Malware Analysis Report

2025-01-19 04:29

Sample ID 240805-eayebswclq
Target http://roblox.com
Tags
credential_access defense_evasion discovery evasion persistence privilege_escalation stealer trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file http://roblox.com was found to be: Likely malicious.

Malicious Activity Summary

credential_access defense_evasion discovery evasion persistence privilege_escalation stealer trojan

Credentials from Password Stores: Credentials from Web Browsers

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

Checks system information in the registry

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Modifies registry class

Modifies Internet Explorer settings

NTFS ADS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-05 03:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-05 03:44

Reported

2024-08-05 04:36

Platform

win10-20240404-en

Max time kernel

465s

Max time network

467s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://roblox.com"

Signatures

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar mask-90x90.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\MaterialManager\Delete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\RoactStudioWidgets\toggle_off_dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\fonts\Kalam-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\StudioSharedUI\preview_clear.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\VR\toggle2D.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\icons\ic-pin.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Chat\ToggleChatDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\fonts\families\Bangers.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\ErrorPrompt\PrimaryButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Scroll\scroll-middle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\VoiceChat\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\MaterialGenerator\Materials\Glacier.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\PlayStationController\ButtonR1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\TerrainTools\icon_regions_copy.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\xboxLSDirectional.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Scroll\scroll-top.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\DesignSystem\ButtonR1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\fonts\Bangers-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\configs\PerformanceConfigs\rofiler.js C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\AnimationEditor\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\AvatarEditorImages\circle_gray4.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\AnimationEditor\RoundedBorder.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\DeveloperFramework\Votes\rating_up_white.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_3x_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\PlayStationController\Thumbstick2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\DeveloperInspector\Close.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\StudioSharedUI\radio_selected_disabled_dot_dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\RoundedRect8px.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\DesignSystem\ButtonR3.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\graphic\gr-mask-game-icon-48x48.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick1Horizontal.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\avatar\compositing\CompositExtraSlot0.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\avatar\compositing\CompositShirtTemplate.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\AvatarEditorImages\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_2.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\TerrainTools\mtrl_cobblestone_2022.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\PlatformContent\pc\textures\brdfLUT.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\InGameMenu\GenericController.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaDiscussions\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\fonts\HWYGOTH.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\particles\SquareParticle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_19.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\AvatarExperience\CenterPoint.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\sky\noise.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ManageCollaborators\FriendIcon_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\content\models\AssetImporter\bonePreviewMesh.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1448 wrote to memory of 2740 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 5056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 5056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2740 wrote to memory of 5056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://roblox.com"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://roblox.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.0.2074517961\1181989071" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3a9e27-ce0a-419b-b017-82619d29c418} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 1776 1adf04db158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.1.1613202300\806468095" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a541ad8a-0f4a-4276-b2fd-b2de46a04897} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 2152 1adeffe6258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.2.599598958\122908078" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {310679da-fb92-40eb-a96f-c7784a6ac29b} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 3024 1adf0460658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.3.337234017\1998858334" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2a2780-afeb-4cef-9501-7996da65c9a4} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 3584 1adf52d1b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.4.1096768180\2138538423" -childID 3 -isForBrowser -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aaebe51-f9bc-4472-bf79-b04c2ceb6694} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 4752 1adf6807058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.5.1235817728\1496379273" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a830d71-1d6d-48d1-8e43-8f986e407f0c} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 4900 1adf6891958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.6.1495688258\1626294694" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0aa82e5-f1ad-45ed-9076-0d6e2bc0b0b6} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 5084 1adf6890458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.7.576045320\1920098643" -childID 6 -isForBrowser -prefsHandle 3036 -prefMapHandle 5392 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d31d9aaf-d88d-40a5-835d-c605191e87ee} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 3048 1adf0461858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.8.195225327\1056747493" -childID 7 -isForBrowser -prefsHandle 4844 -prefMapHandle 4540 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf629714-8c4e-487e-96f0-d4442b809068} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 4808 1adf6891358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.9.1001481000\97372790" -childID 8 -isForBrowser -prefsHandle 5044 -prefMapHandle 4996 -prefsLen 27781 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd7c95f4-f93b-4d90-a49b-d4486837961f} 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 4500 1adf53dcf58 tab

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OURENzE5MjMtQTQ5RC00OUU0LTlERTMtMTI3RUM2REFENUMwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNEI1Q0NFRi1ENEQwLTRDNEMtQUVBNy00RDVBMTc5Q0U5MTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzA1OTgzNTkzIiBpbnN0YWxsX3RpbWVfbXM9IjM0MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{9DD71923-A49D-49E4-9DE3-127EC6DAD5C0}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OURENzE5MjMtQTQ5RC00OUU0LTlERTMtMTI3RUM2REFENUMwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMUI3QzBGRC01RjU3LTQyQjktQkRCNy1GMUNFMDFFRUY3NUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMwODkyOTQ2OSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.0.1458653001\1845300499" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20d6c5cb-3749-4f81-8f59-34dfd07f9231} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 1724 23d90df1658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.1.1361523883\375207643" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1900 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e3846cf-9146-4492-b35b-0c40b0e85486} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 1916 23d90c3e558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.2.1600905317\2123339606" -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 23735 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00866e28-6b27-4fa3-93cf-c4687e05e721} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 3248 23d95e65258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.3.580731645\1142477575" -childID 2 -isForBrowser -prefsHandle 2828 -prefMapHandle 3592 -prefsLen 23842 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a309e18-fda3-4570-bd04-bb7a4429a6b0} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 3488 23dfd371658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.4.390740328\1230984482" -childID 3 -isForBrowser -prefsHandle 3568 -prefMapHandle 3932 -prefsLen 24924 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d8ba6ed-988e-4cba-8279-0591cb4d43e8} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 3448 23d96cf7f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.5.496060212\406919333" -parentBuildID 20221007134813 -prefsHandle 4284 -prefMapHandle 4272 -prefsLen 30664 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba644938-f36c-4243-b397-571056e7dd3e} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4240 23d99554d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.6.1807841612\1638715098" -childID 4 -isForBrowser -prefsHandle 4092 -prefMapHandle 3300 -prefsLen 31973 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {718fd800-baa9-42ee-9255-6f6ea0a42147} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4656 23d973eb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.7.864303331\293855063" -childID 5 -isForBrowser -prefsHandle 4652 -prefMapHandle 2788 -prefsLen 31973 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb0dea8-ce50-46ac-bde0-78c1bb0601bc} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5116 23d9a175258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.8.1688274390\998713251" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 31973 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d7e081-2110-4e74-8510-95dc2c4f5453} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 5232 23d9a175e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3568.9.2060150047\1148896302" -childID 7 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 31973 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b44b603-58fc-40cc-9ede-867a38eab392} 3568 "\\.\pipe\gecko-crash-server-pipe.3568" 4684 23d989b0858 tab

