Analysis Overview
Threat Level: Likely malicious
The file http://roblox.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Modifies registry class
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 09:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 09:14
Reported
2024-11-13 09:17
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
147s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\check_for_64bit_visual_studio_2022_runtimes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\obs-studio\data\libobs\deinterlace_linear.effect | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-websocket\locale\sv-SE.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\revert.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\trash.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\gd-GB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\cs-CZ.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-vst\locale\it-IT.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\af-ZA.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\sk-SK.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\sr-SP.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\recording-inactive.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Light\sources\windowaudio.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\af-ZA.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\ca-ES.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\obs-plugins\64bit\locales\de.pak | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\vlc-video\locale\ba-RU.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\ta-IN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\ro-RO.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\szl-PL.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\ka-GE.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\aja-output-ui\locale\si-LK.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\ug-CN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\gl-ES.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\kaa.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Light\alert.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\image-source\locale\it-IT.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\sl-SI.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\locale\en-GB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\gd-GB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Acri\checkbox_unchecked.png | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\sources\image.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\en-GB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\obs-plugins\64bit\locales\vi.pak | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\text-freetype2\locale\kaa.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\hy-AM.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\ja-JP.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\pt-PT.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\el-GR.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\rtmp-services\locale\ug-CN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-filters\locale\th-TH.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-text\locale\en-GB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\de-DE.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\obs-plugins\64bit\obs-vst.pdb | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\bin\64bit\libobs-winrt.pdb | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\aja\locale\pt-BR.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\bg-BG.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-x264\locale\si-LK.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-wasapi\locale\ar-SA.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\locale\sr-SP.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Light\checkbox_unchecked_focus.