d4a9ff1d30f6cc97bf5c0430bba7a3d24b36513a
SHA256 31ebfcd41a3d8ab22317c5d81486ba5b4468e36f29d75be1a6790528c3ab104c
SHA512 ac26141a4ae446b1e737f6b2e586a224ef3bff3dbf4c1ebfb91abf6d6e5413fae4e47421e290d65f869fe330ef419592f91b8785067778e4d172490ca4540bbf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\11993EA3BF3D355927605B079BF182BDF694A9FC

MD5 843246b555ca2e06cb480afe5a24b32c
SHA1 971ddedb3eb0a7d6c7137765f5de3dba477001ab
SHA256 02fd2bbbd747642f5b58268e893f3418fe7046e8c895c605996e383d6ff356a4
SHA512 60d3b308144b6d9efec53281c1dc10c1f4c5bea456a927ae6b62f0d85f5de79a19deddc5b7af8b2aa07107200d157419e2bebaf5d603f14f6bb39e80168a96eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\4019

MD5 15cb0571bff868873af711cd505aafb5
SHA1 cafbc7add7f85a45e6c204b92d7d5071a3dd08c4
SHA256 9009707fe931368fb39012697522396935af938ad82e276b0dd571b7c2e41474
SHA512 2f5b3bfc5b691248429778ef3db5a800ccf4a21e818af781ec6228eeb0da193a604f64bceceb5653cfc3283ef983aacfcf4530cb876f47e517b8e4fcd1ab7fc7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\574CA2D1FC75772817A27B20A0F129C386A0113D

MD5 9f75cb101481ab417b9063aa86616246
SHA1 d0ef0a79f66852b9c8e51e24218314fa53a96e80
SHA256 afd5ab95000520466e060f546d95836dfbbc027c47d0b0f8af3654f7c8382e2f
SHA512 f869a49fd0cbb0873bd341f84842073cfb50a0a94e7b409ba7cbd955545571ebe00fd3165d2dbac17b775a8c8845065649180540e71f529ef60f7ca11da156e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B

MD5 33a44db2040c55097d4016c591b1e58d
SHA1 46972e234cd9c7d372a90e9c130cc4a0c0a7ee41
SHA256 3d33980aab7c2535ce1fef8f0630c0f55972e7c024dd8656f4baa075c1519a39
SHA512 12c51d5c936271e1f14967e5e9d9a2685bc5d114ac8d2a069b7abc3bc79da2b7436bf3b000b82605666be48b6d07b9aa40f23432749bfd43e7e15e75e62b2b9e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5759696408CC362AAD43661B4E32560E15A7872C

MD5 28e4a7bf8a308df3cfa70771e46f7a54
SHA1 3f27c1979dcc23a577eb5fa6dd15beb07a31f2d3
SHA256 a6fd2c619a6d107126cb425be5d3cfd242a1fa147793096b6db24dd3e54f1f14
SHA512 f3ffbb45e653920685ff19a1c896d382c6ca4eb7202b39f41a727d5fabd8163baf532f7b6c778c9aa26555a8a9c5f52062725311466a72d7fba93d3015e80a94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\522337E965BAE0D93049A98760C05212D1B6213B

MD5 d95d58b98144cc33f48932cc8598c0ea
SHA1 5bd2e2e2defa20341ea5895b2484753c8618cec4
SHA256 2c435100762f793d77f16b408565ed6ca6cb32fa32b5919f866dde891fab43a8
SHA512 f891d00f54416e3090973548db5bf1d22fa62bddf2ab60c25725e26fc011edddfebec1a3f5d32735211c748743515396c23aa7b6ee54a7cdad97c7089eead068

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

MD5 91ed0162d594febc7ffc7e335facf764
SHA1 631561e7b8d941f38d4276b1d64a92121cc2abd2
SHA256 e08badfb257a431581c952e921cd931f2672f52215e7aebe149b0b0ac46e3035
SHA512 bf31030143a6bf542cb208e50c898c90fb80c4864c3d2c3904060520d7b471e50fb41ad7b796392b98e5090714e4bf034e870453e193ffdc560a741880cf0f56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