C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe"

C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe"

C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller(2).exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:49757 tcp
US 8.8.8.8:53 roblox.com udp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:80 roblox.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
NL 128.116.21.3:443 roblox.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.roblox.com udp
NL 128.116.21.4:443 www.roblox.com tcp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 205.86.155.35.in-addr.arpa udp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
NL 128.116.21.4:443 edge-term4-ams2.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
GB 108.138.217.65:443 static.rbxcdn.com tcp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 d2w650xp5tniea.cloudfront.net udp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 d2w650xp5tniea.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
NL 128.116.21.3:443 roblox.com udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 4.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 23.44.137.216.in-addr.arpa udp
GB 18.244.155.22:443 d2w650xp5tniea.cloudfront.net udp
US 8.8.8.8:53 65.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 22.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 89.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 locale.roblox.com udp
NL 128.116.21.4:443 locale.roblox.com tcp
NL 128.116.21.4:443 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
NL 128.116.21.4:443 locale.roblox.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 auth.roblox.com udp
NL 128.116.21.4:443 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
NL 128.116.21.4:443 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com udp
US 8.8.8.8:53 8.44.137.216.in-addr.arpa udp
N/A 127.0.0.1:49763 tcp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.49:443 csp.withgoogle.com udp
US 8.8.8.8:53 49.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.201.110:443 consent.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
NL 128.116.21.4:443 www.roblox.com udp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
NL 128.116.21.4:443 www.roblox.com tcp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
NL 128.116.21.4:443 www.roblox.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 d2w650xp5tniea.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 128.116.119.4:443 roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 108.138.217.62:443 static.rbxcdn.com tcp
GB 216.137.44.28:443 css.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 216.137.44.124:443 images.rbxcdn.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 62.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 28.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 124.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
GB 13.224.245.39:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 d19ha9ylcjiuiu.cloudfront.net udp
US 8.8.8.8:53 d19ha9ylcjiuiu.cloudfront.net udp
US 8.8.8.8:53 39.245.224.13.in-addr.arpa udp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
GB 18.165.242.119:443 clientsettingscdn.roblox.com tcp
GB 13.224.245.39:443 d19ha9ylcjiuiu.cloudfront.net tcp
N/A 127.0.0.1:51110 tcp
N/A 127.0.0.1:51114 tcp
N/A 127.0.0.1:51130 tcp
US 8.8.8.8:53 119.242.165.18.in-addr.arpa udp
GB 13.224.245.39:443 d19ha9ylcjiuiu.cloudfront.net tcp
GB 13.224.245.39:443 d19ha9ylcjiuiu.cloudfront.net tcp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.7.47.135:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 135.47.7.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:51559 tcp
N/A 127.0.0.1:51562 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 200.110.239.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 128.116.21.4:443 apis.roblox.com tcp
US 8.8.8.8:53 edge-term4-ams2.roblox.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 128.116.21.4:443 apis.roblox.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
GB 108.138.217.67:443 static.rbxcdn.com tcp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 d143j4fdqe1jki.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
GB 128.116.119.4:443 roblox.com udp
US 8.8.8.8:53 38.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 67.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 103.253.245.18.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 3.163.158.14:443 images.rbxcdn.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 128.116.21.4:443 apis.roblox.com tcp
NL 128.116.21.4:443 apis.roblox.com udp
US 3.163.158.14:443 images.rbxcdn.com tcp
US 3.163.158.14:443 images.rbxcdn.com tcp
NL 128.116.21.4:443 apis.roblox.com udp
NL 128.116.21.4:443 apis.roblox.com udp
US 8.8.8.8:53 14.158.163.3.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 d19ha9ylcjiuiu.cloudfront.net udp
GB 13.224.245.62:443 d19ha9ylcjiuiu.cloudfront.net tcp
US 8.8.8.8:53 d19ha9ylcjiuiu.cloudfront.net udp
US 8.8.8.8:53 62.245.224.13.in-addr.arpa udp
NL 128.116.21.4:443 apis.roblox.com tcp
N/A 127.0.0.1:52271 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
NL 128.116.21.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52290 tcp
NL 128.116.21.4:443 client-telemetry.roblox.com tcp
NL 128.116.21.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52320 tcp
N/A 127.0.0.1:52324 tcp
US 8.8.8.8:53 d1kpbbfl4rco16.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
NL 128.116.21.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52369 tcp
NL 128.116.21.4:443 client-telemetry.roblox.com tcp
N/A 127.0.0.1:52372 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3d580255-8f0d-488d-a3b4-c82f10927088

MD5 1ca3985e22f390106573534da5a3bcbc
SHA1 bfbb61285270b291add7ea674333ebfe03fe427f
SHA256 4c55a9bf75f6f90173f87989997bab2e3a06240ddc23719f53327de1d7ade20a
SHA512 f1ffa7a7bbeeacfa14716f912b1518786d03e2c99a918484d776c2728a628a169d68b29c246b33918f49759c547917e68b6c8af7dfaf2428d54334c6154ca4cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e4751afa-1bc3-416c-af60-46dfa0d4ee75

MD5 c063d72822ca2de932924fcf6ed297bb
SHA1 483137efa4d279130f5ca3f3093cf84c96a611f8
SHA256 c83b0f7f34f8bece646aa5f157740924db459b1e5b3ebf1e6042b7c7c3b05bbb
SHA512 db4eb69c9b6a14d1443a10a23e57d72c2bd443a2c0f0acf673c42d9589741202c5c03ee635cada9e93f50987f1ce25eb861919c44ca93784a163029299e9b10b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 1036442c3d670706f5ef582539e1076e
SHA1 80b3bb89a3b3ee63ba039d3810ffa2b815a67a0b
SHA256 5e4c846b6d43e21a292f733120f6202dbea2c80ae9c1eb81f98506f43b94b17e
SHA512 55326aee56c529fedc80a15d75bde9e64a6c72c27c9f9858c8e0b6e6686eee462e2d0216097f74e497bd14d6c5676041e6a075697f939c8d71834dbb894e383d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1fdc13de64cfdb8ba3fcd71aad9d33d3
SHA1 b7649cfd66d751435fa56a4b4b20daace452c692
SHA256 fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783
SHA512 3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 838f1b7f73f76e282598be752cfc8eca
SHA1 89475a96df1efaa9384ae1fb8271864280677d4e
SHA256 639e7d5f318310b929d1c590a6650d5d2aaaf37d16df4ae049b4e6618d7c35ff
SHA512 cf73155c7d58df8ebb0497910e9507c3588c8a5a9ae8a4ef7ff488e311cc2c3814ab3ec87e9e3663b581304b384e6070816965dff134f223a091f208be7b674f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20148