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Rachni\right_arrow.png | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\decklink\locale\mn-MN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-browser\locale\gl-ES.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\hr-HR.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-transitions\luma_wipes\barndoor-h.png | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-capture\locale\ko-KR.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\win-dshow\locale\gl-ES.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\frontend-tools\locale\ru-RU.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-studio\themes\Dark\recording-pause-inactive.svg | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\kab-KAB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\ta-IN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-ffmpeg\locale\ug-CN.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-outputs\locale\pt-PT.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| File created | C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\kab-KAB.ini | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb34246f8,0x7fffb3424708,0x7fffb3424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d164ab74-a868-4509-a740-ac88aa88027e} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b99024-de29-498a-8162-bda45b58d743} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 1332 -prefMapHandle 3056 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fff8c87d-1ef2-4dfc-b179-eb5cc8f5bbd3} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3860 -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44e1bf3e-9203-4b8a-b0d1-f142111e80d0} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4876 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a362fd-f630-4057-9105-32231c7ffa0f} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5312 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62f41bd-012a-479d-8052-17e3d3f63bbd} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 4 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23fd421b-688d-40bb-ba34-acf82e8ce477} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5664 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db03be6-7d82-4eb2-bff3-ffe30eae3566} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5920 -childID 6 -isForBrowser -prefsHandle 5264 -prefMapHandle 5600 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22c21d2f-7471-48c6-ab6e-f809f793e759} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 7 -isForBrowser -prefsHandle 6192 -prefMapHandle 6160 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {414b7541-307a-452b-8a78-64d74ced8aa6} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6428 -parentBuildID 20240401114208 -prefsHandle 6416 -prefMapHandle 6420 -prefsLen 30532 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ad723f0-4da7-401c-84b4-c3a7c93351c1} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6416 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6524 -prefMapHandle 6516 -prefsLen 30532 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7901f965-fa55-40f2-b55c-2da309670767} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6676 -childID 8 -isForBrowser -prefsHandle 6696 -prefMapHandle 6684 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b725c07-bf80-4dad-9f8b-62fcd01b2388} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6676 -childID 9 -isForBrowser -prefsHandle 6960 -prefMapHandle 7076 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f20d19f-7256-4c95-89b5-141930d24177} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7092 -childID 10 -isForBrowser -prefsHandle 7104 -prefMapHandle 1580 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce9c5ba4-f31e-499f-8fda-faa971b2144d} 5264 "\\.\pipe\gecko-crash-server-pipe.5264" tab
C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe
