Analysis Overview
SHA256
9865a54dc5191d22de1b27be4be1e0babe609d5e671d3a62b68cff975ad8071d
Threat Level: Known bad
The file WeMod-Setup.exe was found to be: Known bad.
Malicious Activity Summary
ZGRat
RedLine
RedLine payload
Detect ZGRat V1
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Sets file execution options in registry
Checks BIOS information in registry
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Registers COM server for autorun
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks whether UAC is enabled
Checks installed software on the system
Enumerates connected drives
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of SendNotifyMessage
Modifies system certificate store
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of UnmapMainImage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 21:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 21:49
Reported
2024-04-08 22:07
Platform
win10v2004-20240226-en
Max time kernel
1049s
Max time network
1053s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\Electron\Electron\Electron.exe | N/A |
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\Electron\Electron\Electron.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Electron\Electron\Electron.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Setup.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1720 set thread context of 2740 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\image_keyframe_elastic_unselected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\DevConsole\Filter-stroke.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\PublishPlaceAs\MoreDetails.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\common\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\New\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\families\Roboto.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\graphic\gr-gamealbum-icon-52x52.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\fonts\NotoSansCJKjp-Regular.otf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\uk.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Emotes\Editor\Large\OrangeHighlight.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\sky\sky512_bk.tex | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\PerformanceStats\BackgroundRounded.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\InGameMenu\game_tiles_background_desktop.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\icons\ic-resend.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\animation_editor_blue.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\ga.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\mtrl_cobblestone_2022.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\sky\indoor512_lf.tex | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_elf.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\af.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioSharedUI\packages.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioSharedUI\default_user.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\fabric\normaldetail.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\DesignSystem\ButtonStart.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\Misc\MuteAll.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\cy.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\lt.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\ArrowDownIconWhite.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\New\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\ExternalSite\amazon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\9-slice\input-default.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\mspdf.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\mt_grow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaDiscussions\search.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_nb.dll | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\mi.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Settings\ShareGame\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\LayeredClothingEditor\Icon_MoreAction_Light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\icons\ic-profile.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\az.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\msedgeupdateres_iw.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\sky\cloudsfb.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\icon_regions_delete.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\ErrorPrompt\SecondaryButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick1Directional.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\kok.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\image_keyframe_linear_selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\Fondamento-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\GameSettings\ScrollBarBottom.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\avatar\meshes\leftarm.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\btn_delete.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570866317626017" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7415a7688,0x7ff7415a7698,0x7ff7415a76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1064 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6140 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5460 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5872 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5964 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3316 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNjQ3NDVGOS1CNUMxLTQ0NkEtQjgyRC01MERGMUQ3ODc3RDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjIxNTgzMTY5IiBpbnN0YWxsX3RpbWVfbXM9IjExMjgiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{EAACDF76-475D-4BA1-9927-7C2992A9255B}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRDU0QTAxRi0yMkNBLTRFRDgtQkZCMy05ODRGNUQzQUYxQzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjM0MjUzNTM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4040 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6ab8cbaf8,0x7ff6ab8cbb04,0x7ff6ab8cbb10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2956 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6400 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6696 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6848 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6768 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6476 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4988 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Flux-41-fers.rar"
C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe
"C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1720 -ip 1720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 820
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNjQ5MDJERi1BNkZBLTQ3MkQtQTdCMy03MUQ5MDhEODNGRjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNTMzMTMzNjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjUzNjQzNDc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQ5MjE3MzQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMyMTgyNjgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RVhZcUV0QzdjVVZNVzU3UXo1U0djTkt0RkR6Y2thQ05Sa1hzc0tva25lZWolMmJrMmVHUHp6UFN0andrWTl3cjhqdnVMSW1SdnlmUmYzYTluT3pJZXlOdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgZG93bmxvYWRfdGltZV9tcz0iMTM5MDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDkyNDQzMjE2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUxNjU1MzU1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyNDkzODMxNTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDIyIiBkb3dubG9hZF90aW1lX21zPSIyMzg1NCIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI3MzI2NiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" -app -isInstallerLaunch
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2916 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5768 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5900 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ZGmnAQYqhG8HVcNgIJFIGuSh9Zn_lr-SYrhdFY0pdki5SW8t6OE7I9iYr7P4c1pv4JYHVoM0m1TwrPCOVrhzU9cokyG2AYiEfeGivflMRt4I6vMV1mlmlgabg0B4y3oeeEjnBdbykIx-unmZ7rSj4ByteF32_7cyGrpKsG1QuHj8Dtkh1XhXafQA1KgwTvzj62qpLTCI535Y9AAJWn4yBVB-d_YQmWFoinW94yUrGik+launchtime:1712613585606+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3Dfalse%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6de3d7c8-2b7b-419c-9ce1-313c2ab8d3cd%26joinAttemptOrigin%3DPlayButton+browsertrackerid:false+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3512 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_ZbpvjgcMncU_kVFPsK-paXhCphwj8-OON7BR_kQYJzIXZHyMOaemNTJ-0ivdnJCL7rGKVB2zeH3TuiFvcYii0lt3UuA_1K2UOnMhgVmltS_kjPwXFczbIlJWf-1QXuVf56ce0b_TjULbse2IFZ86HxLWbREOe8LajcgdMJvkgJz0zBNO_cdSruWet3dF1d2ooc4sohZrTFL6_i9psaDgUfVsfFATTKuzKPiTwtRl9k+launchtime:1712613615340+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3Dfalse%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D90dc7ae5-9e01-40c4-a168-013a607aa7b9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:false+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2348 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5976 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6268 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5424 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4188 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5852 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5264 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5764 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6344 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5748 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1796 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\KRNLWRD.rar"
C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe
"C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7044 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2324 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{70E1CE57-EE7C-479D-AAED-BB94C6C6DB3B}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzBFMUNFNTctRUU3Qy00NzlELUFBRUQtQkI5NEM2QzZEQjNCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyNDA1NkEzNS02NDY1LTQ4RUYtQTg3Mi05MDBFODZBNkEzQ0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNDEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDQzMjg0MzcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDQzNTk2MDc1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjkyNzIzNDQ3MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjE4NTg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5PWjJaQkwyOUFiOGliMDFvZjRBcW9HOVozZjNTS28lMmJUVDMzWjJDM1FkUXZjOUM5ZHd6QkpyOWhhYUd2MWZBOWJ4QUlaWTFsWVUzRzJXMG1CUlhuZ1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5MjcyNjQ4MjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjE4NTg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5PWjJaQkwyOUFiOGliMDFvZjRBcW9HOVozZjNTS28lMmJUVDMzWjJDM1FkUXZjOUM5ZHd6QkpyOWhhYUd2MWZBOWJ4QUlaWTFsWVUzRzJXMG1CUlhuZ1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iNDM0NDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5Mjc1OTM5NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5MzMyNDY5MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSI0MiIgcmQ9IjYyNjUiIHBpbmdfZnJlc2huZXNzPSJ7NzZBMDU3ODYtREU1Qy00QUM5LTk0MTQtRkFDRDNFRjFDQTFGfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI0MSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTM0MzU4OTA5ODQzMTIwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjQyIiBhZD0iLTEiIHJkPSI2MjY1IiBwaW5nX2ZyZXNobmVzcz0iezEyODA3MDk4LTdBODAtNDdCMS05ODJFLUJBRjlGMTMzMkNDNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzA3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7M0EzMzc3OEMtMjQ1My00N0ExLThDNEItQzIzQUQyODMzRkI3fSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{70E1CE57-EE7C-479D-AAED-BB94C6C6DB3B}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzBFMUNFNTctRUU3Qy00NzlELUFBRUQtQkI5NEM2QzZEQjNCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QjYyNUFDRkMtOTQ0Mi00NjZGLTg3NzUtQ0E0OEE5RjU4RUJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MDg5ODUyOTkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyOTg4Mzk0MzY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=2D983147-F9F1-498D-BE7E-1997EADA874AX&winver=19041&version=fa.1089fw&nocache=20240408220405.99&_fcid=1712613821534459
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5884 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6280 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2320 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4116 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6944 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Users\Admin\SturePC\Temp\nsu37BC.tmp
"C:\Users\Admin\SturePC\Temp\nsu37BC.tmp" /verify
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7140 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7188 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6124 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5884 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=2916 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7220 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7564 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7944 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8184 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8000 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7912 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8160 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Users\Admin\Downloads\Electron\Electron\Electron.exe