MD5 4f397e6fcdeb875ed457568ef07558d0
SHA1 cbbb7a3c6f2c98b2b0d82423687c4c31c64eb68e
SHA256 6c09fb8d3487230091efa54ba1d3e450348be807ec1a09c1b4f144d4cbf916bb
SHA512 ac0365e1d7e6241312ee1c1547819f6bcd4b85d5d44d17a41ec3b4789e1d6560404da303fbe0ea34a7cdd5cdab8d9534f2cb0e1da71091ced9be4ce2bfa81e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 5be8e99acfb23f151c9c71fc55cdf8bd
SHA1 d7119a9cfc4d01483190ce1f6bd7eff3a71c373e
SHA256 78c516cf51329d5e62434a75ffe80d33436197b08b762e23f1eb2df1647bb22a
SHA512 7e5e81de14da255d9a9088b60d7628b7c497d06519f2dd6d8f5a1366ea3cdf10c3473d64dad806d55ffb7f5ff32c6a7798dcfa168e5e5b12f0b0112d17def1d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13376

MD5 77896df52547bd4cd3a9262fbc1cba03
SHA1 2a240dc6b9ab809ec9dfd70a861eab30d7e3de30
SHA256 1d9c75fbafbcb33baa3cc5d2f8cca45560820e9e506b67a173c501001f2fef4b
SHA512 d3f8e57e688c232b1a3bd760229f1984c48a33f9b3c4c9358f6aac73f7dc0a2eb91e78a62d38249e6e533af25019ae572c334a16b9edd9ab980af915b4eb4cc0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20604

MD5 e3a837e41fc4ec217ca99494cc189960
SHA1 380b95f6cd35cda7dd5fcca7bb1251d830dc1138
SHA256 ad06666e7698dfd176cfcfc328a7b63ec40d2858c37399c0f028556f826bdd15
SHA512 971cae9003b4c230a7edcabe2220d5ee9374fc60d71af8ce150d5ca223921605d15ee6a99b370afa6d247f45a50db7551ec5aa97a2b6524b41198710c06327bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5073

MD5 c09133933cd7307975f998aea9516994
SHA1 ff2d9a54dd0e43ace9ffc86387681ad1c855ed4c
SHA256 6c312f12fe3ebf7055382f45733291ad8491e1c1e120b5495c7b25c246ffbdd1
SHA512 8bd89bd546633ac8fedf9ef9d4cf3a81bfb01c377805e374bbcca18368abf92db538b63bf90c71d2a9625dd6df225c610f2864dd68e9cc5025d16ba39f2f0d8c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9472

MD5 1cc52866d2cc6263e561accad8dfc313
SHA1 5e4e54e6fe96618524d1a71746bc1493a0710d51
SHA256 f1f9fdb2d6479a0e694cc56e46a6da8da2748b3944646183fef332f5e5ffa4f6
SHA512 77398833589795be01f067399f58377c5c23c116e931f96e8996706f9a8610e5b8f7c9635bd344af17f8f157df55eb8dd0a0265103d49ef8455265c903a72e7c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8dc436a580dd048d447c351d45678f0d
SHA1 e25c994f4d31b37435820e931c89b854447b6340
SHA256 84c51c89f1d014a75024a725add3dc082d2a65ddac07d3db79810aa5161cad4c
SHA512 11047b9d023e729f69a3a54491a03adaa6df735f250bdd5ed445093a5cc794f5f6a2bef1a928c5e4002168d95ea6b114d9256ff9cf415b527f44a6fe83e90b55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9357B92D7A82DC731CBB46EBC4F197AB314C7C11

MD5 1454a66f3f912de5ba15b227ac9d17c3
SHA1 16daa8f143c7cecf351c47a375ab6a04e10867fb
SHA256 5fe86986c418457a5a9903766d9694852f0b64b128b11c1386fb1589e39953c1
SHA512 daa2f29108cd56d49687ac30cba0c3f8cc0c0f6ef6cda047c7434065a114d6727e6c26c61891fc702c698e4a17a7b2df0fdc8ec01ec77f99c6e02d40f12074c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8009AA7615959742DB0E2C888BACB228D61FBA60

MD5 aeeb7625398ee0a56eb302cefa092e8c
SHA1 f63d99806cddbac09bd68636b3a04753336ddc10
SHA256 a18aca2bea5cf87c9a2e0d8799da16613a462593cbe3521f495f4650b070cdc0
SHA512 872fa1efd637a129e8116499a63d49a7780228729cf54adaa69fabdc338cf1fbe28f3ed2e4903185323687fc43ea5fa0851867c79ad1d0b25d5e1d3d65cab579

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 0de35e88128dcb36abfd7dc9d4d6d902
SHA1 9753ad1e6d10937c07a103697ff94de00e97f4e7
SHA256 1e0f3b66b064c62e9826f9dc7b4fba6e37d9c357549638bd6ad6deab9f2d9c8f
SHA512 678998ad98a6c2d086334eb30ec9573da71f8b1dac9dc541bf650725e4396bb70cb94c97528983fd939385f27019d1ca9fb1a74f4ec487898b407dd9e407105b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a864c006a859518e49542a71bc1a154b
SHA1 feb2ac96a2055eb7cdcad231071dd8ce717d4466
SHA256 7eab59554043152c12675359b05bdde51053b04d049a9e1b619ff46a15bb57b5
SHA512 507f30f276029eeb8adbd7778d1561b35b8778595677114282b1fd99c3e23a2e753a40c5a163e3524065fa7f18a1ae2685d2f8706bb99dffe9fdb453c2c50cbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d4dca299d89206fdfbde5adc771ab246
SHA1 08121e41bd5d38fd065b4cb1bc75fbfe426ce90d
SHA256 65b089059d1e80d4cfddffeffd6269b71dce4b877c17d4a98f4c188bc9d47a59
SHA512 644ce2015437c5903831407e06608ae612de3d766c0b6e280f0a6680cc75172c7167490849c8514b8b13c6b1e90c1ddfbbab09e074a6001885ededaafdfb57d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com\ls\usage