"C:\Users\Admin\Downloads\OBS-Studio-30.2.3-Windows-Installer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1400,16444546476484405063,9521916525188357077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\check_for_64bit_visual_studio_2022_runtimes.exe
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\check_for_64bit_visual_studio_2022_runtimes.exe
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe" /quiet /norestart
C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /quiet /norestart
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{ACCAB84A-E5D8-4ACF-973B-FE0B3D959352} {1430D439-E51D-42F8-B752-6578F5826F75} 972
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:80 | roblox.com | tcp |
| GB | 128.116.119.4:80 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| DE | 128.116.44.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | static.roblox.com | udp |
| US | 8.8.8.8:53 | 4.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| DE | 128.116.44.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 18.245.199.38:443 | css.rbxcdn.com | tcp |
| GB | 2.19.117.28:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.74:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 28.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.145.32.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:64308 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:64316 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.193.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| IN | 142.250.193.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 67.193.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| IN | 142.250.193.67:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.175.105:443 | rr4---sn-aigl6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.175.105:443 | rr4.sn-aigl6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nzk.googlevideo.com | udp |
| GB | 74.125.175.105:443 | rr4.sn-aigl6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.40:443 | rr3---sn-aigl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 40.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 74.125.105.40:443 | rr3.sn-aigl6nsd.googlevideo.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.200.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4---sn-oj5hn5-55.googlevideo.com | udp |
| NL | 74.125.8.4:443 | rr4---sn-oj5hn5-55.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-oj5hn5-55.googlevideo.com | udp |
| GB | 216.58.212.238:443 | i1.ytimg.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4.sn-oj5hn5-55.googlevideo.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 216.58.212.238:443 | i1.ytimg.com | udp |
| NL | 74.125.8.4:443 | rr4.sn-oj5hn5-55.googlevideo.com | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.213.14:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | ytimg.l.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.213.14:443 | ytimg.l.google.com | udp |
| US | 8.8.8.8:53 | ytimg.l.google.com | udp |
| GB | 172.217.16.238:443 | ytimg.l.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | obsproject.com | udp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| US | 8.8.8.8:53 | obsproject.com | udp |
| US | 8.8.8.8:53 | obsproject.com | udp |
| CA | 142.4.216.103:443 | obsproject.com | tcp |
| US | 8.8.8.8:53 | images.opencollective.com | udp |
| US | 104.26.13.145:443 | images.opencollective.com | tcp |
| US | 8.8.8.8:53 | images.opencollective.com | udp |
| US | 8.8.8.8:53 | 103.216.4.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.opencollective.com | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-alv.google-analytics.com | udp |
| US | 8.8.8.8:53 | www-alv.google-analytics.com | udp |
| US | 104.26.13.145:443 | images.opencollective.com | udp |
| US | 8.8.8.8:53 | 145.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-fastly.obsproject.com | udp |
| US | 151.101.1.91:443 | cdn-fastly.obsproject.com | tcp |
| US | 8.8.8.8:53 | dualstack.n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 151.101.1.91:443 | dualstack.n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