"C:\Users\Admin\Downloads\Electron\Electron\Electron.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7996 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7156 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6572 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7928 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6964 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7224 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6932 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7976 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3100 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=1796 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7328 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5456 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=1156 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6732 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=7688 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6324 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7260 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=7008 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6636 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6308 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7384 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=3332 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=7144 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=7784 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=4716 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=2340 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8000 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=5460 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=5240 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=7580 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7352 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401 (1).msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.22.43.75:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 75.43.22.104.in-addr.arpa | udp |
| US | 104.22.43.75:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.11:443 | static.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | 38.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 23.14.90.98:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.27:443 | images.rbxcdn.com | tcp |
| BE | 13.225.239.36:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 98.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 170.33.18.104.in-addr.arpa | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 13.225.239.65:443 | css.rbxcdn.com | tcp |
| BE | 13.225.239.61:443 | js.rbxcdn.com | tcp |
| BE | 23.14.90.89:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| BE | 13.225.239.13:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| BE | 13.225.239.65:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| BE | 13.225.239.65:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 13.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| BE | 23.14.90.89:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| HK | 18.166.241.245:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| DE | 35.157.30.157:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| GB | 35.176.8.75:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| HK | 18.166.241.245:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.30.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.8.176.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.241.166.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| BE | 13.225.239.89:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t3.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t5.rbxcdn.com | udp |
| BE | 13.225.239.89:443 | t2.rbxcdn.com | tcp |
| BE | 13.225.239.45:443 | t5.rbxcdn.com | tcp |
| BE | 13.225.239.62:443 | t3.rbxcdn.com | tcp |
| BE | 13.225.239.62:443 | t3.rbxcdn.com | tcp |
| BE | 13.225.239.45:443 | t5.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 89.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.239.225.13.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| GB | 35.176.8.75:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| DE | 35.157.30.157:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| BE | 23.14.90.104:443 | c0ak.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| BE | 23.14.90.104:443 | c0ak.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | 104.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| DE | 3.79.139.239:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 3.79.139.239:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 239.139.79.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.237.151.236:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.151.237.44.in-addr.arpa | udp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| NL | 23.63.101.170:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:55892 | tcp | |
| N/A | 127.0.0.1:55896 | tcp | |
| N/A | 127.0.0.1:55899 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| BE | 104.68.69.233:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 233.69.68.104.in-addr.arpa | udp |
| BE | 13.225.239.90:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:55902 | tcp | |
| US | 8.8.8.8:53 | 90.239.225.13.in-addr.arpa | udp |
| BE | 13.225.239.90:443 | setup.rbxcdn.com | tcp |
| BE | 13.225.239.90:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.146:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 64.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 128.116.102.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 104.91.71.146:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| BE | 13.225.239.49:443 | c0aws.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| HK | 18.166.132.10:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| HK | 18.166.132.10:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 3.79.139.239:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | 49.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.132.166.18.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| GB | 3.8.27.36:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| BE | 13.225.239.41:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| BE | 13.225.239.22:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| BE | 13.225.239.49:443 | c0.rbxcdn.com | tcp |
| BE | 23.14.90.104:443 | c0ak.rbxcdn.com | tcp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 36.27.8.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| GB | 108.156.39.82:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 82.39.156.108.in-addr.arpa | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| BE | 13.225.239.14:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.240.235.135:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 135.235.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| N/A | 127.0.0.1:57158 | tcp | |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 18.153.6.250:443 | s.ns1p.net | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 250.6.153.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sjc1-128-116-117-3.roblox.com | udp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| BE | 13.225.239.38:443 | js.rbxcdn.com | tcp |
| BE | 13.225.239.41:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| BE | 23.14.90.81:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 54.67.87.108:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 18.132.92.47:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.240.153.132:443 | m.stripe.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 47.92.132.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.87.67.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.153.240.44.in-addr.arpa | udp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.7.147:443 | wearedevs.net | tcp |
| US | 104.26.7.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 104.26.7.147:443 | wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | s.uuidksinc.net | udp |
| NL | 63.215.202.169:443 | dclk-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 31.220.27.134:443 | s.uuidksinc.net | tcp |
| US | 8.8.8.8:53 | sync.gonet-ads.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.pangle-ads.com | udp |
| NL | 188.42.105.236:443 | sync.gonet-ads.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | ag.innovid.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 23.33.40.28:443 | analytics.pangle-ads.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| GB | 35.179.68.186:443 | ag.innovid.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.210.141:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 70.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.27.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.105.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.68.179.35.in-addr.arpa | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 28.40.33.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 23.53.113.212:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | csp-reporting.cloudflare.com | udp |
| US | 104.18.20.157:443 | csp-reporting.cloudflare.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 141.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.20.18.104.in-addr.arpa | udp |
| GB | 172.217.169.66:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| IE | 52.18.90.0:443 | pm.w55c.net | tcp |
| IE | 52.18.90.0:443 | pm.w55c.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| US | 8.8.8.8:53 | 253.166.67.172.in-addr.arpa | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 0.90.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.133.137.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 87.248.204.0:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 45.32.1.23:443 | pcapp.store | tcp |
| US | 45.32.1.23:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 23.1.32.45.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | repcdn.pcapp.store | udp |
| GB | 89.187.167.6:443 | repcdn.pcapp.store | tcp |
| US | 8.8.8.8:53 | 6.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcapp.store | udp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | 41.126.223.159.in-addr.arpa | udp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 45.32.1.23:443 | pcapp.store | tcp |
| US | 8.8.8.8:53 | repository.pcapp.store | udp |
| GB | 195.181.164.16:443 | repository.pcapp.store | tcp |
| US | 8.8.8.8:53 | 16.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | delivery.pcapp.store | udp |
| GB | 195.181.164.19:443 | delivery.pcapp.store | tcp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| US | 23.53.113.140:443 | amplify.outbrain.com | tcp |
| GB | 142.250.200.14:443 | google.com | udp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 8.8.8.8:53 | wave.outbrain.com | udp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| US | 23.53.113.140:443 | wave.outbrain.com | tcp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| US | 23.53.113.140:443 | wave.outbrain.com | tcp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.142.31.50.in-addr.arpa | udp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| US | 159.223.126.41:443 | pcapp.store | tcp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| DE | 91.228.74.168:443 | cms.quantserve.com | tcp |
| IE | 63.35.81.137:443 | pr-bh.ybp.yahoo.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | udp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 63.215.202.169:443 | dclk-match.dotomi.com | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| DK | 37.157.2.228:443 | c1.adform.net | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| US | 54.145.45.250:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| US | 54.145.45.250:443 | sync.srv.stackadapt.com | tcp |
| US | 54.145.45.250:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.81.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.45.145.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | ads.travelaudience.com | udp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.0.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| HU | 142.251.208.163:443 | beacons2.gvt2.com | tcp |
| HU | 142.251.208.163:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.208.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync-dmp.aura-dsp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 172.67.166.253:443 | cdnwrd2.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| IN | 142.250.182.99:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 99.182.250.142.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| GB | 128.116.119.4:443 | presence.roblox.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | youareanidiot.cc | udp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | youareanidiot.cc | udp |
| US | 8.8.8.8:53 | 69.95.21.104.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | youareanidiot.org | udp |
| US | 50.28.56.190:443 | youareanidiot.org | tcp |
| US | 50.28.56.190:443 | youareanidiot.org | tcp |
| US | 8.8.8.8:53 | 190.56.28.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww7.youareanidiot.org | udp |
| US | 199.59.243.225:80 | ww7.youareanidiot.org | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 172.217.16.226:443 | partner.googleadservices.com | tcp |
| GB | 142.250.200.46:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | parking3.parklogic.com | udp |
| US | 45.79.244.209:443 | parking3.parklogic.com | tcp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | afs.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | afs.googleusercontent.com | tcp |
| US | 45.79.244.209:443 | parking3.parklogic.com | tcp |
| US | 8.8.8.8:53 | 209.244.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.187.238:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xploit.games | udp |
| US | 104.21.66.53:443 | xploit.games | tcp |
| US | 104.21.66.53:443 | xploit.games | tcp |
| US | 104.21.66.53:443 | xploit.games | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 53.66.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | fastfiles.cloud | udp |
| US | 104.21.61.62:443 | fastfiles.cloud | tcp |
| US | 8.8.8.8:53 | 62.61.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fastyrdr.live | udp |
| US | 172.67.142.11:443 | fastyrdr.live | tcp |
| US | 172.67.142.11:443 | fastyrdr.live | tcp |
| US | 8.8.8.8:53 | tomatoesmoney.xyz | udp |
| US | 172.67.168.146:443 | tomatoesmoney.xyz | tcp |
| US | 8.8.8.8:53 | availablefiles.com | udp |
| US | 172.67.142.219:443 | availablefiles.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.67.68.197:443 | yourjsdelivery.com | tcp |
| US | 8.8.8.8:53 | 11.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.168.67.172.in-addr.arpa | udp |