MD5 0fcc9ca45becfcb1c35ee12471dd7efc
SHA1 caeeb53d8599a54963f63697b92f4a280aab1422
SHA256 1aacce17ed04ab8a3e30fcf89612ac917351e9153af50efddca91c21eacd5444
SHA512 72e234b6522991bc93edf9cdee6e08d91bb4f11f8ea1d9cc06a780aa61161253b32bc07db746e56e911f1dfaef4cf14b95f2132ae4bbea2275be6c9b5ff97853

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13549

MD5 b0bab8a161bc95aa26c0b775d59032c9
SHA1 3512c0d6966ec0a36e7d06d8b28259845e727cf6
SHA256 5bc6b86eb3e71995e2f15c69bd765b6126e5b26c2ac53bc7f0ecf9d8dc4020c5
SHA512 c841c183d0bebc5e01c5d0c62e1297b2ed7226888b6aa0109e5cf33d3c80a138d1441d8cdc6485035b1f95b83ec8bf37814f5f44c74316d447119d29119251ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\268c511b-2368-4c3f-8593-7f3822bd4770

MD5 beb52ac8c0de11b1f3cd76bf8def65f8
SHA1 624f2e54f9a3a55e3ef226b6070b0381ec2b2b8f
SHA256 364361e10b3136bd38d04b9bc37858f2df952fdf34590958acba7cec533351bd
SHA512 897f37cb5b4eebd815b9d7b3f412922471c92ef85ddf0a69a764da31b80eb0a6b0e97e99bbe27ca4ce7c94c90a9f74f176a0d77887c6ab66a66703d9214574d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\442ac43b-b361-4862-8c89-0fb66e903785

MD5 7826694d5bd4d8e056897bdc4ffd19e4
SHA1 eae4612be7caa89b661bd23439165bc031955ae7
SHA256 4b7900399037c4fff6f25ca8690885aac600762beba4af817298f8a61121cd2e
SHA512 8cc090a3ffcad6861ffeffc772c81edd6bbe3e2bbc8f212778aca2a4d87c1ba0da82a8f5b1b88291ba61867154252860fb3bd6f32c952101ee1cc48a958ea1bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 810c2850a5a811b42c2310d603c1ddd8
SHA1 2059b1a086e77ca02b647df0182a71ad1fb501df
SHA256 02fb3f9cc4f291ee1ac416b3a5088efad291268ee709717dd18a43008b98f443
SHA512 25b38b877ab8c15799da56e570f4857c31e98e633ec29b70222c1f51316f74f22af9695bb57cb60c09fde6d1584bf0db87dc8e6a79fa10781df007e020521202

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 197f211b2bd9b26c1ff94e78d149ca24
SHA1 e095ba6284f528507b8829e16915fbc5d444a29b
SHA256 bfe420e7d04905b84afb26003cd70e71f2576b04c7dfce6b53003d4202581a90
SHA512 5057438711060637fb9c77dce94493f8bc32d78ca96e1de31a05b2068c2bd123ccfcb1cd997fbcbb3ec5288b20fe498a8c34e01da9f3c550a94568d9ba345589

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 f7e122b98f81e86ef35331784c618424
SHA1 0152b7a32d2f099236459f122cbbe7b0aa976de6
SHA256 bde3e68e19855edaf77d304578594240d62425e9f0c413dacb135c48fb5bcba1
SHA512 700bf664ad1c100a5114a2cbecb1a6706297078bc9c7eef2261cd7bd51018183566a3a5a07626af4263acf882247f84e151a5a19cd951719ef020f3b2e7b011f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 d10c2070d9025aad4ff7a6e8f0e7171c
SHA1 4e43e2a1d4d380c0341fbc9e13ee6dd14bdece9f
SHA256 7493dfa8ae458442da3e37963e8b5d3bbf13b03155042ac2285488ba4f42f84f
SHA512 3bae81c3e8806ad575b726ecd8b6ab8aac9bfcc1e836db7916e597024b6c5d8976a281b69cf0dd68814890679d0945f110b2affba207cb2b2efd8358e646e35e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

MD5 b614818d7c73029f1042428cab6acd5f
SHA1 5a1fc61f97c3a58cbcf99680077ff12c7134fe50
SHA256 88ed0bb660d822edc5bdf66682207175a5f47e0c2ca60d5323479aa8b8346244
SHA512 e9899ad9270384a6ea7f742b229bcc60fa04864006968b8ed1d8f773acdc80d06844166019ef39e8261621acd33f3f1f49ceb064aa27f54276c9df05273f0c43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7533

MD5 d3558ed0d3289cf17f9af9bf615c2a2c
SHA1 ede66e1edb83b60bd28ed584ef7bdc74c5b79261
SHA256 20e7a3ad58e672322d322267030d265ec238860bb0949efcba3c9730f9f21e54
SHA512 1d4dbb4b541c5dafe170e9ae5c1eebde5115acdd2f79581c18dca05736d6321d40f3e1ca5408c2ca8701373284df9f18be69218c72419c0f900c2e04a045533e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20484

MD5 548204fccd87c117dbb4f23c1b7effec
SHA1 f81aff2d87497fd1920506edee3058a1668bfb16
SHA256 13dad35a8e69435633566ed60e6031cfb53a1a3d1cf53eb4c589d3e1ef2e5453
SHA512 2966cc568a8f6687d19aba6b48cb252dcfc62db296b68e82d96ca3abeb92bb84dc085428d4d654d1233fa2c700c05d89c1dc6ac94c50166f1a5d12fa2a996be8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16096

MD5 bd3d2cf9a0eace6db0c994a0b6c18e42
SHA1 cf271db44eb28f71e823c8eb9565553940ae27de
SHA256 301128963078164f947c4c47084e363f4f508c518acac2301178608026a409f6
SHA512 e6f3f61289a19daf351fd4c5d1960a42640333bc72d3e7a92841a9e3267019af0f2b32b68d1d5a33d44494600924ad63720840b1d840a1156bc9d9644d2f2d98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 634cc2cd6b74a9db7715abbe8bc5a7a7
SHA1 07ae325ec8fa19a71b2b1e24d9dfb674f5bcdeb8
SHA256 e3e10a2f7db7f24b4515bf229b0e517f4bd264dc4a7d4037ac500036f596b8d9
SHA512 53f6791911a1a72af56c9056380a1395d3d192971a3e9d81a4cb16b28d1b376f7d6ca44247e96da90cc51e63c4d6707c5c320d04e83b68b23b2fb63758316761