\??\pipe\LOCAL\crashpad_4204_APXUDRBLEQLYCSUW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 504edc05c8b833a4e3ca6ef05febfe20 |
| SHA1 | 99d04b72227444658406a61e47dcda97f816517f |
| SHA256 | fbf73383442f550b798d76ff6e47d522a31098cb727f841372bc044bc5327f1d |
| SHA512 | 8695b57395e7949c3c2d54557aa84e12afad4391efe84b22d8804459cddc8504574711a2d8090eb6b0f54ba3300a4d04a349679b4433ff9acb600e781ee36d60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 012366ae3fe04188b5d3c60927d43f08 |
| SHA1 | 839fc619ba813f4cb5153ccd672201d695d468bd |
| SHA256 | 286be7f1b07aea453e443284d44f491bacb3e924ffc07729bf4a2616b12a8bcb |
| SHA512 | 27b16df8ef4544de247a9089c3d79865e32e935653a4a1e6c63c891b5107cdca4d0ef2460f79184854568fca5289d784d2c1cfda0bcb11c926d0dc9288493e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9838db11c3f90e9e316e00d2f3bfcd0a |
| SHA1 | f129b0a9ff8ece1d28712b6d8e99f343e5c9b7c8 |
| SHA256 | bd43fce2395f20cd9b0ce47eba53aa6ec2e3de60e559bdf6846744e5be58b098 |
| SHA512 | 9c37927bbb5511890ad143afbdc6425e31d4e12550ccd31122b3d6861af7e6c854ba73ca7ecf7aee3053e20c7691c6d56cc9b0f5dc51c6ada94b8f49522d269c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 44997d5ac0a79720886acd01f129e3c2 |
| SHA1 | b8d5af50aa2074962a7cadc6daad01abf4946897 |
| SHA256 | 2fc9ccfc7ff0bab24d00679f0bca16ffa42741f1df9168df86f4110b0b75b905 |
| SHA512 | 5d7ad92ede7ce411f4818b452dbde142d331ffc1e4d1ef216e5a8179442ea83ee58a38d953a557caebb3e926ddce906599f3999890c387a3dac54f78ba7bf34f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\fddf354b-23c5-41fb-9886-e2a424b3dbb6
| MD5 | 1d80e2312250a5230241f799dbec6a4e |
| SHA1 | 7ce76819c3a72f5301ff7af873db2482de16e449 |
| SHA256 | 779cb1af5d9122c4b3c08d27d445c21654193b33ee610152c42ff0bb7b58f22c |
| SHA512 | 3f92cab8c190e2785b1e06ad9679c01227e3028dbcc7f0e7fdfa7a048da5669b94c20c0ea23f9d82acd9745dc2d98ead1db0935c2acd289931ea90e8d3e2ef0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\9e9ba8c7-9306-44a9-893a-e4e1169ccc96
| MD5 | ae7f2d247b13810e5192fc924db2ba57 |
| SHA1 | 8dc54b7af0d862d8d4f412ff0323b5633cba39a1 |
| SHA256 | 6fef2f108b7672de13aa4a33ea599284ebc0b912e00bd01adea9dbabf754c436 |
| SHA512 | bb96fccbe4c45349616f2d52492bec5eae532a3ef207503ede3aae2db83f708c2a9ed928840d58462cd8233fd626608afd0b8d5ce7e8b8f91dba99b09171b0e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\00beba67-973f-4480-8367-f441a6e49e7e
| MD5 | 658c8222e5d99420c95583aa9a3d9553 |
| SHA1 | a311bdc9e0a92190503a73aba715af629d221825 |
| SHA256 | 3b1c3a528378bfb351b12681eb9da089fa5b7ad53d0849fa54966111732a605f |
| SHA512 | d2d1f06ad80605189633cf3700aad35ee0c680ed52ac902dceddb696cf3fb1e596a2d4fe0e101595800fdc48d7fdc9dfcca1f214ebb4d0273dc87ff7c7cb6972 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | dce9d0415cd395d73786f22fa3284dab |
| SHA1 | 724315d16a89c3abfca7cb921fc6ec36f1dcf147 |
| SHA256 | f653129c782e87928f8a2aa055afa15bbd573b68f946b6748c2679661c6f5eca |
| SHA512 | 601f8b2fe2f461a51a5ce865594d1ad27849ad6adad68a5c998b21e84da5527ea25c48355c77cd661552abaf8443ac824e83f33241da82873010192fff114fe0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json
| MD5 | f0f52198d6ea13890b68d23dee47cbfe |
| SHA1 | e343237f28634aecc20dff42a348bb1718470646 |
| SHA256 | 5059697e128fd47dc0bed38a6a9d734222cabfe4f116f52cf72563201c3a2434 |
| SHA512 | 28850604bd9ca7330b1d66eab869175e967c9deb729a343af372216f9818c2be856ca1a24ab2014bc6e211c129f729df76b33d845ca3b37e005ea3c60e7e7504 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
| MD5 | 66cbc9f6018e2486fed689d8326e493a |
| SHA1 | 5e9078712b86f3ee91c2758de1f34ab30f3f6db5 |
| SHA256 | f5a5659e12da267565cccaea647dcab28a5638a70ecda504b7e77f4a291d19e2 |
| SHA512 | 1f377f248884ae6b732cbffcc4ba8958a69e6a7f5dce4016252f9e253d148468ce4015d448185ab282ef880c88f59bcd5151aaa341791d18b79476a8661dcfa1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
| MD5 | ed0d00bd054fdcd93c5948cc6a3ad64e |
| SHA1 | 0d1b1b1238fdd824ae2e9e7ce089a89168d304ca |