| US | 172.67.142.219:443 | availablefiles.com | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.174.128:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | 197.68.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | trk.playstretch.host | udp |
| IE | 54.155.11.60:443 | trk.playstretch.host | tcp |
| IE | 54.155.11.60:443 | trk.playstretch.host | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.glasscellar.icu | udp |
| US | 172.67.177.222:443 | stat.glasscellar.icu | tcp |
| US | 8.8.8.8:53 | 60.11.155.54.in-addr.arpa | udp |
Files
memory/2020-0-0x000001EFC1710000-0x000001EFC1736000-memory.dmp
memory/2020-1-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp
memory/2020-2-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp
memory/2020-3-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp
memory/2020-4-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp
memory/2020-12-0x000001EFDBFF0000-0x000001EFDC747000-memory.dmp
memory/2020-13-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp
\??\pipe\crashpad_3384_CDUBSRGKNAFMHCBL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fab2003273778b7fab17d242affc0921 |
| SHA1 | d3845c6a5672447df87de94d4c6605e1b57fd35f |
| SHA256 | 6cfaf097f84807b43b1c0e5c789f6d3f751e5d6da62f4bf485d067d06be7320f |
| SHA512 | 646d00d62f9fa5e8d7ba89866a5a3fdc52d29b02dd81fd3d138a6c5a47a6bce6a4ac34c5be932b9c159db095ca058fa244bd1d1e76a6e1d45adc001f1dc2ff79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb457793614ca21da89a3df7075bb72f |
| SHA1 | 353b4288e2cf447fdfde3b388be25dd87f1c123e |
| SHA256 | c7f86a8820c4c2eb12493e0f70af7ab5bc3122eb0ad45f9ad77556eee5bcb99a |
| SHA512 | 2b580c73f235dccd6d052af21772ffae53bb4f7c6783c24eb60a1cd0ba513a0e23cb67d8427867b66dc2340639365fb09c089059f272bc9d2ba4d2fa628fce91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 998eec59ecc592588e8d48f3c5effc7a |
| SHA1 | 4e6ee7d4f4013d4311fb91d23012cee0a3f0b2b6 |
| SHA256 | 400b2b1fffede3da74bc5d8335c682896265f55d176e025ca6a390ac2a589a18 |
| SHA512 | 241e1bda60ae4c54bd155582dd95447bd623104b375be794c222ac800ff2a0d14d84e9c3790fd240e594d29eb69c2668ee52c2f52f9ecb7f5e4ae9cb3b6ea274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 911ab28612de6e53740e4498e4122d47 |
| SHA1 | a07993b2e2f019eaf9590c3d5e58710d8ca8eb9f |
| SHA256 | ee2960cc7e88fb07f31f610508591e430b695725be0902fa53ced5c4d933a97b |
| SHA512 | 7125857f947a211d1bd3c6c0348e4e1702e3a91212ca1a3ae2450d7af5b73ac3d4df62f2a5d7c0f46dbaa689b1722900d4d133d4a37a1d8b4641e0b5885d7d3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | e744b211753f45b387e00af2aae69c6b |
| SHA1 | 23beb8357e158d3a162524b96495f293853b8147 |
| SHA256 | bfde85cbb4f9503779c19c8ed8a463e2782028fed2ee0726cc55018856baed9e |
| SHA512 | c4ccacdfe546522ca8be841b535005f688d250a2d9a68011d5181bf07ae6466785c3dd0c647c6930ed7627d65ca928e4397fd61ae46331b41a110ba76b3962bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | c0abbbf857dbef55c9e83b563a3ac81e |
| SHA1 | 37c3d19346c03e968411ad6b9f1ab87a9dde321a |
| SHA256 | 49413bbca0b140209518f7d5106c6a912b223dc968fae38eea7281af872ab5fc |
| SHA512 | 60e1a727a989cf3b6e3d0f3b438003fafaddd8ee7ffc40020626970f8a8907cf1d1a867bac3720b9d270bfe70fa2ccc94fd978554939bcfd3baaf01709f403e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 003560d8d886b677ad76eb0ddfada97b |
| SHA1 | a49883a7751bc04c86cc1bed16df89a6a4791205 |
| SHA256 | 1bd44d2544d2a556419f21321da21d5d8cadf24210b721f1124866fc1c53a67f |
| SHA512 | a159c51ee101ae2504d4a21c3ab6f5eeeb8e15ed7c2a261bc9779f8af2e054ef239dc14a7c40a0d657a1b4453f7988b2de26746799c1c65042717efe07fc85e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5872e9.TMP
| MD5 | 776cabf63b0f67fbe3613c72fc58382c |
| SHA1 | ca84d281f8c6d33616be75fb93d7fe19faed5ec3 |
| SHA256 | b07b5c64c03d8cf71c2e3205f0ce117fec2678e0325253dcc222fb3118c3a2b2 |
| SHA512 | 190b764722147efa48c66c79b5b86625795e5c21dc57cb7eff5b5130cc4bcd6f18b45a307264b759cab5c36b17478ea118bc716633bb27de09bec4619361ee40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1aae221b4b359ccbe4e39ca043f7d3da |
| SHA1 | 94520f54577a12b80120858494824dd8f9bdd25b |
| SHA256 | 017e5c56b75f846d5c7fa0d9accd6f70eef31c9c45e47b11050fd20dc598cf50 |
| SHA512 | 5f5f7d74b13f72cda8516a820c34cc2e415be80d847e5f88413ac47d8f8dd77c2d3348e31a0686bb1e9b65cd5865064e1771fbadf533230dc8c76f6b09e2ae53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4073494286bee8f42ba2d48c23dd32df |
| SHA1 | 2726aad001ec6de68c2b7b8f1453bd4452c830e2 |
| SHA256 | e181f2a7161b3f1501223b82c4e3e4c079815522e6d75b32d61b489c6caa15b0 |
| SHA512 | 8d00d0f0e1a385f1ee7f1093b70db5cf33ffcea7d0165dce624926a8651356a85dc2c727fb0b24a89bb3193b46158688d06bc539c248805c17647ed966e65071 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cdc91575e8347420c7d9e444611e209d |
| SHA1 | 2c2219741d23f450c9e3b2f05aa771b9eb934974 |
| SHA256 | fed80ea76f0db97514b2149ccfecf7406ca3e2ab04de5a9689cf1f072f3d2ba5 |
| SHA512 | cfc785bdf36349f3e79bdc01d591c514fca9374c2d1bb517810cbf4689d155ee349dd6fda89dcfbb3091089d2119355a9f83c488c34a1ce37619405cd33f442d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d9dd006c9ad7411a214b3c21c133983 |
| SHA1 | d49671443a74ead6ef4ee2dc247bdd5be5580e2b |
| SHA256 | b27257259f7414efe5fa770629b06632a31abf4961cb304e9325d2d7d9dde1b7 |
| SHA512 | f11c63e8c1abc8b34df060e710fca1dccbb52ae07e8b9ec805a85568ab9bbc536c97f28c6f3b6351cb23928bc44589e1497f2e44f7b9c5fe5307e80a01e6c465 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2b16052cb164ef90e82414f15b83f079 |
| SHA1 | ff3104510808b178ae6c3a882615a39f6df36579 |
| SHA256 | 5fe954db208cf1e14de2a79aa25458e7720f0e3c184b0594c9d44cd19c0c4057 |
| SHA512 | 524c17e7cfe59b733798ade581a96c0c93bd725809cb232237ac5993e79e89b13f9e1ef28be78a94497d689125df14d6b4a11095eeec9ac64a3537b9b6b6f85a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 359af91ea06df726cd81163b56c0d543 |
| SHA1 | 4f30f85fdc2ee495db0d3e08b077d793c4d8f107 |
| SHA256 | 0a5b9cf0d45e8a77e8a8670e736f77325c88397bfff465c49af6e0c957400d50 |
| SHA512 | 997a373d1c72501168d9800189a9575970438e05f2a69aaae2665d49dca5d8b6b6ac97f63d7dda51530113177fd5df0d9b0143d324f02e1e96b25d79243969bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c8e647fc9afe215d0fb772a6ee1c4fc4 |
| SHA1 | 9feae9872c9d0e41296b68a55cf5c349bc986bef |
| SHA256 | 160d4934abfec0a32995920835b46444b72e9467f00d36161b00ffb68250e8ca |
| SHA512 | e6bd77e99f6cce9ea90d53a3c1afccb0ddb0ee4908d7a78e03fa2eb38ee71564a6fb8f9158eeb0c1a3cd234a3b6511d0cdcebf8bbeb3e0e078e7bc75d03d95e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 71aa044b9e38196bcb55aee99a06d2dd |
| SHA1 | 5d8f870c2ca025367013daa2ae1ae08990d16873 |
| SHA256 | 3c8f2ea2603421d659b227b839ac5386fb75062388067ae26c48c7598b41b098 |
| SHA512 | 5af6e691f09ce0fec40cc97172641669e533bede46bc34357d14087ac90b023694d7178f97ddf0773da0f4836eb8f5660859287725615126ab594936dd36bfb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 81cce712a7aeed7a081f7152e7b96178 |
| SHA1 | ff2674265269c3ef208865e0c42c4b7fb82498cc |
| SHA256 | ec898fdb8b2f9231005a2a265bc40d6e6cad7eab164e24865bf39a9a91bb02c7 |
| SHA512 | d8f8ce17721a1e5a2dcc721d3b47530fcc9f05c7f64f0d77d5afad5d9f46e3e4a9d9d7b41d8ee661cf0a48f9dadbf09b96e5df2c297faa5ccf76826024be0a77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ca4b074fad01544a899b41ce54d7821 |
| SHA1 | 22b35f13e9de66a63f97624b6bccfbb4b6a64834 |
| SHA256 | 12283c38ceca9d677bf524025fed2f4e5e2a5a643b0d26380f2a3bd12bd4cf41 |
| SHA512 | ee0dfa793206076c96a7065832124683386bf30d3e5ee537e61e3d01f5a71bd3b780963303967e85beedc32aba77a963ea232696072e48dea9fbbfc88aba11d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f7a28777670fe3fb2ecef6a1c9dbe167 |
| SHA1 | 0418c064671b2af25f599dad25c65f0dd64deb18 |
| SHA256 | a6cf97e67276c840f131c38c86f52d167129a6678e190c3963890fd12033426d |
| SHA512 | 801ed99f1ee7dc0078133fbb810e277560c6f6cb1dd367dd1c8bc694b35d9eae0287c693759caab653843fb2289a7c29d99badb10b4916afa92b1c0ca23968aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7b26245f0756d172516a5b1d01b54952 |
| SHA1 | e1cb7d7de392a8d24db3117618e64384a381abb4 |
| SHA256 | d166a8b248af42eb978a728b59f35c14c8c605740986dda55462860cf90d82e2 |
| SHA512 | b3cec1c0ceec33be94ea7b18a4ce53900ac1d2aa2f1eb429d9e9e406be138e8a704d580f596914645cb10065a744b79a443f10c42b2e0ed228161facc0ebb3d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e6c3d4bd0ec2a871883bdee96e80146a |
| SHA1 | fcc9f4f366694a1667f8896ff429fec465719d5c |
| SHA256 | 15f636ed4be19bf2137358734f205c854d4d52190559bda72c28a42403217039 |
| SHA512 | e5d79af668bfd927be54369e3847b13eeb69d2cb9406e8bcfbc6b62feb539d778d79b2f2c756ca223f3df803bfdfefed49d1013608ffe5e86cc223333266600c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 530e00501d2e53d73d551ff1c4807d78 |
| SHA1 | d97bfc50b512a11bfe0446036543d22a9e03c5c3 |
| SHA256 | c2ca77dc3b57683ad46997d76d015940b6aa8f12a3fae387c8605329f7ba7efe |
| SHA512 | 2875b6a9d1c16edce20f8e0ae9ada57bd048ce4ac752774c02bcd9ea4d5ccdf7e2e59482fcee756a418953785f60ef23e66bb3063c4a27215b20fc8ee743bf85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4bae6fe65ecdf1ee640f65b8266189f6 |
| SHA1 | e01205007b86ddeae21ade6e75a99564a6c409ff |
| SHA256 | 9a59b2e8b47518a9db9c6ba3a01d67e294303bf9d1a0838c415a668071fb79dc |
| SHA512 | 7b652358cb358dc98c7aaf0300542db1616f38db8482defddd30b46b7037404d15660fab323769d383fd4fce44633b18a72c36435ead74e7167a36dd4246873f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 553d4762e6f01c331b1066b6df98a9e6 |
| SHA1 | a9052f6c3d9f6c73580f7b9d31f65468acf4a1a3 |
| SHA256 | 89df53c7de20b5d85e8e1e94f478b09e15b6d5d2eead7a0049b80d6bee4416c5 |
| SHA512 | 55182bb8057c0249ff42b15a0cdb4269a9080de0a021082fa3d64b015e677dd49cea498125d4c1b78d9a06c4be0d67695188be924feb81a0f54c769174d51cd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2437e3008597fe328f9e061b0290d079 |
| SHA1 | f0b34f1bd16c7bc8bd13333ef8f535c62432d2b1 |
| SHA256 | 191e8fc9eb11135e418b0c584e1a60ccb904b2d3dbbc2ce50c4f7f8d39cc4590 |
| SHA512 | c52253f51c4f0d6a3813dd11f55e26fd7e47eb2360e1c8d9d3ebf5a17a1d863125cf527f4b942823e762694ccfb31b798d83895e8d44b058cdb6b7a4e9bacbdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c35deee1a3e4d93ff1d4321686d2e112 |
| SHA1 | 29344629907d808b4e66e26167f4d213a236a525 |
| SHA256 | f5aa689db612ce43ea1c78738a68528e81bdc79b80d06a0a13fd401a0280451c |
| SHA512 | 2abd0f995ccb916bd6aec9c5ed429660f6aae67cc887ecf708eaba0e530bb018bd14c65fa5ad540fd68a5f3bcecf1b4063339f4042750f5fae1d8bb889aeefbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d143c36f2d38ca8cb5bc2ce44036021 |
| SHA1 | ba22aa84ac8575dbc98af67eabed283eb97300a9 |
| SHA256 | 3952d9a2513870ec6857ca468a35164c9e91ce3d38f006033cafe66983db1af9 |
| SHA512 | 31262c28baff3ce7238f717495b9fc3e388355f1787bb37e8819eff969ed1db829db89e0036dc585324a02bac0bff5fec5b4eb9bbed692ceebfa451fd33b12d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | acee1736ea34f34bfbef36cb3f9af50c |
| SHA1 | 373ca20feb8b40400497d7a069775fa52eba3573 |
| SHA256 | 020e73fdf1c57ef93222d8f4b6c4dff5f341de9a230c963c96c1fa9e23b752af |
| SHA512 | 0e893767e1d534129ec0a249106390827d2304985840accb27ff15f2478833ddf14ee1ac1ec51fe9b08212f4acb49821e342da35b885e3a782aa48a07af7b2e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69b4d8f4a4658299d69ee27c486ea8f6 |
| SHA1 | f4c1c4ba4cb1abb804bf88978d7a0082384f75ba |
| SHA256 | aaf43f1e1b43967ae352505004f03d2ca539499687ce9c3f83d9de90eff751aa |
| SHA512 | a5d994c3ceaa8c88d40db188fa8fecb12d48344b051c0eb4585038444929829b8a1c25bd5fb6917f2361faefeee35ba690cbb278702203e4f3fe057eb28c2c05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e41b94ded5030e5a0e410912b1ce6b2 |
| SHA1 | f153600f1c8b6f0a52874e6d9c4d4e6de986db30 |
| SHA256 | f11963bdd70c6b6ef461918f832ada2fab8aabbe8b6ab257bd5f170b7106d21f |
| SHA512 | 480f80f9174e5a95b112f8caa8f6dfecb8e183cf0a9da69497408bcff1e6454bf4a1210bd572e271efa039b2ef9021189f319c22a90f88f720f5e79f4d222419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da00afdac37884f2e2c289e787947f00 |
| SHA1 | dbf1db387e144cbc1bf72087ce237048bee8b752 |
| SHA256 | f4796ada7e9a10b3714c0ea64f34a05d28e01a5c21e729ea2018167431b45211 |
| SHA512 | b030da08f04fab72d5d93131627349a1d83727e4fddc605807f8179b10874ec3a1f56fff25f38188af5bae3047c127fbb667b2bc1f2fe9db525640f863962f57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 14341ff2e25cc7927693c0e2483a371a |
| SHA1 | b26f9e491257c10e2508556235ade789cca10020 |
| SHA256 | c16e253772fc0d00d2b9118a77bf8e931ab315f089d02d0a6707c545176a7470 |
| SHA512 | 9af0be52916c5c08a902d3f2d67ba7b51fb211658decae606fad4aed58b99f1077ab0e0c1036a3e006c727178eeea18ae38e2514d7a3788fef793e3d137751db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69ff069d754fc2d68760f9610e912128 |
| SHA1 | 790ae06c5885e1bd466c06dbd15d61dbeb38c749 |
| SHA256 | a4315de251cf3c00a386bd247fd91070bf07a3de44e5c933eb7d570e96f03f2a |
| SHA512 | 5e8a691bf24168cad4a99ca9e3571f9c813f4d3b581ec664e7744651e36bc075a59ae2158bc35645e5095994dbcb52f8188af0dd30d821e94a7a371eeb0bb882 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cbccec42189df824bf68209344fa48d9 |
| SHA1 | 0d76d7b8e64ac2984898251552099e50f8688f4b |
| SHA256 | cb7277bba031e9aaf3acde88b92378d238abe861803a42a8794efcef8afe8237 |
| SHA512 | c53ebc271b1395964018c9cea2615d7f240a4b962f9e971e48718f955e158b824d26ac43d2a16a60a7606c002fda689f7ae42a5b3d880212f3675644f26b00f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29c346d0a65b5f6f2a824f5a8ccbd5ba |
| SHA1 | ff309fbe00f333d7fb9d2d14f078d34969ceeb0b |
| SHA256 | 4117c31983d01d786648f609a8baa7f09ed83c873f1ba31385a167b49a6be15f |
| SHA512 | 80f9fc9cd3233ecc6bc7ab98d3921891bd3ed6bd6b2b529a28b937a143a85109a59ff084808cff788eec8129ee903f96da14f0d21c0f09e1534e20ca79d678cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | d170269951b86f585f899d21ae50e782 |
| SHA1 | e981cf3277587be2e230a211eeb4a64a77aaaf97 |
| SHA256 | ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f |
| SHA512 | a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 49e7cfee1e9b9d69dca32fd41801b4d8 |
| SHA1 | a7c501fc4fd7425e4295535c9958f7e5c332c9eb |
| SHA256 | ada6f5ea7ed5506b67b9ba5c0e1a3acac88cad9c130def5940626469ed962e7b |
| SHA512 | 5dcff23c0910e719686e5e0d530fca0cb3f1ce97a64c9f6a8f11d2de7a3bac938b1d73e83631049e101b4e8a49617012f42b65b8262839f2172d74e89bb1d021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6e7d4f219b6dbbb738f178d5563958f |