C:\Users\Admin\Downloads\RobloxPlayerInstaller.-LqrygQ5.exe.part

MD5 6f5c5fa2641ef7beaca5a2e3dbb3a213
SHA1 676481964f72b0eccb4771d0da1fc4612e7055af
SHA256 f73603f3acb76ac200096d6a491b59cc934ffbab324d66f073d3e39c0d6a16ed
SHA512 c63f7894cb4ff744867c8d283c35c1cbff7ab55ab50853026ad14a729c35bcc880b91d4997962e83c558f91e7a71d9bf55a3c21966e92b346dbc7e61d13c2730

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 6399cb94a0d00b72ffb53432cb26c891
SHA1 d18c3616da0c6807771c0d7e501e811a9f2e7ded
SHA256 fec985e0648a7d41c434c8fed666139090f7bb5df85939da743a1f8859765811
SHA512 5f06f6e235c1e1c68255cf34fa22713ddd8a8667d9584ba316358c785801a0d9ca68a93ff2c2b20d55bca5c0502a2edaa2a06a8f45fec2292b880725f8ee5097

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 24591f85e9569269a3b822d0da2e0626
SHA1 62641ade4943b93983b4e59ffd6ee4dcbd77c17e
SHA256 d29bcf294dd77568fd173adac8c705d991482d645127baccb7efca20f560a5a2
SHA512 d0bfe43ece2c598a12fe7d3f2cd12e0685b639aec0fc7a1bbdf0829b886c22208e4236500d8e6540d7faef1514769b87bbdc666602c5548649e50aa61f2077de

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\4f09eefc418c08f275c2fa3f4b8d4dcf

MD5 4f09eefc418c08f275c2fa3f4b8d4dcf
SHA1 1eabecb044e73dcfbf5326ab4fae00afdd22312e
SHA256 e9d623c447b1a1f3a279efbc835ce8e8ac396d85e3700b20c5c5ba6a0cdfab06
SHA512 d5515e3621ed19861eac2683b1409c0e34174920551058562dfa1fc009ec9973567a4109afe75577b960d42f1e876ea9cdcd09354c0d9ec48789767d534c6671

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5edb0fe58b4ec4afeb1a472cdf5a664c
SHA1 075b1593e0e0c67f13e534c9643deaed650a33fc
SHA256 4611310e7114b5de9b4279162f3403d554ba8d4c7556f3b59091e98cf43bca9c
SHA512 3944dd45bea386286dbe445b7edc09ada702eac7525c83e11e8720f8491fd19283254321b800fde5824b1f91eb7ae97ade5481f74949a526168b3330fb827114

C:\Program Files (x86)\Roblox\Versions\version-01a570a3cd0a46f2\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_hi.dll

MD5 34cbaeb5ec7984362a3dabe5c14a08ec
SHA1 d88ec7ac1997b7355e81226444ec4740b69670d7
SHA256 024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9
SHA512 008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_mi.dll

MD5 1866ddadd9397dbf01c82c73496b6bff
SHA1 b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b
SHA256 9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17
SHA512 76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_lt.dll

MD5 7071c732cf3e4b3144cf07c49d8eb44f
SHA1 3800bf304b44d9d27ac26bed6ccc899669dc3b4f
SHA256 9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6
SHA512 be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_lv.dll

MD5 30849a9c16061b9a46a66e8e7d42ff81
SHA1 2d0e86535d964acce8912c6bef3cc12346b22a6c
SHA256 b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9
SHA512 298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_lb.dll

MD5 269e84b82973e7b9ee03a5b2ef475e4d
SHA1 4021af3bfde8c52040ad4f9390eb29ae2a69104b
SHA256 c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07
SHA512 db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_lo.dll

MD5 864edbc77831a64a3e3ab972291233bb
SHA1 fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe
SHA256 aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51
SHA512 3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_kok.dll

MD5 ca3465347e57624ee2a5dd2299d4f4cd
SHA1 551a151a8d49489c90400e18c34633aa2c2b8a4b
SHA256 5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0
SHA512 a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ko.dll

MD5 cf91a1f111762d2bc01f8a002bd9544d
SHA1 db2603af55b08538a41c51fc0676bc0ed041d284
SHA256 baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75
SHA512 9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_kn.dll

MD5 60dfe673999d07f1a52716c57ba425a8
SHA1 019ce650320f90914e83010f77347351ec9958ab
SHA256 ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af
SHA512 46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_km.dll

MD5 2ea1200fdfb4fcc368cea7d0cdc32bc2
SHA1 4acb60908e6e974c9fa0f19be94cb295494ee989
SHA256 6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3
SHA512 e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_kk.dll

MD5 bcb1c5f3ef6c633e35603eade528c0f2
SHA1 84fac96d72341dc8238a0aa2b98eb7631b1eaf4e
SHA256 fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1
SHA512 ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ka.dll

MD5 3bc0d9dd2119a72a1dc705d794dc6507
SHA1 5c3947e9783b90805d4d3a305dd2d0f2b2e03461
SHA256 4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb
SHA512 8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ja.dll

MD5 b507a146eb5de3b02271106218223b93
SHA1 0f1faddb06d775bcabbe8c7d83840505e094b8d6
SHA256 5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed
SHA512 54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_it.dll

MD5 497ca0a8950ae5c8c31c46eb91819f58
SHA1 01e7e61c04de64d2df73322c22208a87d6331fc8
SHA256 abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7
SHA512 070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_iw.dll

MD5 45e971cdc476b8ea951613dbd96e8943
SHA1 8d87b4edfce31dfa4eebdcc319268e81c1e01356
SHA256 fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d
SHA512 f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_is.dll

MD5 5664c7a059ceb096d4cdaae6e2b96b8f
SHA1 bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec
SHA256 a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e
SHA512 015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_hu.dll

MD5 f4976c580ba37fc9079693ebf5234fea
SHA1 7326d2aa8f6109084728323d44a7fb975fc1ed3f
SHA256 b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791
SHA512 e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_id.dll

MD5 03d4c35b188204f62fc1c46320e80802
SHA1 07efb737c8b072f71b3892b807df8c895b20868c
SHA256 192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95
SHA512 7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_hr.dll

MD5 0b475965c311203bf3a592be2f5d5e00
SHA1 b5ff1957c0903a93737666dee0920b1043ddaf70
SHA256 65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0
SHA512 bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_gu.dll