MD5 ab182d03db8927e2fa929bcb2392390f
SHA1 730d13247db841c93b2613c0fcf92376bb0bb75a
SHA256 4e9ffd118486b7b3260a6a18b6b49ea9c85da29a1fa0a90b61956cd1f71029ae
SHA512 7067caddf39faffc1ab551a95b306c66b6d057ccd676466227a137eba57c5f53fbb34fd57d5cf688e1bef190e777ffd83e73bf57bbe57ccb1cf3013b21d85deb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\E049536DEABDF445A5A39B7D6289FDA9A6F2C5AF

MD5 81e5561b8ecab76bcc4841b7208a8680
SHA1 96fbb966cadd3ea118d2998d94548a75c0135532
SHA256 bab7f87787e1714ca8718ebeae3cc99cf098e7280371cb4ff80289ee4a143820
SHA512 17999de058a055fd893df0ca9ac8987ad68787f4830835503fef71244fdd5fb98dabc37b5cd5665e668b19dd38ad0787ad9031788379f0531aefd44404e9b292

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257

MD5 76852e58769dc6f7a426d50a27774df1
SHA1 3737a0fa121b7c7f51b471604815218b5648c575
SHA256 811f48d0ba9ff1aa57c1456e7aae1c7e8675f758fb4079c845c209052561c5e8
SHA512 fcfde24db418eb3e9ed29f93f2ab66561e42e5719d35566208bb147214c40b7d95caee4fe4576eea316012dec2a7f854da304fc7c8969df617d737e945e8d337

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54

MD5 23269c45681479ef4eb7894d3baf7da7
SHA1 d92f1619fe7cda4d7d4bc0587874d37becf2aebe
SHA256 3427cf19d3d8b76e28c67e89544991957440dea805776cf6983c56609cf69501
SHA512 4d62dd7c46c06dac5e35d247ffe2bf4e545f8dcebc24701a8d356943c0263eefe35fb55f2cd7a4c705513196ff70f4e11c45a55c866eb8a4ac58b6936412344c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF

MD5 5b0d0cf3bc271b03ccb163780f7eda40
SHA1 1df1bd7bdcf7db3c7b0656b3ae5ba672083da6ba
SHA256 453059128fac96a72cba660372824636704576bb9e59638bae35415207092d9f
SHA512 95dde57348e33ce691f701c2b54e900325515ac8ec790b4c8846ff95353e0da5606ea41cfbc9b917248f007bdbd1b8c01aa1c33e858d2f6ab46e69bd082d6a0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

MD5 f1acf0e663b534257d92a4fc50a09c62
SHA1 f865f81462c86156ae03828a36f3f0bf26b4e55d
SHA256 f26a469e923a9a4771f670f064143f4e5e712acaee80839124920bfa15bc3d4a
SHA512 556f8cdb0fedf24c897a8a098708d675c2b6ac3419e29948d2e439135642ba8b454b5650e0a4ba5ebee8b92e9447be2e4663f486ff0077c19e8367ab3d61ca28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

MD5 bcab97366e247143e48318e253623db0
SHA1 2eec4a8b9a3e69e84a245a646cafafb4e23ac224
SHA256 09825b3e1a679f43bf62f35b440b815cfdfbe37a35e563e5261bca6adb2b2bd5
SHA512 a6fc389cc289cc4ef2fb8083344f2793fe2319ad9d9781c029b72b3246fc232ce306329e8bb6a6be6026f5b16f12c66bd1e9c5f44711c77f3ec338cee46adf59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 058ad5d90c056fecb30794a33f66c8f3
SHA1 1808bffa1706258adb52aa3bc68a59ee52c44fe5
SHA256 17468c3dd997867b84b9bf4e5ab5ee493b41ece7032d5955488060ae9d71ee7a
SHA512 d26fea37dd941b338bc227a1c1398ad3dc36cc12aa09c86aafe3ab565c3cf0b7b939333b4ffa2ed918b6ef4525016982c2898929af472295470faf3547602f7d

memory/3800-3219-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\Downloads\RobloxPlayerInstaller.8pgUYN8n.exe.part