| SHA1 | ef820391ed127f13fe2a25b8269e60d053fbc410 |
| SHA256 | d2921431d7a0bdba3577722fcbc7ed20a117fd86b1c4a46c5c1ea31197f706e8 |
| SHA512 | f9e49e2c0b3c845f6c497bab38a31db334ce57bac4850c4f236933df8baf8d25ec4ba2aeee8e18365da79832ce65ea265c36010898e04653206df5de6a8a1e13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc37a99be2a1eb3f2a4891e12fc24176 |
| SHA1 | 19a938db320798d48f9e6710911fcbc5fe4ebfe4 |
| SHA256 | ebe0e756ef79d35e5b4cd5aa04c4c69ae56a7eede3dd31b21aa6ef74d2cc3498 |
| SHA512 | b41732b4815f542a102d6e2e4992701ef5136f6a57d16a118c2ee867459031a4d16f38a6623552cb298bdc1c1666fdbfb5612642c6e613ff418ac3a177e9a5eb |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | 1b57a241eed58ce47249a846f2391652 |
| SHA1 | 345999af03a6c515191d212a200fad24039100c1 |
| SHA256 | 25913bcf70e0a8447e3ae39294cb3c3be44f15dcbccc4a0cd2aa4538e5ecc0f1 |
| SHA512 | 870cc586696961c4de63643f264514140357cad1c9a4eaf9f1e631507c680359cdc760728afd46f6511155dc5c37b7c61dcd6825b185635aa0353fb18313a8c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cb3fd82084fc6c186a99c53f32c8c07d |
| SHA1 | 4d0721a94b64b2260821fd529eefebc1db85f25d |
| SHA256 | c93b15062acbc1818d85caa2c956c24f783fcc956b43c6c6b3d638e5dd3fa25b |
| SHA512 | 5f11fe38bc8f073d3ccc8644ea99bd5bb4d18fe7ad33b72ffc0533900119623a7d1e68ae57b9d396671f3b4a8bd11244d01942dc3e7180c37303bbb6f028f5a9 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | a6b477fd2a8f8a2f773524399dbcfefe |
| SHA1 | 7d80eb58dfd74d2d6b808663044e4ad35085f99b |
| SHA256 | 7de163bfcdac41638190fc00a32f1937c38c35a18aae4e0945adc28ebd223ac3 |
| SHA512 | f8c96581475df161bf53261492abe09504d3e4c7206874c7d8d90bc76305f02f06005fec35cffaec517de0bb36b62e62a85e22607fe669c2c3bdf008c56bb957 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 95a312dc2a944cfff2343630903a30ec |
| SHA1 | f706d90d1992798f79aaa93a7168616dc3677263 |
| SHA256 | 70a75d5873b8f1f063222f9b42b12ed08afdb4e31ce428e8ade010e251d42fd1 |
| SHA512 | 80baecd966a5001d4c6f84877641e233a4a0e9a402a3291c76a9697ecf2fbdb3ce8f4cbbf41b6eeb0a1876df25da0371004c0120a91ad1649340366de493a14f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2c6cf923259aeaba76c44c586fbc105 |
| SHA1 | 13bb190121b8198a46e7680b275be9d5bbc34513 |
| SHA256 | 74a8cf585b5b0465f83d72d8536877be7274c6e22791df5ffafbc572978f32a2 |
| SHA512 | 52438799010702ffd113f94e1c3fddd1a002a11c06fb6a3cfa48347de2e24e3f26c5935f3de8fa9e6aa6864b134e6621afceb91ca10fe957957dc406e4ff16ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 771b0bf2d5fd1ddc5fa3a378b2d2e5b5 |
| SHA1 | ce8faee5efc1c68e0c358781537bad68bcf8aad0 |
| SHA256 | 8f4c14a20bc0335134961d5608d78b4e8f81eab18ebb5a221edf8d66f58745c2 |
| SHA512 | 1ff23d32fad2063a50ba326f302ebacb30d07e9a274abdeb9e138a3e1a08241f1c4619dba1439b77a32e3ca9efb3a8331b8703f641561c6ef8c39511da4671d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ccaeb9f81d9a1476d115621b1cbafbf5 |
| SHA1 | c9798f7bd07d77c712ee40acd861feb67fd91dac |
| SHA256 | 6796c286fd51789fff0f5a486a3a21b17fa920b047365daa949f0b0d0cba3cc1 |
| SHA512 | 025fa0c40dcaf27243b948411b5c5762f785bcd75612c55dbfab4257af59f993926cb9bd59f5a29281881f51da15ecf140a506f4b02119d28a929a18ab83b7a1 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2071a20b3379c50b5481716951e9a32b
| MD5 | 2071a20b3379c50b5481716951e9a32b |
| SHA1 | 727ee72cf45db1f163e2740072d8c55d52fb2741 |
| SHA256 | 26764f24835796bc0837862a162a31c7a5e047490f1231e21a037dc6c5a46a97 |
| SHA512 | c96e3fbb9ab584743bd85a52ad7c0abd70ae808bb107e7717e5e1fa19faa5882869e630aa4833bfe282d23f16cc1fe48e81732ec9c607455c08d17748e437496 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6b531212079c029b05867846d8e890d3 |
| SHA1 | 61984680988fdc92417a7ca61d5796edff7330b1 |
| SHA256 | c008c66c0bdb6e2d302f5ec78ff2d75df52e4fb4253bd2a63e6695b6ab3991fc |
| SHA512 | 00415f1b40db2359ec74b4daa7452e3e3dec2f2cac139a3290acdf4f071ecc0471cbbb28847af37c344b8b8ad13b0d89b8e531581a79b1680314a4e9e6bf62ff |
C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
| MD5 | 610b1b60dc8729bad759c92f82ee2804 |
| SHA1 | 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552 |
| SHA256 | 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08 |
| SHA512 | 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdate.dll
| MD5 | 965b3af7886e7bf6584488658c050ca2 |
| SHA1 | 72daabdde7cd500c483d0eeecb1bd19708f8e4a5 |
| SHA256 | d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19 |
| SHA512 | 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_en.dll
| MD5 | 4a1e3cf488e998ef4d22ac25ccc520a5 |
| SHA1 | dc568a6e3c9465474ef0d761581c733b3371b1cd |
| SHA256 | 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011 |
| SHA512 | ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | c044dcfa4d518df8fc9d4a161d49cece |
| SHA1 | 91bd4e933b22c010454fd6d3e3b042ab6e8b2149 |
| SHA256 | 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2 |
| SHA512 | f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 60dba9b06b56e58f5aea1a4149c743d2 |
| SHA1 | a7e456acf64dd99ca30259cf45b88cf2515a69b3 |
| SHA256 | 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112 |
| SHA512 | e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_af.dll
| MD5 | 567aec2d42d02675eb515bbd852be7db |
| SHA1 | 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37 |
| SHA256 | a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c |
| SHA512 | 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ar.dll
| MD5 | 570efe7aa117a1f98c7a682f8112cb6d |
| SHA1 | 536e7c49e24e9aa068a021a8f258e3e4e69fa64f |
| SHA256 | e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01 |
| SHA512 | 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bg.dll
| MD5 | 8375b1b756b2a74a12def575351e6bbd |
| SHA1 | 802ec096425dc1cab723d4cf2fd1a868315d3727 |
| SHA256 | a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105 |
| SHA512 | aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bs.dll
| MD5 | e338dccaa43962697db9f67e0265a3fc |
| SHA1 | 4c6c327efc12d21c4299df7b97bf2c45840e0d83 |
| SHA256 | 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04 |
| SHA512 | e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bn-IN.dll
| MD5 | a94cf5e8b1708a43393263a33e739edd |
| SHA1 | 1068868bdc271a52aaae6f749028ed3170b09cce |
| SHA256 | 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c |
| SHA512 | 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bn.dll
| MD5 | 7dc58c4e27eaf84ae9984cff2cc16235 |
| SHA1 | 3f53499ddc487658932a8c2bcf562ba32afd3bda |
| SHA256 | e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98 |
| SHA512 | bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_az.dll
| MD5 | 7937c407ebe21170daf0975779f1aa49 |
| SHA1 | 4c2a40e76209abd2492dfaaf65ef24de72291346 |
| SHA256 | 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9 |
| SHA512 | 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_am.dll
| MD5 | f6c1324070b6c4e2a8f8921652bfbdfa |
| SHA1 | 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf |
| SHA256 | 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717 |
| SHA512 | 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_as.dll
| MD5 | a8d3210e34bf6f63a35590245c16bc1b |
| SHA1 | f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693 |
| SHA256 | 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766 |
| SHA512 | 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 7a160c6016922713345454265807f08d |
| SHA1 | e36ee184edd449252eb2dfd3016d5b0d2edad3c6 |
| SHA256 | 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9 |
| SHA512 | c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ca.dll
| MD5 | 39551d8d284c108a17dc5f74a7084bb5 |
| SHA1 | 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884 |
| SHA256 | 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07 |
| SHA512 | 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | 2929e8d496d95739f207b9f59b13f925 |
| SHA1 | 7c1c574194d9e31ca91e2a21a5c671e5e95c734c |
| SHA256 | 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df |
| SHA512 | ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_cs.dll
| MD5 | 16c84ad1222284f40968a851f541d6bb |
| SHA1 | bc26d50e15ccaed6a5fbe801943117269b3b8e6b |
| SHA256 | e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b |
| SHA512 | d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_el.dll
| MD5 | ac275b6e825c3bd87d96b52eac36c0f6 |
| SHA1 | 29e537d81f5d997285b62cd2efea088c3284d18f |
| SHA256 | 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0 |
| SHA512 | bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_en-GB.dll
| MD5 | d749e093f263244d276b6ffcf4ef4b42 |
| SHA1 | 69f024c769632cdbb019943552bac5281d4cbe05 |
| SHA256 | fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e |
| SHA512 | 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_de.dll
| MD5 | aab01f0d7bdc51b190f27ce58701c1da |
| SHA1 | 1a21aabab0875651efd974100a81cda52c462997 |
| SHA256 | 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c |
| SHA512 | 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_da.dll
| MD5 | d34380d302b16eab40d5b63cfb4ed0fe |
| SHA1 | 1d3047119e353a55dc215666f2b7b69f0ede775b |
| SHA256 | fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f |
| SHA512 | 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_cy.dll
| MD5 | 34d991980016595b803d212dc356d765 |
| SHA1 | e3a35df6488c3463c2a7adf89029e1dd8308f816 |
| SHA256 | 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e |
| SHA512 | 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_es.dll
| MD5 | 9db7f66f9dc417ebba021bc45af5d34b |
| SHA1 | 6815318b05019f521d65f6046cf340ad88e40971 |
| SHA256 | e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819 |
| SHA512 | 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952 |
C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_es-419.dll
| MD5 | 28fefc59008ef0325682a0611f8dba70 |
| SHA1 | f528803c731c11d8d92c5660cb4125c26bb75265 |
| SHA256 | 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d |
| SHA512 | 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a90bc9d0625c1dfac3ee2db0f556766 |
| SHA1 | 8566a7ba29aec0b1ef51f954b09e573c60c25776 |
| SHA256 | a08e9af3b8e5a6768342b750456725ffe60ef3fa5c2ad781487605af35257777 |
| SHA512 | 1ca3b43924a83e4c0cc0cd9e513faa1853b424160135c47ee4c8b6723ed6db76f619e98adbd4921f9ed079b575fc44fe45afb9c808caed94c760cb0f03b7eff2 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | a19a02708003d0e69e9a150ad20d88d6 |
| SHA1 | 178948d34f0b9077f7c387564836ea0aa09c6b0b |
| SHA256 | 51dd760b8dc9467961a211af0e1556017a0c12f667358a2fb748a555f6e10556 |
| SHA512 | 7ece10a72bdabd27d6b90050061ac1e25775ad2a95da7e09601b178c663bc20006e3f3a27d26f7bf7c0a899e2d1ec7621ffaea2f288d48bdd1bfa18864567f95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7ae8a286334a4e189716b0d761e9c1e |
| SHA1 | 9d504c3e1ca07d9c75de0dd6bc9afdbfff4257a2 |
| SHA256 | c36efa8fba0cfa61d8de3042aae99484d0fc8d9ee86fc2047f86691204603b7a |
| SHA512 | 578128cb549262945cb2733c3fab4930d8a7e1cfae8856ac2c41f49a3a7df84c05357d0ded97ccd71e4f59c458d3a58fb400448bc54b29d15f187af9d96cd4a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bc61274a5dae55357b4670a2993c1af5 |
| SHA1 | 4f26a7dec851c3d426985a2eef5429ac49f62dda |
| SHA256 | 0c488f934e44752f57125b13a626addd02b9819cff3abf06e48fef72a7e88d84 |
| SHA512 | a1de2de8ca9d79684c1a9e067ed92a4717f0c37d7445fe1f5003816de34533e222a843375ed10fd733df1f5e475a81663672c38be57b1ae6ab79593ddaf51c57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd3e1847a0298ae96e3869e2f8f193ef |
| SHA1 | 5a178335fb0d991b093b40a217b0504dd80ee3b3 |
| SHA256 | c1a991014e9b5bd2e7732ab9edc02b3d9318a924afb5ce1f535b0c7e82d3e08e |
| SHA512 | b97acbec72a62d6033319b28fef909074a89ecf882b1faa6587593b3faf91186f31443ab9f8d1d6bc546a42d53753d5f035bd8237901230500beedf923e00cab |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
| MD5 | cf5144a59c3b26558c05a5226c4b53fe |
| SHA1 | bcf541fbd1bf0168a2d63ead5b06d8918b89b296 |
| SHA256 | 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea |
| SHA512 | 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 46dd14f3c1d5da4a371f70fb27642c31 |
| SHA1 | 0a3b395d964ad8680e4d2e6b3b3de60af6be9c03 |
| SHA256 | 04bd7c7843e62789c446e4da25841ab64e004190d47c7738cbda9091e9f6aee9 |
| SHA512 | 4f77dee335f3e8e519e2edc5a73b9506f229334eca46e1ca046498faaadbb4df46447ff96901ae39e0e7b98c36bd1240ae6fc68696febf9c67f66ee83d5b6e76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4346feb509c0385557e54f09be5d077 |
| SHA1 | 0858fd5209d013aa9d559b2a6fcaf6a0bd2a6c54 |
| SHA256 | 27c07f83ccecfa6b0ed2dde43d782831ab3351cd2bdcc98a0852d7c99238090a |
| SHA512 | 1bf48fb3e5944c825e32caacdee963824a5960e254ce0c0120cb0553fea146bc4fe7a94ad5370669d6d12de9255f5c48160aa8fa44278887b33496677ecda274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6321e90920fd396ceb09310d4dc93c0e |
| SHA1 | 1e1517895351ce84f7ae1166c1f59c33baf0665a |
| SHA256 | 5648cbb80dc18b0cb697fab08a84d5646e0dcb37f39af9fbf635aca72e00b532 |
| SHA512 | edfa7a4668f7659054d6386f11aa865f4770ebe2311b109aa0aa128307db2c1d25fdb5c2d73cdaa87273b1e5834352565cea10170e7afb02178292aae139bbed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f2776.TMP
| MD5 | 02b4524e83357b30cd131f39180addaa |
| SHA1 | 9d08ebd8fac7e25ccaf5f555f5344d0980ea6edd |
| SHA256 | cd67dd43f7497fbed439db18e10c15566b977b903e18094762fbd87c5cc67a81 |
| SHA512 | cf0e3def82f74b3be3bebeefeae3d2a96219d1cc759b3492a387a2bbf9deb93bca233145180dfcff19761ecbb7aa14ffc4f43846aa798d0c8ac227040c67edec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c8c8526753281954c734e25b526d9e6 |
| SHA1 | 95d4d6b5a288fccf727eb710e26320db654ca330 |
| SHA256 | 0cf78965fd678027a7682081c5aa158d7c3e5b6cf1211606fff13608b7fb48e8 |
| SHA512 | 484bfe0d2355673da7a2a35f5de0f41a9588252efcc8229650e3a2113d4180aa8221fe0bbd3ff8d2a769b527b698bacc6a1bd5c8b48e51152e55c8267d3da26f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4c9eddb0e06afac932a619f8fbcd152e |
| SHA1 | d31fa118448412999e33d03d90d10cbc7bfd3101 |
| SHA256 | 5dcf3e24bf4091a988a370492ed10cdbfa08bf332e476a69a23d8203aa42a290 |
| SHA512 | f6da1d4fb4219011054476e238e8f9d42961a43dba88c49815cfd0a2ce8e345fcc6de22b8d0125f95fcc0491b5a6aedc4116851f5d2295db89990ef89000d7c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb0657c89a235116d21461896bcdb5b7 |
| SHA1 | a95c650e828209a899cea00723f023139cf8dcc0 |
| SHA256 | b912440f228498b8aaa0010ac16113059e02eb84c4af26821f1a7dd26b3b14ca |