| SHA256 | 6bba86b56e795ed755b19be8c451f99f21426bb607d8693a64140357526ea593 |
| SHA512 | a49d9c0c91b411c6ac91d253c352b08badef2f8a93164ff732593791f8b92f29b7a24467d8e9a9666f259d6965d9c5a7047b27f2bbbfa17aa0cb39bfbdb4e15a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8cd0ed16c01ede71439ac1425b9fb2f1 |
| SHA1 | 79664898cf5505090b7314ab528f118fafe2071f |
| SHA256 | 4f92c3464697fbe658eb13bf6ba47818d7381c2e6bb6b43d0fe1874912b9cb56 |
| SHA512 | 141d9fa841d9bd80f90c4e6f1a8043b5f871383143e192d79a71f17c0acbd5d6ba3cfb6b7e7f3a04ecd3b1459bd33cccc33b8f36586d26da5da91889d9990a12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c42ee9714c32fffe596b5fcca5b80e1e |
| SHA1 | 0509bd2ce5c38ae82b9caaa898480b6ad130e111 |
| SHA256 | 48b82c00765b8f986f1f07729942a88202266e9269830fb13db1c1775d432443 |
| SHA512 | b20725bf1dd88b518cbc91380668e4cb22dfcb8692b664d2aec1c41dcccb9024da62f2fbcf7ed77d2d9743ca8774085801285cdbd0288a75bee33d5b51e3d241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5822e5.TMP
| MD5 | 94e0b3231249b64f72f0abfed11989b3 |
| SHA1 | 2cf5eb602bde81365135f53e7232d0766e64bbb3 |
| SHA256 | 7c27179481689a2a461c1a0e2437c192a733cbc074f068549882850ad95f3a5b |
| SHA512 | 5c9d75b8538bd7efc40b2a8345debbda67bc940c635020156055315aa2a75a62d39abcee5cd21b0a98539997eb10709d186059cc7fc45717b36f9268e2cc57c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
| MD5 | d11c7fc0e97055cac9f28801b5440a8b |
| SHA1 | cc37f09e01d901f566c539f4639adda5414c13e7 |
| SHA256 | eb06d407de9a95bd0486acb7f452483d87514ea9ceeee3ac18a8fb35936691d2 |
| SHA512 | bbc338523a3b6e1f1695d1197bfa490b10c52f97559b0b62f95751141d273597e5777042c0bb166bd65f65f037ed68d1977d01a685062a85e82b0173b70d1842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a59af78f2958f2231247017cd36135c |
| SHA1 | 6ee520ebba55ebec48477330504951443be02f55 |
| SHA256 | 7fbcd19f4aed8385a16f813853a80d5e3e9ed0c6af514f381d20ff9f30171f80 |
| SHA512 | b4ed37d5aeaa834ceb55946149a232c1d6026f832a9cd2b4d47ab2e32ef59b9c7dc4f1f3fd96164ffa20bf3f3eb523eb986d576408a691c5cfa0d155b734e2f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 19e6b803fd907c364206df4a411bcaa5 |
| SHA1 | d1e56109a59f892d812b5b9cd32a525a21f2eda1 |
| SHA256 | 2c9e3e9e18ee68d2cb03fae762760330996b9bbf218680c4f2dd4bde93d52381 |
| SHA512 | c218ca71b148cc3d4945597fe69fe5f9ed86825ad471c6872bebcd5361e900f3d71a0bae32fbed37a90e6281cf4f74c075a040b468eec14d0cdbd8bbe8b08a5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0349992cf42d99f3209562186049fd52 |
| SHA1 | 2f4f9b3ab12eac4f62412d2faad4e50a3149321f |
| SHA256 | e270207941ab6c3df0d005c3272d57301d81b16a8797bf50961712bcbbd6dca3 |
| SHA512 | 4e868e666ee1cc7162699fd34147edf45e3a2d654ff1ae3531f6f434a30cce3b4565a123a5f9c553cc9e49a583d6ebb388dd7f8c52cf31e12231cd599d81ce3d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
| MD5 | 0d987e5d4d4f9cf7b06ddd4f7942a983 |
| SHA1 | 7dadf35ea236a7185e0c28c68bca042d5002b269 |
| SHA256 | b90eb9661c735df9b0978c2b6904fb053cb6888faa3d9e3f1f790d67b017ca35 |
| SHA512 | 1fec85a2bda422d9daf11fda0ec85fb13b1b483aba84484b34349824b94aa27a455060afdf312d0ce6d97ab5e84d5a7e66e56fd02c19508841f0e0df16c3835c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
| MD5 | 5434d8666a1526de0552902c11be860c |
| SHA1 | b683ecc59519afc2865277c6ecd20adb0feed312 |
| SHA256 | f024751d28d81c701457854de223337e23402a118c962fa7c8c5f208da21745b |
| SHA512 | 65cdb9683ace72a9f0ecea402186ef123bdb03c1438fa088cac066d39eec9f70f55d1146add81b8b520d215b31caf3ea0681d5e44a27835c4813114caae126f7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d1cc0336af61fbda37125eb0f9bf91c0 |
| SHA1 | 0ed58d0c835a00f7458c069ca564a44f1978a4a8 |
| SHA256 | 5d1c78950199b176972960f83f254a7a32c29612be157612ef576a20583d865b |
| SHA512 | ab8117e4e05e56c54d46cdc9e6f6b2352a5a2c9dc0142f6a6a8abf8fcdf90090e45a5976f724970c9fc9a92392f11487b72e087ce61a43b4c6f995a299f65ab8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bdff528ae12a1ebc8fef6a619d45a463 |
| SHA1 | d2b766303f095c1fed6881a540b6ab800c5a88ab |