MD5 df391e6f03138fc43f1c2baf50c42cf3
SHA1 c726515f16a8f143a223b1f0f9e421bf5314d5bd
SHA256 8c995f34102ecddf8762017b02a100cada74b0a8aec869be8030b04ab33d7c48
SHA512 f172c0183b091df7be17c448eade77f23b54d8ede7db6eb356c5d80ea31810d1daa2463a8c6d8de08adb5c3bee84bb64255ce73d9682316f0132d9eba29a2c80

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 84e67989f7ccd11c2b7db38f3d3443b8
SHA1 c3e821de715aa7508b3273de16c9156014d81922
SHA256 5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
SHA512 d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 d6ec3ffe6c3b16f94d459947f56cab5f
SHA1 f6a05ce1e412ac4273ad362ab9ff8c314bb80747
SHA256 87eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9
SHA512 9a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484

memory/3800-3269-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 31813873a4d255d30c541511b8b81910
SHA1 a64056cd0a0b4e6ee8e4043ea55760f4bc1f1e92
SHA256 fb8bf35bb69702b1aef95b12f937e5a542c31e0d932ce0402b4944c7a6968121
SHA512 b1f43d58aec86ed070a8e8ce2df8ef565a7d6b4d774d880a57b592872ce9dd9db4927825abb7f0e577b55fd99c6c18bd283bb877d55d62c6f8b966494e69bf9d

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d711fadf1919a05ac8eccb48c397156c

MD5 d711fadf1919a05ac8eccb48c397156c
SHA1 d316ed33dda1b7170d56e086e53d280854f301ec
SHA256 b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834
SHA512 dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282

memory/3800-3329-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_gu.dll

MD5 f9646357cf6ce93d7ba9cfb3fa362928
SHA1 a072cc350ea8ea6d8a01af335691057132b04025
SHA256 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150
SHA512 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_id.dll

MD5 03d4c35b188204f62fc1c46320e80802
SHA1 07efb737c8b072f71b3892b807df8c895b20868c
SHA256 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95
SHA512 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_hu.dll

MD5 f4976c580ba37fc9079693ebf5234fea
SHA1 7326d2aa8f6109084728323d44a7fb975fc1ed3f
SHA256 b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791
SHA512 e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_hr.dll

MD5 0b475965c311203bf3a592be2f5d5e00
SHA1 b5ff1957c0903a93737666dee0920b1043ddaf70
SHA256 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0
SHA512 bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_hi.dll

MD5 34cbaeb5ec7984362a3dabe5c14a08ec
SHA1 d88ec7ac1997b7355e81226444ec4740b69670d7
SHA256 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9
SHA512 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUC2C9.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 9d5f3cc4e8d0b4796db5a83f43d4b12d
SHA1 d91e33f7cc1ec7078c70624c66ff08b67274aadc
SHA256 ad831430db17921cbd30c725b3a62fa54f4b5dc556023b582ed8b3e1da198309
SHA512 7b76220c9388cd8ff516a37e97397ec5ab91bc65645790067344858e7b8466433d1e62e7960a0f795afdb24bd831daa6b83aa8b4c95f8535604608b1bab95f11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.roblox.com\ls\usage

MD5 d86997ca76ba3fff285a8051b845f186
SHA1 b39d8ac5df91f5b01ccf838a74962b37f3faa965
SHA256 d7ff87ecd68be187e0cf132ba492ddeffac0ddf101c079da0860f19748c4195e
SHA512 3fe398a10490b1e16625215ebbb01195d61e52de05e22292ae3edc292042f2a2b24d3b858c4c6e7ae92bc11ad0851603e607205cf095ae8ef7eba7322752d099

memory/3800-3554-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5296-3556-0x0000000000330000-0x0000000000365000-memory.dmp

memory/5296-3557-0x0000000072E70000-0x0000000073080000-memory.dmp

memory/5220-3559-0x0000000072E70000-0x0000000073080000-memory.dmp

memory/5308-3560-0x0000000072E70000-0x0000000073080000-memory.dmp

memory/3800-3569-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5308-3577-0x0000000072E70000-0x0000000073080000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 e3b46ca16843e516a074d2140515edbc
SHA1 8b499dfff051881927a96fca8af0fc3545fd7f41
SHA256 6ff01c3da9de80e98e2d667250778957c8128c243b069d330a747ca26b8952b3
SHA512 33f9f4eafd5c4895bb944e66b516969237451542245dcc92831dab15c37da0ba526a5f7ff4cef0f63bb1867ce7ec4749a2d0867562f6c41a789f383e514ea076

memory/3800-3605-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5308-3614-0x0000000072E70000-0x0000000073080000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exe