| SHA512 | d13ac5c5991c93a817dc64950b18e6eea4fbf27662e324e16dbbf87284f431f4994afaa746956b5cc31431966d6faa6d652d646786be8650eaf5d3699f16c0f9 |
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe
| MD5 | 149e6b831dee17cc2122c64124654b5a |
| SHA1 | c4f67f0781345cfc6fdfc5670dcbecf3848afee2 |
| SHA256 | 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40 |
| SHA512 | 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085 |
C:\Users\Admin\Downloads\Flux-41-fers.rar.crdownload
| MD5 | 5a221000e4b504ccf7e5b0839d9ca95a |
| SHA1 | 75a08e0cb294d0753cf7f0c262b77b8a9d1ab70a |
| SHA256 | 7716eaf2ac4dcf1ac8e78ce59ce279b7dec37e70d0d3f9010e16b08d16ab1b4c |
| SHA512 | 1d0564d4bf21d8efba06a241b4c6f3cc40f757dc4bc584a39e7c26a2d21ada3a51bf7944a0e89cd6307a968af9d511c57ab2cc30f59aa9b3a24fa2b1957a8a44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3cf5c8c3e4f5dce47dd2fccbd794fc62 |
| SHA1 | 3e4e3698ced748a50109c41463cac353323d6037 |
| SHA256 | 2311a282bd9e86dd7b8d48c56dd95f22b9ae712d08b196378fb3b5b6d6ff7071 |
| SHA512 | fa3464e0f1f257ce718c6f8655bbe10c6c0919766b2f7354e5d369a492a11aed4221369ddbb9b6f6d1a737bc3c31f48b677dd4c1902e5ebf1af2fd1640687bd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6914a11126b64a7dd5ef2634f74e9999 |
| SHA1 | 321a6e0fd25b2ccf00ebb17a3bcc0318742a1009 |
| SHA256 | eeaee01d15cfe3a204eeea61109dc0e590f91de69c84b8593071cc6b26321f20 |
| SHA512 | a2bdabb09068395fc41921e2c67b9e86f60e34330af3c9f45545a3736f06746ea46192eb1645552908855837e8022ed7c08b66f6cf7eb49d141f067394771a7f |
C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe
| MD5 | 4d6b8b8370fd761dff1de44c1332feb4 |
| SHA1 | 9e897cdbc3be6cb21c4e5b99f632a64a442c1ca4 |
| SHA256 | 97dd6027040495611bb23d99581fda423e57962ceedefcebee3f15e8e6ed2682 |
| SHA512 | 30eded8b7316bc95f05e84c102f4afcf71183b6c7895bf7e010954a4080bd77a06dc0e0bf0e2583e8e315c891c9eab8ed71a558a9247e3457b02ac8c8cfe64da |
memory/1720-2356-0x0000000000DA0000-0x0000000000DEC000-memory.dmp
memory/1720-2357-0x00000000720F0000-0x00000000728A0000-memory.dmp
memory/2740-2360-0x0000000000400000-0x000000000044A000-memory.dmp
memory/2740-2362-0x0000000005700000-0x0000000005CA4000-memory.dmp
memory/1720-2363-0x0000000003110000-0x0000000005110000-memory.dmp
memory/2740-2364-0x0000000005240000-0x00000000052D2000-memory.dmp
memory/2740-2365-0x00000000720F0000-0x00000000728A0000-memory.dmp
memory/2740-2366-0x0000000005400000-0x0000000005410000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7019bd8fbd9fd635e5131516ac39011 |
| SHA1 | 4e7e8c11e1461944d4aea568a6f00d7280144125 |
| SHA256 | 691136292508f55c42532a9310665ecba564f500256a6fa6df5b162796123f3a |
| SHA512 | f6f7f525bb85be964ad3caae13a3ed69aa154de0bad68b1ac0ccbefc79c401318e6792a949e721ade4ed50c48964dd13a7bebd5a8cbfba6c967ea61d4ec9f83a |
memory/2740-2376-0x00000000053F0000-0x00000000053FA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f834daec908f613f28ea4300d509a43 |
| SHA1 | f5884febcafae403bdc7bb9e0cd27f6f8a9fd245 |
| SHA256 | a18279dd0ce5fd666fe4ed7ba4f589d3b679928f2c95f98c53fc25a95ae859f1 |
| SHA512 | de586637e725a141b6abc8c8073f7855ae1874e1bd736a0dc0ab96b442d53d11a099273eb2cefbfd39b931618529878f6bea62a2ce6473f8093fc0753b04bc89 |
memory/2740-2386-0x0000000006860000-0x0000000006E78000-memory.dmp
memory/2740-2387-0x00000000063D0000-0x00000000064DA000-memory.dmp
memory/2740-2388-0x0000000006300000-0x0000000006312000-memory.dmp
memory/1720-2390-0x00000000720F0000-0x00000000728A0000-memory.dmp
memory/2740-2389-0x0000000006360000-0x000000000639C000-memory.dmp
memory/2740-2393-0x00000000064E0000-0x000000000652C000-memory.dmp
memory/2740-2394-0x00000000065E0000-0x0000000006646000-memory.dmp
memory/2740-2395-0x0000000006F80000-0x0000000006FF6000-memory.dmp
memory/2740-2396-0x00000000067C0000-0x00000000067DE000-memory.dmp
memory/2740-2397-0x0000000008150000-0x0000000008312000-memory.dmp
memory/2740-2398-0x0000000008B10000-0x000000000903C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | b9a9e7e601cd640d5ba482f36ac074b2 |
| SHA1 | e9045a5a67d1f0bd685f2469c9ec2ed39fa9fc16 |
| SHA256 | 434d18419619d5639861cefc0b32ccbc98a94f9c3764b1eeac46b5d7e9059809 |
| SHA512 | e6970fe2991b483e51da3a61f92fd95fcf45fd28c1128d8904119e6ef61ac817e3371d22c25c44bc2694a4ebef9be3a6fc93508a3912e21791950ba6ff875115 |
memory/2740-2412-0x00000000720F0000-0x00000000728A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
memory/3160-2467-0x0000021EBDCB0000-0x0000021EBDCB1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27ee3d2d6559611ef54ebb211438c3f6 |
| SHA1 | aa1ece1db8c954a11814b4da19eb774105586833 |
| SHA256 | bcd87e26562eebb4ee2d6edfdc2e48e55d9a93e18f6ce68cff1ab115e7df2005 |
| SHA512 | 6f2c936d32c2cd9239d87263777ec1dfd97daca53bf630d2f793492dae135f2c10939255e3f245ac6523b4bed51afbaed3e47f62578b213d24bd1abbe72deb27 |
memory/3160-2473-0x00007FFB9F470000-0x00007FFB9F480000-memory.dmp
memory/3160-2474-0x00007FFB9F470000-0x00007FFB9F480000-memory.dmp
memory/3160-2475-0x00007FFB9F580000-0x00007FFB9F590000-memory.dmp
memory/3160-2476-0x00007FFB9F580000-0x00007FFB9F590000-memory.dmp
memory/3160-2477-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp
memory/3160-2478-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp
memory/3160-2481-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp
memory/3160-2482-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp
memory/3160-2483-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp
memory/3160-2484-0x00007FFB9F660000-0x00007FFB9F665000-memory.dmp
memory/3160-2487-0x00007FFB9EE90000-0x00007FFB9EEA0000-memory.dmp
memory/3160-2488-0x00007FFB9EE90000-0x00007FFB9EEA0000-memory.dmp
memory/3160-2489-0x00007FFB9EF20000-0x00007FFB9EF30000-memory.dmp
memory/3160-2490-0x00007FFB9EF20000-0x00007FFB9EF30000-memory.dmp
memory/3160-2491-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp
memory/3160-2492-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp
memory/3160-2493-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp
memory/3160-2494-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp
memory/3160-2495-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 59bba496df1077b8f386a4dfd81f1fc6 |
| SHA1 | 8b881d88f1decbfd009e6f9188f75063077b1b45 |
| SHA256 | 7efaaff6bd145e9205a6a23f87c63160e94f957bac7fcf0bf5695135c0c86660 |
| SHA512 | 14c4d99e2b1dd5bf48569b4408fb39bf997d78b308d4c9553fac332cec70413c386c105d05004898e15a8dca2f117335772f830c4444ce7c3770cebd5196d252 |
memory/3160-2501-0x00007FFB9CE00000-0x00007FFB9CE10000-memory.dmp
memory/3160-2502-0x00007FFB9CE00000-0x00007FFB9CE10000-memory.dmp
memory/3160-2505-0x00007FFB9CF10000-0x00007FFB9CF20000-memory.dmp
memory/3160-2503-0x00007FFB9F460000-0x00007FFB9F461000-memory.dmp
memory/3160-2506-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp
memory/3160-2507-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp
memory/3160-2504-0x00007FFB9CF10000-0x00007FFB9CF20000-memory.dmp
memory/3160-2508-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp
memory/3160-2509-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp
memory/3160-2510-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp
memory/3160-2511-0x00007FFB9F150000-0x00007FFB9F160000-memory.dmp
memory/3160-2512-0x00007FFB9F150000-0x00007FFB9F160000-memory.dmp
memory/3160-2513-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp
memory/3160-2514-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp
memory/3160-2515-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp
memory/3160-2516-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp
memory/3160-2517-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp
memory/3160-2518-0x00007FFB9D680000-0x00007FFB9D690000-memory.dmp
memory/3160-2519-0x00007FFB9D680000-0x00007FFB9D690000-memory.dmp
memory/3160-2520-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp
memory/3160-2521-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp
memory/3160-2522-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp
memory/3160-2523-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp
memory/3160-2524-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp
memory/3160-2525-0x00007FFB9D290000-0x00007FFB9D2A0000-memory.dmp
memory/3160-2526-0x00007FFB9D290000-0x00007FFB9D2A0000-memory.dmp
memory/3160-2527-0x00007FFB9D390000-0x00007FFB9D3A0000-memory.dmp
memory/3160-2528-0x00007FFB9D390000-0x00007FFB9D3A0000-memory.dmp
memory/3160-2529-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp
memory/3160-2530-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp
memory/3160-2531-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp
memory/3160-2532-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp
memory/3160-2533-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp
memory/3160-2535-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2534-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2536-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2537-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2538-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2539-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2540-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp
memory/3160-2541-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp
memory/3160-2542-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp
memory/3160-2543-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp
memory/3160-2544-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abb721839e94bcd2bc0db3a16884c896 |
| SHA1 | 3ac00115b1acb228f06c6b415f945634b966cf26 |
| SHA256 | e84f5dd1835ff030397d805bd5ee64e5878900f01f08d622a55d103f46263352 |
| SHA512 | 33d78eb201d0b93d496d031e79888ecba0d5aa7eb84b198989451db5942053b11e0645466101f323a26bd2b2a53e67c1f338ed1c9a3bb94e2692438b9f88b1ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 361e28e3d4f02b26b517e4796077662b |
| SHA1 | d7fcdc572ee73c279376857f3b34c8b82c74ebc0 |
| SHA256 | 8ca207c140cf07d66794151b7d6dcff6f6f2152ecafb9b440d9d2f10c61531e9 |
| SHA512 | 77d8ac501dd1a7453a74b529787653600f722e7614842e3b8b6def6373fc590a00301d77397e7cc9d7a01d194727aeac8405906c493b5b301944fce6e21307fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ee622055201d436bdf84b5c026622f88 |
| SHA1 | 462dd79a2f92b00f8c6e6914e12a8d9a19a00301 |
| SHA256 | 74cbfd4d6a1ec51d679da584b3f393507be40dd6f743444ba5676c0e43019f2e |
| SHA512 | 4c4952818e65ece6a464da73053ca4a8c79f538939e9540f4ba7c7e8b0bfb3d1aaf61ddc4c6bb3f2868ac7b5eaf8de8fe04130c50b611cba75bcd1cb7176d151 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35fe990e8a04bfdc3b444df18b0fa4c8 |
| SHA1 | 889c341eb22fa731730f34b0d88a2cbe33036654 |
| SHA256 | c0d074038def2300024e56bc2df3f6c6b9ea2b407e1e2b6303f5e61d0ff70447 |
| SHA512 | 0f912f3a6a1137ce4f852c75344349571c2c7d40ad72d5ce0e0a5310b33631d4a3dd12f25ee8018d843150379a8a3b30e8a6acd8225f99189d562e582c69e185 |
memory/3216-2655-0x0000013D1A640000-0x0000013D1A641000-memory.dmp
memory/3160-2738-0x0000021EBDCB0000-0x0000021EBDCB1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 017be6df1f2dcb24b9cee3c8c5590cf4 |
| SHA1 | a76c5b19a5e14b9d23d9aeefff6c6dcad5a5f409 |
| SHA256 | 21425b93d02244449da4388334fec9f0a3592891b8fd5c9a2333728b1fd2aefd |
| SHA512 | d43e5b1f705b1e8d7858cf9f758ea7a47eec3cf01dab67910881c1801dc135617f6847f65e4576c395a96661d15cd86a2266871cc63550f888d190b4c1e627cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | af54d33411aa2c15da5afd4bc3274caa |
| SHA1 | 05be8a14d331f7e7fed995cb5ee00bedb6cffa32 |
| SHA256 | 8ff9ec81e835692f8c0f946638252472e99e95e6f2d7d30aa5d20626b5971abf |
| SHA512 | e78229ba7e3326789fa26f34f567a31b53cc3905e1f4b08172a64caaac26ae2aed6714ff47b1d007eb3bfe104ee9142eb2e7b2af0cdb685ed71c0309816c0ee3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58e145e082f5e513c2fbdc8402da8b11 |
| SHA1 | 35686a55cfb7c4c75c52e05e0ab05c1c8bf4ce33 |
| SHA256 | 487d5958b2bb387ad7411df32bf18e37ceecd954da66c709c19e051cd537b9d7 |
| SHA512 | 518422246a424ef1b775cb47d54f764e1e2359fb61fad203d97fd5d7f3063cd4353df546afddac859e4deab77bfb080de18b5b3c3fd601013fa8489ad9d8fc3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 915e7b7d4da26951c373cb0ff4c3367a |
| SHA1 | 4d08d5569859809e35e1e1da8805046a7c5f72a6 |
| SHA256 | 4fcb2a07b12f1db52bcc1eb9260bd2692345fa1e1152d7f1f20d6109102b272e |
| SHA512 | 6c2926571740c7922ead14acd714efc53de6f9ec45753fd09a782935fb7b5010b90c21f2fa146abf6128485e379c7410f37422c2012c1a786e7f7a1212749a10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3883c1f874b6d12cd056b9d75c4e8b5f |
| SHA1 | 2c7088671b07cbd7405e3000040e89f7ceae57bf |
| SHA256 | 60284fcdb8e3145c3bcfd2806d174e754e5a3821f4b0fa1dcdd7a4e1509ff259 |
| SHA512 | 40d0f3e9a8855aa6c4d7c361074eeba6e83e34c55403d7ea4eabe292107e28a564ead48846abbb78c7cff2f4b4b6a41610e8cfb93b7c0596611fddd0fd5b3698 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 29426e080c8c30f4921f9ab0605ead45 |
| SHA1 | d9ae873e2aad8ebd57a2287b60078abc009353a8 |
| SHA256 | 02f09ff116d314298103760eed4ad4c75ed9d588cb86f73196d8ad2fb0b27ff1 |
| SHA512 | c1434c658842f418af6f4456abd29311d7489d700659d0cfb02508948da23f474d18218873771908c128e18068e0670c87fc124f732862cfc790fa464240a21f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 00eb3cc40ddb591cdfe610a9573720df |
| SHA1 | 4873f3fc663408f025ab44c4ec84caebb368fabc |
| SHA256 | fb644c0c7217b3bec297cd7d35ba79cb1097771581a387c330189979ee4d2eb3 |
| SHA512 | 9938d865255307f21cbce4d55ca04c3ea10b0e8e63e5b3c29620c4aa19a67552731939fb684459e74a17282a0fc2c4f3044a05f821d7277986d37bd31f776337 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 6c5f95d6ba7c7a64b3831faa559baa71 |
| SHA1 | c23149a6e3f0e71f0d69ac7c38ad904d7b44df93 |
| SHA256 | bfa94093b4f37cc0582287d8b91e5c818ff56ed5a87b130aab2332c0d7f50669 |
| SHA512 | ba15b78d407f202e772de81d1736bab4c2589d001b18d4284f596f8fae0214cd309803e002449f6fbe6490208d29def169030c2dbb687c50955407fda241ec36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de5782982d93105406aa185751a2f0bc |
| SHA1 | bd296154ab1d4a53dec1fd44139a5fb6d078702c |
| SHA256 | 8ce9c408a083650d340502997bdbf9b278251a2992625f98021076f58569558e |
| SHA512 | 9176e9beaf709b060e75b77961f8319e94f4eea89f0a8e1cd511182e6e72215359cd8e668148ca14abb4b04e3970398b2f276971160d3d32a187336c97b69572 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | baa350dc564ad2d6b74768674f239733 |