| SHA256 | b88a04e130a461c8329b48a4ca5c345013980c35800f0809037f347b2aa59632 |
| SHA512 | a48d5ca74c89e639d2f6c142935f5ae326d18fa0b06919106b9c8a6feaf790ed1725a65310fc16c0f07436dc5413cc49f1ab237291ea3396a75ac3b2ef921636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 18f3ac529ed34d951dcf3d93212bfab1 |
| SHA1 | f07051d9dfc9e6a33420e54ddb0fe291b536c463 |
| SHA256 | 4b8cb15e859db9dec342aaca13029cfb02d360e65b2a4a94c6bfa3541b508e36 |
| SHA512 | 0e2fe456c12d558bfb17a27f24d20aecf3daa6f3b21b8f4661e387bd5dead03bb12615823e98e2b8227cc0231807f256ac78cf8b40b28cf01c338ff7900976bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite
| MD5 | 939aee770b1f2452caadd8764a074ba2 |
| SHA1 | 55f8f9e6ea13570ebb74341f2999ee901db32408 |
| SHA256 | f89507558771f838a010884fd7981112b15bddd4c0db4747314ea544c974c37b |
| SHA512 | 95ae11ba6b5879ddce310626433c4e98d06732e187a88c0a26fc5e2e0738aab6a70f9bc4c801f55dff5089fd1a5b42a11af8c97b6a127b671c6366149f79c601 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | 9236c0e3bef5b3bc3be07f1ef29cbfab |
| SHA1 | fc840aa6970cdd72057de976d302ab419449dd9f |
| SHA256 | 6aa9feb800951142f442f4dd621a943f8ec16799d01b79ba078c48810cd564e7 |
| SHA512 | 1530844a77fa42c3f0754327591f98e0c1cae4e6a112c32987dfa68b79f943d8d0d854ca18d94e5b8694a50e5a66373a9f49c62726a5d88807d0c5cc9a0c79b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\A28956283C96A06AB1F311D446882AA1B37CFEA8
| MD5 | 21d7163ce8224c70a6c93658d3f81d1c |
| SHA1 | 7ec21fdab474a94cabb7c8777de92f6e2f167fff |
| SHA256 | f8a2e5d5ab80ba0cc3f74cb33de667d504865b79772bb592e6383bb1d884c880 |
| SHA512 | d2a2ab11af6ae4714ad861576f1475ac9b8d6e5b326daa7da207178a040e71534acd32e5db087e793a852277da671e5b83073cb776104ff5144041a6a8ea64c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\E997951B63F7AE96DC51949D6F6D3F51CDACA903
| MD5 | 8e02c6becc7b2ccbc3a2683405ca178a |
| SHA1 | 2461517a1545fa0834f18bbe5b627d5670cfbf2b |
| SHA256 | ae726346098290a835246dd6a286acd43236136ba66ec858fc958f0043f3bc98 |
| SHA512 | 3a0b1e79bcdb72261a3df8655a6ae43a04fd034fc6787e127a121bfeb628ff51510d89da26008a507a600ec54035a1d7d983c845b747938f173b19a16628c56a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c024d7a1cfac8e52cbbdec43bfd0f982 |
| SHA1 | 7e286b97a609fd98dbc7579efd3f50d8be95b4d4 |
| SHA256 | cfa67b321e21c3f25c556f7e7118ab36623cab7bd0df9343898e4cdbfb0f2199 |
| SHA512 | 19df12f9e17f209e23d044d017ee2b3d5f06441057b924412d6eeb68666b21b0a25dc02675e3db7ab5c49234ac6f3314246d8057493aaaa8826e4c4d4db962f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9731ac8a47460d12877a3f8031fea968 |
| SHA1 | 310160eae994db3a9a46ac5739ea82b0cf30ff16 |
| SHA256 | fc83f3eebdd938c5102fff8c63ea49b2957d27c69b7738a107eb9ece09e233a2 |
| SHA512 | 36afab1adf3d9bf31f92e2437387d3b25f0fe9af92b6f3d3ffb825af21f4815821ec83ec8c1c8954286dc82c2cf2846085ae2cee502d721a4b2190ae4abff6e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09d1f899afc6974380e8165fce5f4395 |
| SHA1 | f476a9bb6f46f1201c887bfad3865e22936ea114 |
| SHA256 | d97c3f9e1754b1b8a8fbe2456312e360cfccc4fca588221097102b991342edbc |
| SHA512 | ce7d2bad4677665610714bc9eace9b4f595bb1d626f0264809a7e9be9c1ad5eeb123a55a70520cc0db94da690f6b76100c631b74caa448e12058d12a17110648 |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\InstallOptions.dll
| MD5 | d1eefb07abc2577dfb92eb2e95a975e4 |
| SHA1 | 0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2 |
| SHA256 | 89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a |
| SHA512 | eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\ioSpecial.ini
| MD5 | 8f86758fd1ad465c94e51f57a5e0d6d5 |
| SHA1 | c8d5c1e297e904c279be6952c762a75b96c2cb88 |
| SHA256 | 44ca571a582276c3b5882ebb96ec47ca9c30c932c5c1d5054d7dc5cb7dcbb855 |
| SHA512 | 32f4e2211694e8ae83e6e8730cc24653f3764ffa773134c79805c93028cc6655fc3abfe12a57bd47ab1636f79d1983e9beac84a58670545352db0ef028322045 |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\OBSInstallerUtils.dll
| MD5 | e1f825260e7224ef0526514754f7d0e8 |