MD5 d42926508ba6626be0143a2aa5275ba9
SHA1 ca2b45426611211dcd47fe66c9255ab81b843943
SHA256 9595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a
SHA512 53aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2

memory/3800-3633-0x0000000180000000-0x0000000180B19000-memory.dmp

memory/5296-3640-0x0000000072E70000-0x0000000073080000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 840bc5e733d03a52b91a1febd362c316
SHA1 3d8bf270bbaba3857da605edf5787104206116d6
SHA256 c7c795ab72133f52aca5799aba970d525a094bae71497c98696af6c34ec411da
SHA512 750516e85ee65e9ec005e4e95e31d3d175eaee21e2c810b7274ba343443637ff31097c50f96ccd6b5c45575c9dc7395e0e2af1918b8cabfefd061077a5f0dbdd

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

memory/3800-3723-0x0000000180000000-0x0000000180B19000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2767c60a7340ae04ce663ca854d27e97
SHA1 e52d7fc57df942e9bb2575a1ebac8352b54c4e57
SHA256 23399acd0c7219bf5bbee5235698ea1efecb2b7586b1321e2e60a90d99ebd85a
SHA512 7e647f4d847d5061e637e0d401f3e17417bf2a2eb747d62beaab2d6d188317f7460d90d2f125b588b48c2c9a9d6fe0b268e2592aab5faa3a65cc30fbf7c8ca23

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ccf0621acb37bc1f893fd6e66106eb43
SHA1 10b21390dfc981020565316dfcc39bb101bdd827
SHA256 625616473fb367c08c8e55b963f72ef351c4b633d26bc1898e3f7145e198eded
SHA512 7c31067a160857c40687625e8c2781bd126059e9b70b5f92efb9c209344e5ee417b5b256a04f6a2657b84650f17205f91701b6c045e131234f10240652db0180

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\26067

MD5 c07739c71ddf2c365a1a5a80ecbab3fc
SHA1 c715fd8ff8f43b18e952224c6a3186a97f28cf85
SHA256 e051115642486de58299481dce4828d1c32d7e9d52c834fc0233915c6f38a51e
SHA512 a96bc938d0dc6c7600df4916e1c9f08069c5ff686b68ab0557078eea4b6588972bad3d105ace84555e6256c622b8e448784363e1f58161d1e3668005c0c3f0aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

MD5 c204cbda8a994eb8a8be1b6e392e10be
SHA1 cf3e922e6075358ebde5aaff5af8a693df67c6c1
SHA256 fd6350769240ebd36f337bca7993e4d84f0f60d5dc1feaca059e2c6ea3c45db1
SHA512 ff65e8eeeffa42931ecfdc4c6f3e1206e3920c517b0ffd8c06469b94718898a6c1717dddf5651516474efc143887d9673ed468fdad93776924331e3ee269708a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 5290d765c8487590b48f92124fc1f230
SHA1 0ea6b1c73f3f241f95ea2ca3d355545e14f4c9f9
SHA256 826ac05a9fe426194e18262a1364e8c7c7672fd2900533af35adb567923778d1
SHA512 53e9e274252dab62d266a4e332a0ba1df9d52aa308fb2781660b140a028c85bc9a7e42ab99c39c38abe7cab79595a74990d2e3265ef8be060b3b284960963904

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

MD5 a9ad77a4111f44c157a1a37bb29fd2b9
SHA1 f1348bcbc950532ac2b48b18acd91533f3ac0be2
SHA256 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889
SHA512 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898