| SHA1 | c785991de4bd5dcd31f21541a3438a996778fd08 |
| SHA256 | b699e0b33f3c5f8d097625798b5f84dc6b5fe3d27e1acb538761e7fb06e3115d |
| SHA512 | e22d3f8efe9bfc22ec05c0d60e033b60a3b8b63a9e45352a152a8cdc17e38a067494160a4600688c401fd7627eaa16337f0dee27588b5f88cbc9d3f83b1998e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de80efaf441169dedc5d7c7a841eff53 |
| SHA1 | 01b2bdf8ec5d73787372305e278d89534e79cf70 |
| SHA256 | 0f9df3acfde23771e0e9cd4d7cf7ca025a6874405f8d9af8065613de3a2fe624 |
| SHA512 | 70688157ae1522bf9549d7d0360c5b45862c7612067a3f6ef12d8f90bb77de2c4eecb1723ac7e5b066fce0851ed60a54ad176f117e35bf58b70d560bd1ed831b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | decc7da85d5f478fb51458ea88955625 |
| SHA1 | c45526067f118db2cb5299ee83572f778c41a514 |
| SHA256 | e9cc835676d128c8a6b474ae620342fa498cd3178bdb88c694e68965369817b4 |
| SHA512 | 8d51192007e897eff6f7501ed43120ecf914857ecfa3b0466de89fef4bdfbfb326bf3dc7dac42d3b17eb0b30d775e17344e9ddc433985cb2fd86c6c5bf3cc4b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 24f1f807f25697582ab3063fb649ff50 |
| SHA1 | 65be3b320e80b7ce4b6d37cb726175384e35a607 |
| SHA256 | 9ad1fd5761988b81063e63a2179fb2c51af6e0247d86f856dee6cbfa11329968 |
| SHA512 | 41abd5ff29bffc3aff7b661485cf0c78d24f1013533525677b92a26debd307c552e2a33c4e69601d35ad3918b3111061b1a29c0cd74ed5440e3dcdf5e4331b64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c56a1cdab8d5fe3e195d9e307e1c1b0 |
| SHA1 | 407308e2e4c2c97a94f72e0fe10166d1c3ce06a7 |
| SHA256 | a2638990e6cf0f03117c2c469a12f9664e17c1d3d20bae3348af8fb88a36a087 |
| SHA512 | fc96f124efce6ace4391203526b9506b490abd218d3e84b5f9baa2175cbb062a87748c4c1d5816a591eaddcf2bbf2be0812dfd4f179d0b8f2c4a475db8d5ffa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 429b280311aa793615896ee7b6447c26 |
| SHA1 | 49e5f4b4395f016c7eaca6a6ab7ac8c509ba305e |
| SHA256 | bdc0d0d87d5ea50c0b7f16b6f7ae3fe45a31ee85ed30e087cc09e0408e7d86b7 |
| SHA512 | f0d951faa00478df2eecfd138d461062de006994593782ce431be46ccda83853da8f07c615f31481430555e3823b83fce778d19d5f74dfd2f0e4194fe5dabaac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 841f652220dbc94ae125ec0fe3fd0e2c |
| SHA1 | 3c8d0f8ba5ba69f101b6738baaec899f0ff2c558 |
| SHA256 | 9bce1a4d4eac7416adff1fd02efc9aa25c707e51214d7b1173c7432dd870cd09 |
| SHA512 | de7ac507481e00db4850180b193591681cfd320906baf3ced6c3adf1a5e9d7224b571275c9f18018437402330ec1382e6d69a1cc2d84d4c55d176c04f866b423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df1636b5f16b6f401125046aa1c3e387 |
| SHA1 | dc853426b9d189b1380cd78dd1c53f23ea905ee5 |
| SHA256 | d5ad229b4754d7619d6513c3f00d02fb6336e337ce321338c80c0a9c96c6ff53 |
| SHA512 | 4f1f1a43a8e1b05a01117f6a1c635da5185facd02cec0fde854595299435bb3ff3ad1d5ad1dd17fe9687a26cc21554f7e1f7abd1508ee9ea0a581649a10d80e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3fb13b024ce109500d2e6ad3249a44f7 |
| SHA1 | c62471f6c8e1c8bc55850fa6e7f710a5aef87a08 |
| SHA256 | b3a697a4f5384745c42e1fc65208d2ab5779b57347a2f2aeb7f2b4be7428c91d |
| SHA512 | 5387def9195d0e9980c447c0a4f6e7351fae387096b4654e2fd65f9c9b64dee98cb7edf9e53a819755457d5e21124e095cd5ba7dae81acdcd1cbe80472484e68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000176
| MD5 | 68b24c33a1084c384158245ee07e703f |
| SHA1 | 1f40cdfc988534806606faf81344ba79a1528ed9 |
| SHA256 | f95947735f1ba1e43b46a1ddc7229b71d37aee7821495f87f1f2d25563d47fcc |
| SHA512 | 1af1c596736b46a538a06285196d05054c062f29335080d136d325dc305d2d65d266517386d8d54a37de94036c878d9ababa76d9a5f5e8d8d07236d5ac0bb9ed |
C:\Users\Admin\Downloads\KRNLWRD.rar.crdownload
| MD5 | 0543fb19e06332230138146e743561d1 |
| SHA1 | eda5c083624948c1388ba73c33447c97ddea7f41 |
| SHA256 | a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61 |
| SHA512 | e7d934d87b730b484c578f3db648224cc192f292a1f9434a655719015da440b4d15458348a85c2f88d0b6808ae032a3f082f12d1b53fb0a7405425d95f7a358e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7593309dafd3a467f524827d1433a883 |
| SHA1 | 7bac0e1e173ffa1c0c2065b2134f5661e5878911 |
| SHA256 | 89732a00844c11d00f15a90fe6454489ecee7913741fe5d19fda3ba7575c6313 |
| SHA512 | d7a9cd37037b21332727c9f3348567ad80d266e16c7a894e3d240c3f9608d05b879fe666af7beba957fee0269c033270af15f5cff07a20dd8b02e194b8829cdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd55b43d21b7ce6e94701bbf2f9f2ba2 |
| SHA1 | 1b86c087ed590d86effbec9ed39af9493b38970d |
| SHA256 | 07bb5fef320b70c4247d28f9e5e2a87770e6ecd0c688d3b4dbdddcabe69af478 |
| SHA512 | 36c25eb25946b148549737458bb3055acb6c7fb3043ca7811d73356aba102543d738ec17aacb75788d81e367228837953450c334ffe378edb5dcb4f2e7003f10 |
C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe
| MD5 | fb3a52d1045b1a0298668f2d77680306 |
| SHA1 | e16d5085977f1b895b7b2a046570b2da474add86 |
| SHA256 | 8869c44219364f911548cb18da0cc6413b3277d3a8a8df18d0a521b558830d6e |
| SHA512 | e19ce4c86ef8bf2ab25b4da67bf83acef5a8e688abfd3f96e8dec8169ce410c833df7685b6fb0b7489cf90ca51c56cd7264e8b2a94865aea5e5dacd4c5b7f44f |
memory/3860-3576-0x00000000003A0000-0x00000000004D6000-memory.dmp
memory/3860-3577-0x0000000075200000-0x00000000759B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c61c77c860efa02469699a31bbd6494e |
| SHA1 | 5322f3fa8118cfd613fcaf3b2451090bde95d8d4 |
| SHA256 | f61a6b1553e12595f7f461777084431baa245bd141f5eb4233d51d3c4c622ec6 |
| SHA512 | c4e56547523caa33703cb0065fd19b1f4f6332f786dcf8d917817e57f83f2ecab5fc0216756a2155407909cd3837d816d31810006b48ed4f0f71e832db0487e2 |
memory/3860-3588-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/3860-3589-0x0000000075200000-0x00000000759B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe627048.TMP
| MD5 | 5932d6d113d325324b1873f38a6d5370 |
| SHA1 | 2803d26f10534bc5c17ea6c99f3a8a9db37189d5 |
| SHA256 | f3e57c447b0931cd24fe7f860e9a13d6bcda3930f0b5177a60c006617a2612b7 |
| SHA512 | d3af092efe46edd31091dae5738c0a90629ddcdb88aa735d08d0311fbf70a6033eae1cd816e1694afb866c9a3321738dad2ce2540a059e9ccb5af0220c7c7a9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5a6aadf9e48b64351486b4922a674b3f |
| SHA1 | 2d399860db1bc02fa8b0cdc8be8c0e98722a050a |
| SHA256 | 1fdb50a5222451210e1a27eac6bf6af7e615d267573f7cbccb3198758fd50348 |
| SHA512 | 429e1592de398ed1c362f7b3ff5f9c425d6962f52da0b38879eced94c7c21bdb09453f70dbc27b00886abee5782e3e55d514c92ec8799f2c7371ad6c32063709 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f69a5a4ef5fe021f86a03141f63fc5a5 |
| SHA1 | f3dc7a5a75833085e2a89d9627acb7b104b633f5 |
| SHA256 | ad8e9568bf7008cda0dc7438b0d2576dea896f26f2e9ec374334fa14632c842d |
| SHA512 | 9954150e03071fd4545761857bdfd7a1849f409fbfd27da980abc94c56f9104a1468662259b02e795a8874631d3e801a70c1b3543a957b6d27f736482f602e25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b74c1aade36c0e2875483ef5a2b664bb |
| SHA1 | 0f0caa8e808c0f6e532998d2474f8a7cc055f471 |
| SHA256 | d5a7a1ff1b7653258ce346d7d3288e2c1a76410ca3051a7ae5c5f3599aac6f2a |
| SHA512 | a8af1e26a511b9816c51e4a19d321eb1404460e609a89ba46f41e162277c2e981d1ddd3231e59b54ce47281ef8e722abe0eb23e8cb0e48831b0f707a59b820f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e426b2674fb532d81bee0f37fdc6ac25 |
| SHA1 | 1377d233b3507a0d632862738f9629ff7d0a2e35 |
| SHA256 | 2f94188b9748d0e0dd47e292f8bb7f057b068bedb63e42d7f91534fffbb56376 |
| SHA512 | 501977d3fac2f7a05e774e6645321207e728948ebc8000a2f162dd9280bb45b2a68cb057560d266d2aabfe2762355f4ba831fa80d0982a217b8682a9738e8c19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d51ac421ce21e75e1381abb3c84118c8 |
| SHA1 | e594b2b361320e3b674da92375d758b3e52305c6 |
| SHA256 | 94bfb2faead7d85a508ca10fa156e9b333420b3424baf99fa6cc4cef3c5fa770 |
| SHA512 | 9f908ece96ea993b282c522d929e0298b822ae2da04d6ef9d604a9980ef0ae7787b00123482d4226029d17c82027f68380a501dafc23f1a62e2a7bf02109da93 |
C:\Users\Admin\Downloads\Setup.exe
| MD5 | 2ca97c40a611a894af26c0b7a7a6bf08 |
| SHA1 | eeac616238f8563d4a026f5f88bbffe8232c4065 |
| SHA256 | 9fcb07f511eaa6207de08ca4ff52b8c8a71fd522386dd5624f9ffaa80b4317c1 |
| SHA512 | 3d830378cc89b417b16c3cdf5cb499afe796fa7414b059c77d2025c648ab85b5281580da238347a845ece7d577a3e0793ca002bbdf0cc1878c5cf0e152d768fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1de4c4cf2034c08ba948a6f5fb98278b |
| SHA1 | c75a956cb1ed18381f2873af22108df58d0e621c |
| SHA256 | 36cec7f77bb070752f30ac25b5f6b7c4998e6e5d41bb98a512e5720fef62b768 |
| SHA512 | 84285a70f97976dcba13f98c8bcc1102382a0f3cb88473d2960e71e9c7905955d2c1acfbf2c714bf988f4504451b540f498d363e731904585559ba4828f3cecb |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
| MD5 | b18c705b3c68cc49d9bf3649abc75c24 |
| SHA1 | 6dc8963dea0f3185368790dee2a346301b4fa24c |
| SHA256 | c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa |
| SHA512 | 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e78c13f7c25870e0225f5b3759efd3ba |
| SHA1 | ac55d93ca1efecacc91a5099aaa56e0a49284428 |
| SHA256 | 0b29f9bbeb541179fa8dbbf5543e02234e3ac44078090c4c21400c98af79aee6 |
| SHA512 | 0e09973d8364574013c3b8637df0cc31d17e4a4ba12cf5909005df559a7aff29a1d7976fbacb4fd977bf94e388af624666a91dcbec9c3522023d3c87e7ca6607 |
C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\nsJSON.dll
| MD5 | f4d89d9a2a3e2f164aea3e93864905c9 |
| SHA1 | 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a |
| SHA256 | 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb |
| SHA512 | dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2 |
C:\Users\Admin\AppData\Local\Temp\nsl13E7.tmp\inetc.dll
| MD5 | a35cdc9cf1d17216c0ab8c5282488ead |
| SHA1 | ed8e8091a924343ad8791d85e2733c14839f0d36 |
| SHA256 | a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df |
| SHA512 | 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf |
C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0ef9eb69a5662c818407f20469956c61 |
| SHA1 | d9e3d47a574dfd3dfdc5024469a1eda67d4d7812 |
| SHA256 | dedbef29260912e0b00f9dc0350ddfac38d078d60ad946933e7cb8d737127cd7 |
| SHA512 | c0f92c2c192f5f95b385e2e13348b2b56c14eea5f12671767c1eaddb012d23aec80f88731eb2fc84600cb8095d3938c9a6a353e0cb06a5994dd10e35888f3d3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f334b096009d148264eab6b0a1bc931 |
| SHA1 | 5cf3cd4168e983b530acb9d0740d069716312e1f |
| SHA256 | dc6ce8ebad5d7224bb007fafff07791a53cb4252717e8e53cc6d7c17c26d0179 |
| SHA512 | 73e9a6fbe884dc08e8989b8af04b1e83cf3abca9e5f382ace1dd9b07d7b2cd5cf0a00703c3a377adb19a5d5ba7360646ca61cbda20a5c4a078d1d14b626b982d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d72597cdb02b45bba054d85ee9ced964 |
| SHA1 | 94a6bc085d78e1964fb6dc5dbd583ff88c03dbc5 |
| SHA256 | 748e10e3fc86afe0cbea753deafd1a213f2e9afbb91bb8ff39672aa64b19e400 |
| SHA512 | 170f591c58d6a74dc5ce350359c2b4b282bf56c89442989f2b23fa072ad4bd5856b74bd4818c8a8586f3421aec59238c6898bbe0221a272bac0637ccc38a84ad |
C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55d5d629558551dc5188ee919f0084bb |
| SHA1 | a1221d31de149d1ec2418b8314e465a415881753 |
| SHA256 | b6d080970279c716f7279cb8defa602a2a70ecbeff6854060f550edc7d5e58ad |
| SHA512 | 0acc6b1f28b42b21d6adafc4aff701c30bdaf36bc4cfabb190871089d1350d40f466b7456c18fae0013588efcb3b2a5d9a6a7fe7c4def06d42333cb002880b6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f86a28caa53b2a24b987e17cffa85d6a |
| SHA1 | a5f08755c7024cb82b52a9239b135dd28aa02da7 |
| SHA256 | 4bee5c529129eeafcc00dfbc1523c955efe56849d14573f58b048e6e19e58b3f |
| SHA512 | df77aa5d0888950bd29e998917d653c5f559754fc2c140e48fa9189d8d470f6efca83daf38699dc79bb3743ec6e2704462fd59770c8f340643fcc17733c11a5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1632204085c140749916617469c0f4ff |
| SHA1 | 1eb57ea6da5e48dee072ce7bbf41b0501ac3b08f |
| SHA256 | f215c9d9324295749f5748cad808ce253e57f4623cb83db53b961ded0017b296 |
| SHA512 | 1bbbab2ac127190a8feee1c0c15b35c08bbe0872276cc2fe48b9803e6dec83296ff72f23b2114a1b27bbd1d2ff97c08d7bc8b2af4354fae061407f8063776586 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000180
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be846fd742c11398_0
| MD5 | bf638d207361bacacdcccfb66129e88f |
| SHA1 | f11cb41ce6456c1132e8f7ae3de8e470c955a277 |
| SHA256 | 3805bd2678af2933e78d56d23132671f9dbd61f7749eafad6b5dce0fbc4ee8dc |
| SHA512 | e3e7b5757e93041daae5b5261be34e760509d7faf165ff67ad284512b7046468c3ec0e4e62bd8c094c1eeb70e12c9b2d36084ca6f042ee5ef30bb2bc878b3909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3244ebccd0ff0a27_0
| MD5 | f176bbd6346683e404071b4089c48ee4 |
| SHA1 | 685928785edb7733d5d0200df0acdb57c80d5d7b |
| SHA256 | 5da79e03b36106949d6206323ea83756bba986d272a7a1ab1bc602a9e27601cc |
| SHA512 | d613f02c0b8c41ce0607f21132f74cb67a02104adb06ff4990257b2af78cb8706a092f430df3ff887c392070c493fc463741ce0014522dca256534abbdf6a1fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000182
| MD5 | b60fef268ebbaf639fb5bff1f300b275 |
| SHA1 | ee38092bb8705836f6bbf577c50a1e905756a3a0 |
| SHA256 | 547f01b725717cf71f431159443b6689f66975da142fb1e4f23c8728331924d2 |
| SHA512 | 7d4f43db846639597e36ef611981c9766daaf6020bd08fada8e907cad0df7019764f3f274f40774e65309da8b005c36c21422f28976628dcee780405e7e3cf90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 680e3e672fec1e78fb9c4e341c25b768 |
| SHA1 | c23b5e1383067be58d1e8600bc31308c5bff8a06 |
| SHA256 | bf2394df15b5f76ffef185b9dbd06841502e0c0021816092a6777e44f65b1082 |
| SHA512 | 6041cd445a577769ad5c81686d2e992cc3f252d854e2c3240ff23356b00e5d1c69e2bb122ac9f5de1f81ed00e3ddda45c9158dd2c1e1ee52e344b9ecbf228bb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb5691c35561ab39300df128407147bf |
| SHA1 | b1d0d084ddbbfb8d7ef45d1b5e5370ab0bda64ce |
| SHA256 | fa9835fb1a7beed495f0f3947bd04c08ec4cf11eaae7378d94cdf04873b3d86e |
| SHA512 | 401400c9fc18757628e1c13aa946a5899ac655b3f8873fc9c0f73ccbbf676eeb1648d7755f0927b04365a5217bc4b6fdb7af655111e34684853b3edccf2e2877 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000169
| MD5 | 1aab84ca73e27c26db20e30c260dc11c |
| SHA1 | 957b97193dab5b1c6c437765c41e6bf76dea7bfa |
| SHA256 | 33f3fdb2fa4a8111ada9fcc0c86029b596fd37622c4f49c0d62bdd1f3a954d45 |
| SHA512 | 64e8c16e42fcaf4eab7b840ca646bf6c78b65ebde6ee53852073e63d6fa175afdc42e588feed13d1137b16ff26198acdb0b95d9a156d7ee107aeb349155e8540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016d
| MD5 | 9eb21aae3561bdfcdc516e6e29a0b895 |
| SHA1 | 892c2e89bbac78323091288e7412f7a5cc2c9887 |
| SHA256 | f93b5a009187991456fed019d226a35cb9f9421c3fe01fbc7cfcb0a3d0c4c312 |