MD5 f9646357cf6ce93d7ba9cfb3fa362928
SHA1 a072cc350ea8ea6d8a01af335691057132b04025
SHA256 838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150
SHA512 654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_gl.dll

MD5 84a1cea9a31be831155aa1e12518e446
SHA1 670f4edd4dc8df97af8925f56241375757afb3da
SHA256 e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57
SHA512 5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_gd.dll

MD5 c90f33303c5bd706776e90c12aefabee
SHA1 1965550fe34b68ea37a24c8708eef1a0d561fb11
SHA256 e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c
SHA512 b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ga.dll

MD5 3b8a5301c4cf21b439953c97bd3c441c
SHA1 8a7b48bb3d75279de5f5eb88b5a83437c9a2014a
SHA256 abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0
SHA512 068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_fr-CA.dll

MD5 b534e068001e8729faf212ad3c0da16c
SHA1 999fa33c5ea856d305cc359c18ea8e994a83f7a9
SHA256 445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511
SHA512 e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_fr.dll

MD5 64c47a66830992f0bdfd05036a290498
SHA1 88b1b8faa511ee9f4a0e944a0289db48a8680640
SHA256 a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961
SHA512 426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_fi.dll

MD5 d45f2d476ed78fa3e30f16e11c1c61ea
SHA1 8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256 acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA512 2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_fil.dll

MD5 7c66526dc65de144f3444556c3dba7b8
SHA1 6721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256 e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512 dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_eu.dll

MD5 a7e1f4f482522a647311735699bec186
SHA1 3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256 e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA512 22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_fa.dll

MD5 cbe3454843ce2f36201460e316af1404
SHA1 0883394c28cb60be8276cb690496318fcabea424
SHA256 c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512 f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_et.dll

MD5 b78cba3088ecdc571412955742ea560b
SHA1 bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256 f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA512 04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EUFAD2.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 5a2f0a84403746d1d34190bd5a874b47
SHA1 dd6c51d0aced960a4a8ddfc846d9b3efe6d1e7ea
SHA256 eebde7383ae8e82813d9d32e511dbf790431f3d57f16ee6689345e92cfc89c65
SHA512 4217fc99bc415d9d78f25751110e138304aa3913db2ac76dff65a9a85cafb963ed3c641fab53eb4a0f5f07beff48cc68561306127cbfaa831f2ff1f1b03332ce

memory/1896-1595-0x0000000000300000-0x0000000000335000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 786df2686447c3a106a519290193634a
SHA1 75d15ded0d4f62a6f0b93abdd46764d15bbee730
SHA256 028d6b436816a4121722c23bdfff1b972e20a099b8beb43f4067f2cba9a62cbe
SHA512 33278947148177cb76eccbdc6f4e90b0928cc4204f0bff6add5ee7e449ebfff7ff5dbfb3c63384bf20bd3eb4a1ba3268ba6021924b6f3e8282b2f5e29023ffd7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite-wal

MD5 ec0167aafb11929612f8d10902ceff5e
SHA1 a42c52796f684bdec140663b1e3c301e0e3cf0e8
SHA256 4d48c5da6106c71f500fd3592defc6c5220e1a7a1f15b17ee7bae0cccc2c450d
SHA512 f8be1c094e48b1e0ebc72c0b8d0247fab241eb6979ac5bfe2f8b07d995d3f4002da561802d59721c9ce8cdb82a7f68fb13ae459c2507ec22fc90ad218726343f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

MD5 ae421bd5ed0827eadcff099342ae9870
SHA1 7fb3278953a82291d51410f76ade4b46088f762c
SHA256 7668200552c9634097a6e48eabd59b2d02bdc58136fb8250508b3239868eede3
SHA512 76f6c5747b0fcf4629cedb371061b3ef37d37854c2c877aa1fc86809d00ab4b34ad140bf605d542d495e2cfc38f26cddc04c8222b55f5cbfd046ced6999a391c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite-wal

MD5 bbfd98db0b92f33ea7a017597f90213d
SHA1 d86eac466f7ce9c9250de4ecbf2f23797f373cbe
SHA256 ac5be5f442f92ac4c8aa723a3c4d609d87d35ed60b6933156a6068c29a94586a
SHA512 9181d6a3c40eb077448e39bde1e39e0333089b1d22eef0a04c337afaeed53e508e2b9ec8951db1b0bfab769c75a2e86b2d248dd5473a915baac0a43eb8967fa2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 4fa5452035bd15bebcc3f10e099ba183
SHA1 861487500d911a7fe7a83443b953ef59ff8fcdf8
SHA256 2bbf7ba44d1735d31031bf1311c9b925adc5aa5891fa6981de3033433c1d1f4b
SHA512 ca64eaf13fcb63580c3f2a093168eff75f9be23aa4595b0b4f07674b22c796550133f188cd5a80c9d6806773f71f6090cabc2aa418c111683cce01a83b5832c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 8e8dbc9f2f0aabb3fa509e40770192b1
SHA1 58155091507ca1dec79ee2b2ba47efe6d191a088
SHA256 bed8ba5400b0675659cfea3bdc6d29587d8bc9a32755f4e3b3e234672c29aac1
SHA512 a1aa406c3df591833f6eb5e496a36027421c3e57eb48b4d92b1b68334e7aac41957a0cc664e40d637527d1e3dfb3bcdc09ea1c1b2769ea892276dc49088ee420

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\xulstore.json

MD5 58e240288763218d12bf235d34e5aee2
SHA1 89135494b57f590011c09668dec3b90d2c5ee9ae
SHA256 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512 caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 d811b93017a3b4d4aa4cfc3e191d48ff
SHA1 3a5380bd54ea31f3157ceacfbb802539c6b492eb
SHA256 1600fccdb95df3a0c7bfd5919064dba2d9f05b87b0ff2959cf9d71d778568f09
SHA512 9513ec4e3e4accdfba60265b3ea1faf73dfe9b67804f16f99ee95a3ebfb56d5f8df21c112789a051a7b95ba39f0ac08fbef0049b088f088f0eb8d8704ae6c1cd

C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 c45a8a2ffb934e0be940521e1a4f6a4f
SHA1 e4580c877be9de958d5b4c0ff69be5fa0b41a9c4
SHA256 e3a9536323f1b1c2b5a00628189cece17a840a14d88f1c402fe2b84a2fa47b2e
SHA512 92e520976be333d5a3dd000cf0f666338941d88e691c79c34430fd82966660227b52a85f341f3fce165bb9e3676f0a3d39e9de467498cf6019ff13cf9527b843