| SHA1 | 553d67289b039ffea5d8b59f509b9265dca2ba19 |
| SHA256 | 1d84aa191fbbd842d5eeed302195579de1256a9acb980308bf31a631ac01e530 |
| SHA512 | b9453eb4ae6edbfd86e438ed0825725ab91100b8403a933bb0e359703be462f6d3d37f8bfb32eeae375a46512c619370f9802925ae0d8898f540f933b05b281f |
C:\Program Files\obs-studio\data\obs-plugins\obs-qsv11\locale\en-GB.ini
| MD5 | 01abfc750a0c942167651c40d088531d |
| SHA1 | d08f88df745fa7950b104e4a707a31cfce7b5841 |
| SHA256 | 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b |
| SHA512 | d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | dcee5aff95c34b5979cb4820c481d95b |
| SHA1 | 9ff8b919546e5f1d85cf6a12b05d294a1ab423dc |
| SHA256 | 7baca785f2c9b32ca27049598c3b982392825047f6d5a4ce7d919cd70391e768 |
| SHA512 | cb7b1f1a84e91e32b535afdb14e28089247e08560548023016550290a4bf92be30da9115eb630573fb35a7f38722d0d1e834c87c418c776abe38cc3f20909ab0 |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\check_for_64bit_visual_studio_2022_runtimes.exe
| MD5 | 9baff51bb8539498c81d0c2ed0034d9d |
| SHA1 | e85ff796a54221f723ad36412329d8c650b7717f |
| SHA256 | b324a6025986306656fc2a03d0a3e9ed5917dfa7cf14fbfca888d65b39822074 |
| SHA512 | cc4008bb5586840c1f031f09ce04904b22ae5ec43c3331586593fefffa22725c076835627253d6aa0468fd24124068603b82eb45490cf96e20a6c4f1d5472576 |
C:\Users\Admin\AppData\Local\Temp\nsn6F3D.tmp\VC_redist.x64.exe
| MD5 | 1d545507009cc4ec7409c1bc6e93b17b |
| SHA1 | 84c61fadf8cd38016fb7632969b3ace9e54b763a |
| SHA256 | 3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a |
| SHA512 | 5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104 |
C:\Windows\Temp\{16FFCFE2-D95B-4428-A46D-AD6DF1595234}\.cr\VC_redist.x64.exe
| MD5 | ae0540106cfd901b091d3d241e5cb4b0 |
| SHA1 | 97f93b6e00a5069155a52aa5551e381b6b4221eb |
| SHA256 | 8cd998a0318f07a27f78b75edb19479f44273590e300629eff237d47643c496c |
| SHA512 | 29bb486bfdd541ba6aed7a2543ff0eb66865af737a8fb79484fb77cb412c3b357c71c16addf232c759d3c20c5e18128df43c68d1cba23f1c363fd9e0b7188177 |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\vcRuntimeMinimum_x64
| MD5 | 0d00edf7e9ad7cfa74f32a524a54f117 |
| SHA1 | eea03c0439475a8e4e8e9a9b271faaa554539e18 |
| SHA256 | e55a6c147daab01c66aed5e6be0c990bbed0cb78f1c0898373713343ef8556cd |
| SHA512 | 0b6730fa8d484466a1ee2a9594572fa40fb8eea4ec70b5d67f5910436ee1d07c80a029cf1f8e488a251439ac1121fd0a76a726836e4cb72dd0fe531ce9692f6a |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\cab5046A8AB272BF37297BB7928664C9503
| MD5 | 8eccd85b6c4273a28a54b0687feb6a96 |
| SHA1 | be791128af5713d407df2f7436ea8de1a80ca725 |
| SHA256 | 8fafd6d0754ee53125902df1b67ef2db86eb7af4c097522f2fb58443501fecdd |
| SHA512 | 9fdcb359a5748d0d920e1e12cf31de42fa224840fd11e5878f7caff7c4495b4facacf1a58cdaf0caadd0d9a3af871870b755245d2c1af33f07f3229b85101da0 |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
| MD5 | d5a3fd8ad806f66d33d652d5913a95b3 |
| SHA1 | 7b1bb6cdbe700acc2434dc52c40cdd96a6462a17 |
| SHA256 | cc001c20f85e16015e0d23eb0c3a9bc3c3cdcc1adda53f88ac77dd29705ba01a |
| SHA512 | 594d710133f44049546c62c3c89614415ad776c24f3ada0a8d1724e6daf27f941eba43a05a096d90cdf51ad51c02462edd6308e2aa393cb8325fde256ed77037 |
C:\Windows\Temp\{6B490B12-F144-4E27-A2B8-D493876A9383}\vcRuntimeAdditional_x64
| MD5 | 5fc68510b7425822a9d0928567ffbd1b |
| SHA1 | f506d97ceac3c435ce6bafda7c47d9a35fc57714 |
| SHA256 | 7489cdde6a0c8aadb3253f22c460c2dc8099ba677f42d46b277f7040327c9b28 |
| SHA512 | 4dd4d99ace30eb1add9ae225f159f68636d42d1899acb50f616717f05045e402a2bbb76e4d86569a08ae74bb161b3911a73910fcc7044429da34159cf6b9f473 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241113091715_000_vcRuntimeMinimum_x64.log
| MD5 | 823a4823d0bca03b8c19586e44bb618f |
| SHA1 | 4626e7d9c09cc17cc3bc28277d738a1d7990d538 |
| SHA256 | 700f6185d8812018a6be61691ec596a412280df73dd5955498a7198b0dbff52a |
| SHA512 | f26dbe96b3c52385a07c811a79eb9610a3fdd7d555adb6bc806351658cb6bb948eea3e817eaf678208d8378d3ebbc03369db3b990358df39b5613c7d24fa2b82 |