| SHA512 | 40ca020187182903f8527d29523bb0792be70f4789f450be5483b73a37a902d37e36afe0d8edc8806a4160777e7a0a4e06067f0867b89d63263ce0b19eb1444b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016c
| MD5 | 733edbbaeaeee23517c7861d02ec8db5 |
| SHA1 | fc65fd229130cdee77484c90e1bc24ad4f374dbd |
| SHA256 | a6cda535c689ddc3e8493e9e87ce474f5ba006e5a133f420549431a802030ed3 |
| SHA512 | df848151e9cfcee8841827b7702de27237e88d57b3fc45192cf26b44744437bf327db5b880fd7c1188c27979306449bfa3226299ca9902ee7fd5375a606007f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017e
| MD5 | b7ad0028b9fdc5add8e2558d651667b4 |
| SHA1 | d46e56bf6420606feeed3e95d0434028052a9550 |
| SHA256 | 1d7978c3e30096a4592bb4786f78147971d72f8a7fb7db71156536c1fd34b412 |
| SHA512 | 3e1802c920a3739ddd28c090488ced4a564bf168aa4d536bb3ea6afaf69ebb212b08c79f025bc627a9b4c19cdce7a0a03e12928b877368f029f78d8d20584cae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016e
| MD5 | 246f242deff397b2fdd507c0850c3513 |
| SHA1 | c6f3059eb9959500b2b7bde6439927a41d0b9df2 |
| SHA256 | 9aedfa240c90621c18d7a40d11d530cbe4621a0c459384204f5aa4e0755d923c |
| SHA512 | ffc2e87a79133efe2d621108492f560771eba798d2b09e406f729c02e8c110386ab5c5a581abc2918ff3365c013a7b217719094290a3b53fa60d81ef7178842e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016f
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 557d486c15a1386cadc8dbeaa8b0757f |
| SHA1 | 4e269a890e6d30fb843b93c2deef6091c642679e |
| SHA256 | 33f887f293b15012060c51df6a63d256bcd8a9dae94e3768e0b72e6a6f81a50d |
| SHA512 | 23f60b7ce407e7f3158aa54cf08ce42331481f8cfb1b5914e7c08ad0b2c4528d0e18b5ff01c601e34ca331a04a7de45d3c1e980265c68957987abcb03213b8a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0db41db6e3225ec8_0
| MD5 | c5e3354e1a5cadc4084c0b6c0b9bab1b |
| SHA1 | c901f85b869cdd13af5e8e504fa4f5e3e9d53a6b |
| SHA256 | 87c85a774d8c3e83c210659fead40bbdd4f40aaa812c22f130f0dcaf86068184 |
| SHA512 | 56bbe9cd1bf0218075102524d1aab1995e5bc4b81040c07bee7cdaae82d5671528563a6aa9d77f8edbafe01f71860eb3bcc34dc337a18ae43d576c42c8d25c3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b7ae11c3218693e_0
| MD5 | ac9084fb44aa2dddc25ccacfa76dc36d |
| SHA1 | 80b32239c0ea2b0c13dcb6350877948d3a8ebc72 |
| SHA256 | 90bf7854f42571565190a3b43d900007e6019ae23e30dfd6d7c4de8bda3976c4 |
| SHA512 | 1e21cc6322024b3cf9ac1ebb87b0c1f3429a7513568f9a6cbd52ede883ef2e30495483192d4690c7f488fc1b1d51801c4bb3b9302ddf400eee334edda08d74b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b26f13006f3ae319_0
| MD5 | 0382b7b82349ab4e45593fbc0b8628aa |
| SHA1 | a68451402c359d265c3fe8a76b967cae7fd58cbc |
| SHA256 | 06a7a9ea9c003db0c33b33e9b7e6bc945342b9d18f4b851fac25c576d7791c76 |
| SHA512 | f5a246f76a3cf6a16f4a9aae1f44508dba09494d3fff92fd3a4dc034ab0dc866267138c293c214415d1a7eb5e58cf2194a1b653f140b71bff35e5fc2cc145edf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\445904192da822c8_0
| MD5 | 394008666c22c4e9dabc17b23e5d7a3f |
| SHA1 | ceb2f374f340e66de0374d7ff1ab23b8f07d21bc |
| SHA256 | d980792f986c275e5684cb6cb1b5f44baba870fc644cd866fdf3c7a7651d1648 |
| SHA512 | 737dc30eaf3ffc3430ae87693ea73805f7978bd4afab0bcf7024064468ca3808faad47cb0e9c579a231b8a901d6653626119a0f64c35b098c86d4c1bc554e2ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0
| MD5 | 96678ccbc55e80acc35767d7b270afa3 |
| SHA1 | ea69b5cb4e00ae6f7aa8137e0b1d3d6efddcbcf0 |
| SHA256 | 05c41b649b224719ad8e479c0148bb2640e59b9f348001e93cccc8fc601f3591 |
| SHA512 | 560cba476ec67912d9941351e7cedbc6a3ca357e612954c9958ad2d0bdc65364a90713daa4225c0210f6da22fd532d06e5804a25f4ce64569dd5a5652ce5878c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e1e5c804abdac55_0
| MD5 | 2850f580a2d1cf718e2ca276b4e3e859 |
| SHA1 | e998743da99e37b86465cd13769d41cc1e77241a |
| SHA256 | 0e88e0699e935ec851411e3a951e6c3be4f9c58783859a8b716a7364f82f1a0f |
| SHA512 | 78a8d4ca9fa768f353c37667ec11a0598d43d293398edbae65b37ca8508bdb3f258d1ffafdb2579e106886c42730c2a4511ea2300e23aa861306882cc48ed3e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a181c4585a599d04_0
| MD5 | 548839e9b4b8489c30883274de91a54c |
| SHA1 | 9248e68982614a53afdbac6b77e2bb0b59720182 |
| SHA256 | f9bfe870fd9097f916875dd36bc12104e0ed88426aeabf5ce0f43e06d8edef4d |
| SHA512 | 85aa54a304cf98c1b4602523892c9fcb3b4f669ba22b5ec70c58b0d2bef7a345d31ca9a68a8b0b35ea13f717ffbbcb6f767d5adfddeae065ae8f82fa88356793 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae312d4d6e1e186a_0
| MD5 | 1531ace4366e4576a030c4766f1b9051 |
| SHA1 | e778bb013ef8af04715140a6c4958c05aed60358 |
| SHA256 | e54c8640d9e3e6fe75909858cc613b487e9c235ca36c13f3013b6948dba6e992 |
| SHA512 | 237b927ffe4b91a2a107c79d744b3c5f026c26080f0e6ac668e126384079bbd562ce03bec5cea8731484e424f0c7323cbe3b8cf7c05461e66512ad54fbc22f37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee46582361c18fcb_0
| MD5 | efd7f686427cd7dc1efd4ea01ae8d78f |
| SHA1 | 337bed13366b239ce0c7434dcae2dfce3732e799 |
| SHA256 | e7599c45d927c2136b9b7d292e7d67d41fc0ed33e7c0cb8c3a94b30951dc1798 |
| SHA512 | d707e9319fe27e6e4070da1bdab1e4f8eea7d5eafcbebc53c341b7f1004492cfeb6d91ce737c4f55f8bb4a63558b978077247a1ebbc583df0d24ac231b8b6b0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5cf333f30af9982e_0
| MD5 | 63462594febd06610f79212eacf96841 |
| SHA1 | 63f41d3e63cb772b257fa1732e16929f54e1a6aa |
| SHA256 | 4835627c1bed0711505e62c4d45d181c70ea63ead3f8177d990cbf09f312de5f |
| SHA512 | 1d58cb97055cb1781b8f2a6c2df85d39ae9d670b7a0d2e25ce1c1a3a32b96ae2285482f67e95b910bedec02eb4502d0a98303f88013815b171ea18fd55e71d68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4640e9414daf791d_0
| MD5 | 7c4a3f07491db62f68888f7c371d5dc0 |
| SHA1 | 94e13306e0a851868ae251ddbb6b0011dc82ad9a |
| SHA256 | 1afa9df11c0bb946b1c37a9ad65f9775c2307562e4f33fb7b968221ed52e95ef |
| SHA512 | 932487f6e74cc33f24bda34ef61e2c8ce066d660a72ed088ce228daff12d129c07a4607a447b4ca6a80c7752712048f79705137b0ea1f19374aef409c5a704a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03114a5f9aa8edce_0
| MD5 | 9a6db1320e152c0243ee1e44054c19d5 |
| SHA1 | fb0f66090a3d321a853a23d0436f887d7b6cc5b9 |
| SHA256 | 298ba71db97c0cb46611589ee2fbe09097fd970dbfdda8d7de8d6cb56c402f07 |
| SHA512 | a887c12e5c14f40db11a2154e2bf058f006417dbb330ccbdb376f061cabfff88783f662afbe816d9df1e21ac42948368aed4e5e673654a8a00655360d6f99f0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d4cd3624cab2b56_0
| MD5 | 4f248558641c70b3b9898830f6884f9d |
| SHA1 | 5824935e2e90222df9c91c0efc1ff0b39aa11c56 |
| SHA256 | 5b841d13621c5e67f1a7a06fc7fa6a58ad2208b1cb55c1072b0af4a1cd2631d1 |
| SHA512 | 13309923599c545bc30c4f5a656e92dc910b81a7c86ca285fa1e279693749539c083abb8948642a2ac87114ca3d38f3bc1ab47c789e420c962bbbb89fe7da14e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f35df1a0072762d5_0
| MD5 | daabbb1d6a8799ff14d8223a08af62b9 |
| SHA1 | 77cfcbc193af9b37911c78b29513c277cddff7dd |
| SHA256 | 03e354df295df8908a90dcc40ba6433fb2a03e021e3d9e3e5b1678360978ff85 |
| SHA512 | 028dec6cdd8e16fcfb174617981a945dcae60192ea5d308cc16ad8706be8c40d5d9d23bf7c1986ecbc7e87584717ed1d4d566a61a614f606597eae2cdd610077 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0375b63db0b3a360_0
| MD5 | 415244f1b561da1e6a85373451be52e8 |
| SHA1 | 00557cd46e71a4cfc9e092418fe1cd2d6b52906b |
| SHA256 | 65e8829a92157b63e13e40e99eda77840ad2b0e63766c73a6e8c2ed2361d7985 |
| SHA512 | 786610cf10251c73f7b738be3abd438737c8f4813edb07f15f6b3462c443526000f918331691e4da4999a38175970698e0fee421382e60a2e6093d2c9fddc685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4e3e282c87c95a0df441abfe669b2f84 |
| SHA1 | 9d38c8477b746fcbfd42c9f09900d0de6cba0700 |
| SHA256 | 94e3f9fdf2034bb6d145dc32ee942ac1f7d20538851f4ee0f4b35b87ac37d68e |
| SHA512 | 102f2da7f3250a0b3b9df426a5def228d45de45a164a5a54f471e5693ef834c52f0a851b7031abd2c75233dd8f9cf8fb9e433a31671dcc3230e954a2a8780d02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 074814123a6c600015358482603b44fb |
| SHA1 | 7e67911428b9264e8f6843dc7be38700e42b67b1 |
| SHA256 | bb174ef4ef4521b6832051b35d7c3343f2bb99cf203f2db7a0a822e5bce09d51 |
| SHA512 | 25275039c60bb1f1837a5349fae26f66ec9dbf3ad842fae956ab458013208e4fb1a7c2809d6a09d365a83dc8b2e34e019f1669191192235bfbc8bed3853e2b3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\65015c952bc6bc39_0
| MD5 | ef99b0af34a760f38d3e5d3bae060498 |
| SHA1 | 74db5d5f7c8581b53ca39ac091da80871c370bc4 |
| SHA256 | f0c92f95002e74e0aa6c9ef780a2856c0117dedaf5445f9306c821bcd2f822ca |
| SHA512 | fdfcdec83a83dfe0013c22b8dcd7c068d5cd64fd2ddc01adb1a7c581faac63233eddf7fcc23a812ed467bb91d053e327337ce8e4cabac936407e4e42578c40df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\47d9706e74dc64dd_0
| MD5 | 319d3ca0ddf7ab9818cacfe642679017 |
| SHA1 | e720a3e4556e63c75267f5a02438bd4a3d6ea27a |
| SHA256 | dce516b6f7e5c4300a2e54d6a3ffb70bd9c878bf317193d569debad18b82acd4 |
| SHA512 | dcb00684c1c863a593f144eca51a0649e907237aad283a2d54e70d99255933f4f8e11da203a82b4cd9c447d32960fcfd35191893ca0bedfbc875950e4b9e97e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed1673da69894a41_0
| MD5 | 052579dbe8225a6f47a4a31e4f6ed5f0 |
| SHA1 | 2e4c38329e4ec1783f11246699df94fc9418e071 |
| SHA256 | 07022eae613687d6ac68dd52c40e0583048c894ac85c8660fc76e39cbf913ce6 |
| SHA512 | d9eafece2d2365fc4b7e7270439d05e878495a647f840dd8d8acdaa90fa2fae8e7fa06b0e43254d7eec809a2a35ae0d28583c3521603b52b6b08c3b97b4d1186 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\104464baf633a441_0
| MD5 | bfc54f32151ec3226da197f0844eb392 |
| SHA1 | 955670fcb0763d0c811d66d60e70519922507689 |
| SHA256 | b93bba497a3af99b96c9ff3e2a586515db5f9d592e2bfb2f564551506251eb3a |
| SHA512 | 8e355bb9842b4c480c33cf3a6e45fdc49b7b63b4e58f815a6dc1d38b2b23b00ca7e64a43564cf63f99f956c651b296d463083afabe5676ae9a384ed13b7a0b8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d148872c0191705_0
| MD5 | 6ab0c42829868c23dcc263e663656807 |
| SHA1 | a6a6c05e9ba21a21c9b5f81f2668e1de9aa3d72f |
| SHA256 | 0f80c6135f365041fae3fbc2b4f6492043aa63b9c6c64ad61a2bf10201e06ece |
| SHA512 | 407e2fd2e600554691d1dc288fb995cdd665711676a86bca2ba3185ac113e192dc1674233c0425b68805c0b768d348aae5f7431247e81bbea7976d23d4d30e6b |
C:\Users\Admin\Downloads\app-release.zip.crdownload
| MD5 | 6629154cc8d5f3ccb7eea4aa19021742 |
| SHA1 | 64ecf8639aaf21d1c71c2c0d3369e45f0a681a56 |
| SHA256 | 90df5144670ce8326131bd6d15eac6bfc9f1e779c75819b29ceda8db620422d3 |
| SHA512 | aeedfbeec264d5a53797f18ffe50024e8c9b0f70a905dcf4d80de224a40c08713ca26fbd5af2c547c3c26ef76fccc7f78a109ced45a6965bb198f8da51fe1aa5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3e8c0c2f621965f18acb08d5e3a12db |
| SHA1 | b8f00c6203a40d299a792af8a5ee4c5c9edd9da5 |
| SHA256 | 84cc2399eac0e44f7faec884fb7473717ec57177048b58de92c7aff91b74693c |
| SHA512 | e66e93e71d5e7ad18f11f88b2c6244d5ab7819a9613eedf327ad40722b83478ae6667de324c8113b62a95d1c5460f717e0598fa344291b54234a720014f2a93a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 670d11000b5f4bbf1af967101372ea46 |
| SHA1 | b3753453b3764345de8876845a94f8a5eb6036a1 |
| SHA256 | a243469342b231548640e54bb9141ecac7053ab4e4085d4db3f2ec23b20d8289 |
| SHA512 | 81a032ca1d3d37f02c12cbd5af13d41b83fab84f3911a6f165e3cd208fb3b3cbe44475e79cf139d23a7679f1e266d43d6370e26f34627e61b4469e425a0ef449 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5ec652b994ad83b8170ef8c25c469245 |
| SHA1 | 4ac6653d41275d8beecd0bd3365532f7e940570c |
| SHA256 | 666d7fea24471da04134d904096a4859fec87ba10c8178a90cef647b19aef70d |
| SHA512 | 453f675daffd3cd4d6076922ddd02241a4612a9ee34fb1e63d66a2a03c1ed417f598bb288899c985ef8120266e83680b51a50ac18c40629cd71f2f591b32699c |
C:\Users\Admin\Downloads\Electron.zip.crdownload
| MD5 | c7bb96092112ddfe949ca9cd39e5d7d2 |
| SHA1 | 1badf937c2c29f631ae036508e945dd61c84ccb3 |
| SHA256 | f283c5361a9de52e07bd7260fc76a9768cb4ebc71fa247e0c313d064a7fcaa7a |
| SHA512 | c7a69a7c12d361ae9ca1586559ddc401fee95e5386c5a51e3271789486e41bf08680e91dca584830d6342cc0ba344fc13aff663b75e7d9e7d9d4f25ad912c7ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 59fdf226b6f4ba8de46a98ead5735e0d |
| SHA1 | f10ff6d00bf7e51314eb94a567bcd9190d70ff3a |
| SHA256 | 0918269473a44963fe64f6f5794489184ce70a9b16de2af65e45ead130920802 |
| SHA512 | 1f2169d88452c0324246dcb34ef6bfd9971c14a988ba7a6366e86a27093cb4f63cb8ef2657e07090041c4df83a8577ecece781820ab50ae8ba01dca79eea85b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a4d7be804ed3a91c4c439039fa0c689 |
| SHA1 | 1642891840bae08be7703ae1c55e84847b020b37 |
| SHA256 | bcf4a91dc7888ad8d787418e0e66a222089b3f37198bfbce7de7b8f25c96022d |
| SHA512 | 4461465e9a639d42c925e7dd975b52027bc4d56ca45c3857373587ef16cf2bf7d91ec6bb901d4ec5438f2c821f263882582f8a23c70edd3861c3a940f594fff5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 54b8e2b328bbb13f7257f66cb05e0efa |
| SHA1 | 7859d58be45d30d7a4a067dbc635b70fd85a720d |
| SHA256 | 71a25d65c3eca7353983e31c16c973fd4a25d26cfb5a75bcfec8341c6a0fcf9a |
| SHA512 | 477a5668baf4dd163d7e8f1f9dd49e472cffce1815f153c55e98efc1264108eeae0c3f71a8fa618602285352dbdac21bde3d88569d5ea80f9d9e8203a367e5e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a60e44b3b71c3912ed575b947f565bcb |
| SHA1 | 2b1a9738d9b6daf36fafe669c2c7b270e699264d |
| SHA256 | efeaec5a6070eba6608cd00bcd7339c56d4b59d5f7ced4b3a5e094628ce19d97 |
| SHA512 | d66b06973784365ecb1e96f75e0526d8f70bd1be6bd42ddf8a4259024b7091d4c09df5e6b5f8148664ee168d29320972d505f39cfceae029517ae52b79fb6ba6 |
memory/5936-4577-0x0000000000590000-0x0000000000F9C000-memory.dmp
memory/5936-4578-0x0000000075B70000-0x0000000075C60000-memory.dmp
memory/5936-4579-0x0000000075B70000-0x0000000075C60000-memory.dmp
memory/5936-4580-0x0000000075B70000-0x0000000075C60000-memory.dmp
memory/5936-4581-0x0000000077D14000-0x0000000077D16000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 477d768a59ef57c04763d64d79f15320 |
| SHA1 | 23dfb5d9c9553dd1e444253a7cbc395d18b3f0c5 |
| SHA256 | cb6d716bc97c5b79912b49ccd57c1f93e02daa06b7e2b34bc23d6770b9dacb02 |
| SHA512 | e2c2a21b511f43cdb33ad25a2cf67981ff624e0ef503d404934691a09e5ce4fb2063cf9c04b5287b0bb6925d1519b8fb546d4ccee97fd072923ac126dbe2f532 |
memory/5936-4600-0x0000000000590000-0x0000000000F9C000-memory.dmp
memory/5936-4601-0x0000000000590000-0x0000000000F9C000-memory.dmp
memory/5936-4602-0x0000000005730000-0x000000000587A000-memory.dmp
memory/5936-4603-0x00000000056E0000-0x00000000056F0000-memory.dmp