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cookies.sqlite

MD5 bd790a165b18115336ca17cbe5603c3c
SHA1 1fcfb57263eeb09952ed94606964315c5c3c9711
SHA256 69b2b4db04efcf2c95fdb6d899a8dd711496498a1e9a78b00f7b7fd8f125fd2a
SHA512 603896bd6ead20a9989b90db6b53d84beae9ec93d281c4d49083d3e9b792b339599bf1d015948b1f41fa39b655a2a2bdda4f6c005d9a7be00774bd553447927c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\prefs.js

MD5 4975ad0a555ed22e5ad5aaaaf8100e86
SHA1 63ca75b845088fb227cc48f77ef940b3aafa479b
SHA256 191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33
SHA512 4b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\sessionstore.jsonlz4

MD5 b2bd55434e7f3bf7dbca88ae1f573101
SHA1 7da731aeff6998122be7a151bf1e4600ad11b3fc
SHA256 447f0e84f9a6e884a1db6b364c9e2ffe26c93507a04ae47e42b2185771449313
SHA512 6e84c425dbfe34d336c2ea22bd68f1234b95e3cad4b50defcaa227ba53f784ab5b8f5236790b7a98c9d784a69e83a396d7a8f97e832d404c5db3888d35a1e5b7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\prefs.js

MD5 9cf58290338c5b160784d8d41a13fa38
SHA1 168dff83967ccabea9c0cb9f72a680d93fcb528f
SHA256 a8c6b01b15546ddf75b64a8757595d71b8f6430d582c8023a2272003b21e1989
SHA512 7f01a15d7de0cc3e571749d3a2a3ce616444127d54daa1888cd88bb12272a6ec3e1ffaee2036500b673a0b842b1820c4c855a102e04ce279b8a4eaa289a1d39f

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

MD5 7d1d7e1db5d8d862de24415d9ec9aca4
SHA1 f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256 ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA512 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\search.json.mozlz4

MD5 41d220d4783f67d2b57beec20c135229
SHA1 6e97765e77920b6010fac2cb4abf1e3cea106541
SHA256 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512 dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\extensions.json.tmp

MD5 2535703e7d2cdc178e7be4468dd128f4
SHA1 82a3a14bea48cf15975efb83758cf8c15169b46c
SHA256 247bf1109b43af70ec53012875f5b38248ad38eb957a210ae5d3e4227d67155e
SHA512 68b1390963d538720554c09e81c2be143d1e704af1f63b7e726a204de79dfd707d80738ed6c11259c43af7455211ae8eb9070dbd58c3cdbe558fe48b796bfe16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\datareporting\glean\pending_pings\8282c7e3-dbb0-48de-84c9-331079bc3780

MD5 e23a3640a7bbd54df0d07b02575d365e
SHA1 b3d00f092b95de6a4f118fb0ee4221db067a161d
SHA256 4e8f32665982e1e70143a57a47cdf62ba546a8a228f9004085853663ec06edd0
SHA512 3f8526dc242d70651b8445f6284186d2be09f4348689282410a0729accd9ea2afb9ff71ef1989b12275c60c5cb241de88cd54d34caca1d9ca7a258af4e7529d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\datareporting\glean\pending_pings\38371001-32b4-48fe-91b0-8f22824912a8

MD5 62a9900994a40ed8abf16537d4d006be
SHA1 35983eb78f08aefa168fe3a4ce83c875a05a4242
SHA256 ac916e0c5d2eda96ccc971d5066495f58401653c1c982cfaf7c94b5f6e667026
SHA512 cafe26dacdc5aa23158ba96eb1991aa512a132054a9c14d83ebd8b9a56b926bba7cf489e93e4ae7af8b1a6bf0d53c0559abd39531fc744611e8cd3df998c35c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\datareporting\glean\db\data.safe.bin

MD5 203bbf17be9f3e89a8209a1ba8176b42
SHA1 c30b7dae5ec2fcbbd903436a2f918766c15ef674
SHA256 2cfda7bc3214d10713a8c69ab7a7074c87a34018c9d00ae9ef44df213122976f
SHA512 7c3d347d94982c3952b9e37fdf6e7d2c466f3d9532a880a32c72b54bb81dceab68808c1052e297c9bcbf435a4123ae534525ae6e118c796dfa88caaad82498e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\activity-stream.discovery_stream.json.tmp

MD5 39802985c3084829dc1a7d1ae55572d1
SHA1 a29c31df13019fc7a8e65475e2d13c733f82fcd0
SHA256 9d9108c392627c81262ea2e0cccb2e630acd2e9921f0ed59729164985ae15723
SHA512 3db8308feb873b89de94daa29849403958a9f9863e2d56b61231cb1d52aa578bcff568450f4c565b71dc45b35c9ef015a47a155a235cdfbfd0ce74e999572af3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\prefs-1.js

MD5 32919ac85fdc4b1f81a7f5e4b8f061b8
SHA1 8aa79998ba32a7af27330e062685a9b0d962924e
SHA256 c6ac7f4bcd4ace14fb1bb1a8493a6fbf09440e2cb76ec91e9c8acd2632ca6289
SHA512 0dbba518bf74fd0b26d5e2dffb119ff610414fbf4693991c315e8c26a22a9e7f34d4b569fffd47a597d02aab14a8cdd6e0c99bb958a5d672c282edb4e6b82cdd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\shield-preference-experiments.json

MD5 285cdefb3f582c224291f7a2530f3c4e
SHA1 f816c3e87aa007b6e6d31eb6a4618695a7d83439
SHA256 704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05
SHA512 8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\containers.json

MD5 94a3843fad8c45c48b0e07342df3dfdc
SHA1 d55b650208bda884d573afebd90830a3f4d7c201
SHA256 854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72
SHA512 4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\key4.db

MD5 4d6e4719c7f28330bace53c791a0d776
SHA1 68ab1b566bc5d1eb217614e6204f3d9b0e7229dd
SHA256 e5b77262375be6c89cdb76c6985cc27a20ca60c38769667dc59fa90afefc2b9c
SHA512 f3214a5bab81692bf7cb730f46623a2be6628cbba0fe4ac0354122905f5f260414b7f23cfb290e5b9c68929280d4a561dfb21ad41bde94e105203c1e60c6456a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF

MD5 2cd2bef90a18c35d707bcc26f3a0abf4
SHA1 746e30207e08fef6c2b6d8ab74179c3491f5497f
SHA256 f296db4774a131906601dd1ae9b31029835e6cdea07f21f3d39ea8f432bc46ae
SHA512 0d8b7729bebb2f217b7825def22bdb41ac9b73a9a8ffecc0112055383d589234a65ad94ea6f21eeec6543c5e27b3bead74a7c0d71d8da9012493d055944632f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\DB7A36C3E7F7DAD48CAB34787C2A7F576AAF7039

MD5 0d10e9dbe46d881329f36c19a2640dbb
SHA1 d7d073154b6d432019312fe04c2faed5b8b2913b
SHA256 c69049671258910c96db33eb7b3b9ee7a3d5e852b1270d3e40dfb3d4600fe0ce
SHA512 d63b313f544aeb265403908dc707f2941bbdad36eceea9a707dcffc7cf508a67ec2360ac3a8a2583d3c8983a66dc9188d15f8fa345d51b32e5dab25f0d0c2f60

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

MD5 b72dc2f81f3dfd2f44953a2d50283a1e
SHA1 ec71992f23a2b962a311c52322160875ca783899
SHA256 9b8579caba6a241ae64d1c5c487b9f64a88209a232c2cd322375fb93a8860208
SHA512 d49f16da70d97e42874a48dc899bacb27dc0dbb5ce8a7f0fa3cde8b862e12a60b30a33d4617fb1b7203672ea90910846068b546b280e5baebf0fa6bc4ba3013d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

MD5 3662211a7ae575b707ebf8d8c186eb5d
SHA1 1969f6d0327b3147606030e83459c555ad866d33
SHA256 05a866bdffd259474dd95c00578512b69f123e3102ae368ecf54671908772a39
SHA512 e293f283187e3d47a84d0bbc76dd54d654aed09c03432ff24cf2f44e56f76f56e9ed42209c80c56790d90de906fcdeac57d5a578f9e32510e973a43bb99b9068

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\9C29916B899C579DE3BA8409A772D155B031D381

MD5 61e648e0aa417089615902f6e7f6632e
SHA1 b0c2338f81afb0d9388e94526afebed5968c2838
SHA256 e363fae55edf291cb8132dd08ec8fa9a8bc57f862539bec4b3f06bd67a80b4a2
SHA512 a8d56610c4e79394ee3084122de42301b19541562074055c3c11098a54a48b1df35f079907bcf6b200b3ad161ab0d5a5e62d07a83190a870cf9256025418137f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

MD5 37db3372ed386f511e100949bd702efb
SHA1 4bc226589cb03bfa84704d2b162ae12a414e631a
SHA256 5b0b42d753904ad5b8e400d0e480fa75383b5cf4c8ac46122261308eb0209a98
SHA512 33a6e26c4bfcd211fc661d78364b9c7fce41c0b91c26ba3547beeb01b18e1ed7ba7e176cd3433403098fb20f83ab69902fe719701b8bc077af23fbf125b94595

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\cache2\entries\E1010D5D7482D53E10DD0E4A0C3EFC3A2E56240F

MD5 310fcc9cfcc5be5aa6addafd20f975e9
SHA1 bafd6355bd3d497843e3648107ea54af12718047
SHA256 afade789e9ea8cd9312f707b7c2620daaece628f6c2b3772be40ded1911c978a
SHA512 5cacc1813257b08a78df1d68ff9432c414a599c6e6a3662a709f60fc01fed914f22ef4debee473ab628a38506ba371ec064766de1a809d026a8ae1b3c9091c0b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\prefs-1.js

MD5 07e30def78b780fc37e98cb056436ff2
SHA1 f7aecd485b0a3f5a6a969eda736dfc056f661ba0
SHA256 3c396db3eccf90661de6ac4b577edae445847f747bc721d369723919f74e40ec
SHA512 d4390af95cc7945ddee02a87a57783b35b526c7a43793ee58041a07f47a0cc8c31c9e711e6aaf7253a82fe539c4e8041f18c2c74345be02f7548c7bb811efe34

C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).p98i_wme.exe.part

MD5 524cb8a77ebac9004cd9e37bade58011
SHA1 61869c5bde21535b4cc96bb6b3480416fb635745
SHA256 256e135c0221be0cd7eb21d2afc1054a46586dfd46374e16fa8a4297584ce578
SHA512 4a01055e4b418cb975bed8648fef2493da99a96d23b2e463d4d6adfd58fb16a778965d7b1c639716395ae426f85186898c9c6cc343b81d7c2b72ab2fb3aadc86

C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier

MD5 89d07bfe1782132bf335cbbf3c1e4e9a
SHA1 960f16380a8c2ec35649d7f5005ba6f119478548
SHA256 d7a7d810aa1a1f1e05400c4a44b059cb605ea19d80c54175166827f0a07c5a6d
SHA512 eb715a0c61119083f0a418dfbf4a31d3efb86f42eb91ab6f98e0773816aa121f2dfaa356308193d0b4520fedae3e32660ca8ba39b7b12bc307b574d3bbe2ccd6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\sessionstore-backups\recovery.jsonlz4

MD5 b81a706cad21c4d68901f5709b38f8e8
SHA1 9bf4cce638735c78232b3900f7c4a36723320981
SHA256 d234ad306ae42688b19f605cdf2da053c9f7140289282bbb5c826efc37151416
SHA512 bc1dcb9684e1c814f67cf437a414311cfe9c0ba4e10a1228bbe2c05a75d0a9ee2c823fd7cd4a769d16fa2792b8d9a69d5e2fc2007b8cff94e27c82e6a04bd680

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\sessionstore-backups\recovery.jsonlz4

MD5 13fe6dcbe60716a03d38b6c4c3616657
SHA1 b8a828bb30581904f5b38c8e114fe0161900136f
SHA256 0126f5f5876385c120d4a99a1f1b36fe30682626de85f507c7ec069b879525f4
SHA512 9e76edfbeae709058f89d66cf487a1b3e8f457431d75cd5f4edd712cdd07a09f15dcb489b9d834deb8add0586a8cc6712eb84ab81d8997188af3b06d17b13cfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47ke3i6d.default-release-1722832529659\prefs-1.js

MD5 b7bb7a66f490e7d89cc362631639bb23
SHA1 55b7a0b014b857f7132b94eb01a0a3fe84be567a
SHA256 75f918a113e2a909242a6f7231b05470ea28df321597574d453954ecf1a6dbb1
SHA512 0edce459167cdf4d008607d13cdc3c8db333226b48928c4fc1f2b287bbd9a160bb8522c2db79dbf1d00f01eb03b5674fbcc9a12e9f03188f0b984e11e7362cb9