memory/5936-4609-0x000000000A310000-0x000000000A318000-memory.dmp
memory/5936-4610-0x000000000A620000-0x000000000A658000-memory.dmp
memory/5936-4611-0x000000000A5E0000-0x000000000A5EE000-memory.dmp
memory/5936-4613-0x0000000006550000-0x00000000065BC000-memory.dmp
memory/5936-4614-0x0000000006500000-0x000000000650A000-memory.dmp
memory/5936-4616-0x0000000006530000-0x0000000006540000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c92d9fe21cb8c3423b991ca535514fd0 |
| SHA1 | 2fdc0aaf95bbb3ec73c1b0be65328834fa19068e |
| SHA256 | 24282dc52aaf77b0590fc9774e3080b7b71050d17b15ba375824cd194b20f3f8 |
| SHA512 | 6a26a37ce145b783cca24c4c78548dc8a8ab993009dea0055b50ea2a4cf9e2e30d7d81b0c466da833fbece9becc3733287eb10bd6b8c849489380b052a63ae55 |
memory/5936-4638-0x0000000000590000-0x0000000000F9C000-memory.dmp
memory/5936-4639-0x0000000075B70000-0x0000000075C60000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a825f8b840055e2e284d40581fc16031 |
| SHA1 | 1016c13856f8e096a88969846ce673a4358c1013 |
| SHA256 | 6f534125193531b5ad5832258487a1e9b9f46e15aeed0f3215ccc4264e21a4a9 |
| SHA512 | 1bb368d942ad5fb34892455dae87329af47ef1f162cef59dc34a766d5cce964ec6e03cca35f0c0b5e77fdf7771e70739f5afdb53f76916860bf312f5a150b525 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 91c84dcae822776a13effd7cdfe4c58a |
| SHA1 | cadb134677d7e8f1374c03b26e2bde63f4107cb2 |
| SHA256 | 1242a8f951d8ce23cad5cc6a340b841956630a970a2eb11917c248af153c0d47 |
| SHA512 | cef9b59f02056da01bc217db83204ae51710f1c7a2671725830efdf72dee9e9763cfc939fa5531fabaf795b6d4a12b1b73497785f83c453aa8c7719c4d10d634 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f94eed036990bcd2d96fd2ec3ff3cb0d |
| SHA1 | ef191cc408e6e35eed2245f404f09688a19a1619 |
| SHA256 | fdccbd30000792ba81f1eac9cc2b3965a338e3b36d351aa6d27c090459e282fa |
| SHA512 | a2d645bc6ca745ca287d33581d12630c217236944897511f071c49c2ed122ac335a980404b5fa9b2eecda024b255f7283a89b8f8e0b9de56513d9a77eaa8d879 |
memory/5936-4691-0x0000000075B70000-0x0000000075C60000-memory.dmp
memory/5936-4692-0x0000000075B70000-0x0000000075C60000-memory.dmp
memory/5936-4693-0x0000000075B70000-0x0000000075C60000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c25edc3bb2ece5f889b785733c358b3e |
| SHA1 | 60ec079b9267b1ab99b555020aae1cb62d855f8b |
| SHA256 | 307130df38d5b0928fda58be9c07139f881f6a78e9fc4ae380853afd88928425 |
| SHA512 | 4105e810ebf1ddfac9f3fbc476156cb6123c81410daf29a31b5da5f107e9cb4f828b0e58c376dc48c52d1e05cb696c482dbb545590e2d4702442a628c538cbe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8486773e81228c5adbe400e58d08953b |
| SHA1 | f85ba0ac88fc164970d4a74ddad3c89b8ce56ddf |
| SHA256 | e65595727a0d49f4a11926ec63f91644b055dd3181e37344dc3c98a8d35b862b |
| SHA512 | 4fa328e60fc2fb7ab32d3ca48db3c4a90cc7bd898da188eaf57ee0a409e3e9fd32388f2c4f1f086d68738fc544c38110d0cb48ce1dee4c0ea4c4f485a5dab662 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ac45db3b9e786e7f150ff8645fe3cbb |
| SHA1 | 4bec687cb0ffa637c4c89d3c293007aaac30ec9a |
| SHA256 | 9340ce750cda9d41172204240bf40d4ce7a39a0228db3f4bfb2b7994d16a0d96 |
| SHA512 | bb97679d5f1a8e335553b452dd933cecb4b85878e45049accddbbc594dbe21bb718ed02639b12d95582dd775cd4cf71000a08438f651c830a9158fc27102e8d8 |
memory/5936-4722-0x00000000056E0000-0x00000000056F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG
| MD5 | a04da6acae70ed73d235cb8f50432cff |
| SHA1 | 04740007f76922c1757db4167daefae4052ae88b |
| SHA256 | e920bfb450512713e4b814c7dfbf4dc8b60a12ff779bb2153172e1d6ad51edca |
| SHA512 | 4452b0fb4db2f77082da243449d36d877c6f0364c42bcf7603a3cb60d9ddc4d1ce7d0d96d4bac5ec157fdb142db4b4730029fe7eb02fadf19819edb43041ac01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10989e266dfcc5bd7a34f1a6419d2164 |
| SHA1 | 85a8fd5258c24556281be183591caed3e9361345 |
| SHA256 | 3b9940d4251feaece3342735451408a938de8f660c38fa6992d55cda4381da70 |
| SHA512 | f8acb4a515ef1ff122fffcc7aadc86df8f012f6cd6e59da2a0fe92d56079cfb4286d5c2b002dc36639e879e77e220a6f211b7025b6b524f6e91ac0581c0e32cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ffc2cbf71b7cf99133c125001797d42 |
| SHA1 | 2662b6483fb335b46bf6cd4e21f58321a8e7123b |
| SHA256 | 370b266d7a254dd4630cf3b8d9341191f47dcfb60a67ac0c9ded9702217a4d1d |
| SHA512 | 86c426e4540048fea09b6f08951f68fb23d33efaa7129585b6144ae3b938e4bd39a46be554c3c740b7d71af36fbb56fa2754d12239914f035bf4b45e564da739 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 9e2e06ecc206bf191da41d4ddcdbd809 |
| SHA1 | 7eb73bface76cf8233fb025748fb5bcad4f104bf |
| SHA256 | d02527ebdcdd5493a3dc5526430cece158842cb2c1bd02bd3676881d19905e84 |
| SHA512 | 499029a30b15f722870985c7bba78788660a253d7f553edf054df54a444ecb2f936d44dde46e618d133a40a819f8bbda215879865d71fde08b03c0704382d8e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0c301e354253985ad856e88825401c0 |
| SHA1 | 069af8b8685d44bd19984c2f845109cb7a0dbdce |
| SHA256 | ea75039652aae0fb81a7c4f1ae2fd3da099b4fc633a3406022290bfb18baf900 |
| SHA512 | 93b6653096b8d42bcab5aa4c5bcd28bf2b27d981fe759f215977e2520688dbcb8115d8f6668465787c41d90cf04e0e4c26cd17e148294a207d78de5062a9afa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fcd2bb938f1792d210631f2da2b90f3a |
| SHA1 | f40d16b649d7b874cffb2e387a7e8ee6bbc52036 |
| SHA256 | 4143fcd9ee6205174912b5afc0729539503c371e42b636462745806dfd75769c |
| SHA512 | 57946d995c95f2076224040f4504c528835d6d9d3ef53e20a9997c17799266391a3761abd28fe2f4fa7ddeb45e3d0674aec634d2fe34bd51aab4bcc2efae26d8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | ed358ed7e9a994cd0949db86c452dbf8 |
| SHA1 | e3a61a4bcb7c558fa2d8af79bce5d17f53da0efa |
| SHA256 | 45bc5a16a21daaa422e130bfa3e74bf3457a9a2a3decb47208d5e05f346c4405 |
| SHA512 | 1f108f98a77954f96c2d33034638bb8ca2bc6379cbeb0ed88dfad1fc9a27e8197f0f9466e51f2d9be46652aa4f802098b6c45169b275ee831dd60c2716f99ca8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0be630ae0c577a7f7a361a1c91b3963b |
| SHA1 | 7b38216267e89be3bcf669ecbedc19efda9b1868 |
| SHA256 | a917adf2b6fb34edad100a8049022ccdef1b0ad7dd15f601c4ed3bd6b9d856dd |
| SHA512 | 97c2b6a9af89924027166823d26ce1fa6f731fe915f2435ecfcea0b1749cce5d009d8ed01cc43691c8d3a2400086eef75a2aa0a86c485e27295b60df1b1990d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fefeb04b420f854fc2b221680cc6bdbc |
| SHA1 | 23804bf7deb18f231a776ed6e1787c71fefad5da |
| SHA256 | eb1fb8b090b0dfac0b9e3a17b8dd2a20e7e349599ed351c55cc8e1c0216e1102 |
| SHA512 | 412f3d314d5e37689fb65e87c149e3104c7c953e6c92d7411eddb9d75584ac244dc5d08ffd7e7649ee9304f80fde3ef50d5e03e0aa4ca36bbd0b9708bf09f8c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\52c181884ea46cc9_0
| MD5 | bef46168cab106ac8fc9d1bbd2a549bd |
| SHA1 | 99f432a77a8474bf9636ee830be88b800b3c7e1d |
| SHA256 | 1294e127015105d1ba072e7ead3aa43cd39522ded34f9743ad508a6dd0347952 |
| SHA512 | 9c181ac7bd5530dd41c4637fcf17a37fd7fcf80fbf69a9677cd123c76cec95b1cdb5182eb728b0d66697c87407fa0c0afb94b11c1f7ba9c656de9d6977b885dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed0a679d1f40f943_0
| MD5 | bd7b2acf7318a7518ca7e9cbf320d8c3 |
| SHA1 | 347ae0ec172af7ffe9c75b41de1c79e0e0faee6a |
| SHA256 | bcd281b5db001a5f6a77d9f7e64c24f368105ebfdcc19d3ff89c16284e986caa |
| SHA512 | 083605f65ee298db14179f2de59840877dd148c5f9b9eba3c88e2ff8268050c2fec6a093c849a730393a8341f07be9efcbd2a0708f49cbffbb89ccdc12c7d4fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb529dd8df719c73_0
| MD5 | e1985bd12671c5210c1ef80b576419cb |
| SHA1 | 7b3539b91962214f5e7b834d8afbeedbf687ab04 |
| SHA256 | 2b486c33410f47ffcbda222a407374c770ac43035ecc49c7083a8db61c1983d4 |
| SHA512 | a375f612cbe71903eb491cd6654345b40ceebc425401f2b3b6c5dff2a80fadcb45d7ebe80ff7df7076bba9c2a5e3a0dc3a834a29b2b7d97ec47880cbff63958a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eaa463b23c9cda74_0
| MD5 | 6484519a72904724937a130f145a9167 |
| SHA1 | 1fafc63098b1c2262af007de89dd7c2a643776c5 |
| SHA256 | 5f64808ce0119368416b1174eb0cc158cb601ce85a1be5c404b6f3a4962cad30 |
| SHA512 | 8452fba234608f660a85ae2566662823e3939c8bc43d9b9f5a485dfc7cd349865bea5bc0254691c1bb32cefb33236817789c6df3c171d65cf46a87b49102aa03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5454226da5598cd4_0
| MD5 | 25544cb4223a25a9db0703208ac0fc3b |
| SHA1 | d7909e8f1f8f71d5e983d2eb709379cc1a3b7a05 |
| SHA256 | 4ea72a8dd0c0b55a8fb7ac9ff18a808debb35b827a5cc5f9a088d810e9351995 |
| SHA512 | 94dc3283b644bec7327459d753425135f387007bb66ac09a27db1d98fb4d69cd17a24e4f5b1911d1faf5c139d65cbef87ffa76f54064720e0aac267775aa01f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cfc826b7b7da1bb5cfa2298cabee8358 |
| SHA1 | fb88df74300f9f0e5e0919141b2ca28de000926b |
| SHA256 | 0f4fe612c6a3d14f0c5f4ca58a8c711429b23d5238d3e338354f9a38b15c3f9e |
| SHA512 | 4422e941b759b57a3b86acb8cfd9240da62fdb676dd3c88f84eb4bb96fae7618104ed47b7e15afc0d1e6095243a6aaee37d2ebafe2ac83d3e42384b49c3e52d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c4c8bdd2dbb333e7f0cc8aec79829df |
| SHA1 | b0578a0370e34187e3ccf0ae94fb88f391ddc219 |
| SHA256 | c0660b65721b9cadfbdfaf9e4fdc3ba6096187ad85de7f2f990cd9e4a39be0d0 |
| SHA512 | 9434cef8a968addac5239a796065959a4adee3c9ab4aa3d01d8fe8121f877b07a90d56319ce1a7bc855367c3480a45cec8778f3496cddbe6cdf7dc039ff052dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001ba
| MD5 | a141303fe3fd74208c1c8a1121a7f67d |
| SHA1 | b55c286e80a9e128fbf615da63169162c08aef94 |
| SHA256 | 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99 |
| SHA512 | 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b1ed8dca82df10bc8615ab2f5edca720 |
| SHA1 | 254a8552646fd2478093668cd6eea158acea5843 |
| SHA256 | 04c28c02d616af98da828996a206618d587ad0649a87ee0eef726dc74171a404 |
| SHA512 | 16120e33e17ceab99f5894b941899cb81129b00697245e570f24b2f8b2db1b458d64fd77a895849c4c05db9af0c8746b0d74de88932ab33f4b71bea4d01035f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bac0a4543d5b791b8fb281c1d5a5e890 |
| SHA1 | ae658a5e62086a4b54fcc1c833f6a01cd00e15d4 |
| SHA256 | e3e65178f8aabbabce160c746806798bd6b21b1c01e7ce987d4ff8bf1d8cfe2c |
| SHA512 | 8a14069121db72e76f773cd1e58b099402136025b9b1b507465c33e4b53b64993898c3a5a28b8bce2ce281f49492550d6e8fd6ee0abb93d30577cf5c58a4b288 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\59ece0dd-5d74-4367-84e1-a50828bcff3f.tmp
| MD5 | 097df8d6134ae3570e7f39ed9fd56f5d |
| SHA1 | a020efd55d67a1a43bbefd06860700bd09037cf6 |
| SHA256 | 6897c25289414f8494ce196122e660550bec99cbccf3b902b4c5fea77f1d9003 |
| SHA512 | bc656eea1b3c0ec084458bbe96be6ebf70aa65380d7b4e921a7c416a6d6e294357ac5f2c771457a13d617c62be80ac07807cfcba2444b4f5e113d3535854345a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 21:49
Reported
2024-04-08 22:07
Platform
win7-20240221-en
Max time kernel
1049s
Max time network
838s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.16.1\\WeMod.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\URL Protocol | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\ = "URL:wemod" | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open\command | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe" --silent
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --squirrel-install 8.16.1
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=nY1ISe9HSMpgSrJn"
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" wemod://?_inst=nY1ISe9HSMpgSrJn
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=948 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=1308 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1520 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=948 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1712613037304_Out
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 172.67.25.118:443 | api.wemod.com | tcp |
| US | 172.67.25.118:443 | api.wemod.com | tcp |
| US | 172.67.25.118:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | storage-cdn.wemod.com | udp |
| US | 172.67.25.118:443 | storage-cdn.wemod.com | tcp |
| US | 172.67.25.118:443 | storage-cdn.wemod.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-aigzrn7k.gvt1.com | udp |
| GB | 173.194.139.8:443 | r3---sn-aigzrn7k.gvt1.com | udp |
| GB | 173.194.139.8:443 | r3---sn-aigzrn7k.gvt1.com | tcp |
| US | 172.67.25.118:443 | storage-cdn.wemod.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 104.22.42.75:443 | storage-cdn.wemod.com | tcp |
| BE | 64.233.166.157:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 54.70.189.255:443 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
Files
memory/1504-0-0x0000000001100000-0x0000000001126000-memory.dmp
memory/1504-1-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/1504-2-0x000000001A8D0000-0x000000001A950000-memory.dmp
memory/1504-3-0x000000001A8D0000-0x000000001A950000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2498.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
memory/1504-75-0x00000000223E0000-0x0000000022B86000-memory.dmp
memory/1504-90-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp
memory/1504-94-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
| MD5 | 1c9da682268453db59f11b8129f827a3 |
| SHA1 | d34e82203d3be584ba02e15772de6a5fc0f52978 |
| SHA256 | 120c915fd6c5b15eac234a676c94722985578483ee7883406ce6d40e76cca94b |
| SHA512 | 810589a1252d3f598289852e2889ea4ec745e7abb92463518c20901906449907cef94c4b803d64f86c36215634209ee74f6cdbcffe16382dd4c6faeb7c4aaa38 |
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 750294620c347fcd51c9c7d3a91df1f6 |
| SHA1 | 32f96f434b87f27ab55cc561d0773d0892bb49f9 |
| SHA256 | 26ca155b98e36912ee537b55671e2bd5a75107d168168375e58a8b713ef2358f |
| SHA512 | 4e0acd0c093ca7b5b42b51e89fc90d58d3306c4847ff2f6e1cd5e6a1bea1a656c35528a017d0a4ab8d699c7d3e6756d0f61f031d66b09a5180a62d00e7568f87 |
memory/1412-109-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/1412-108-0x0000000000D50000-0x0000000000F26000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | eb57d40350a65656c93c83deb4d62782 |
| SHA1 | aaf2dd180f11a3ba3c8da53f635910e0fd7a9c64 |
| SHA256 | 0b328db09af31969dcd7987f65fa78c0fd6f01b4e51b59752dfb875a21b5d832 |
| SHA512 | ac65249088fea1e810ca0216c7cd842f5bb8cbfec78f6b7ae4566ce23fc643dad312856ecffd31525db842595d93fad20f78372d79da02603400c8dca524420e |
memory/1412-111-0x000000001B680000-0x000000001B700000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.16.1-full.nupkg
| MD5 | 59a0bacb9d0f7e5f1b195dfd683d0e72 |
| SHA1 | 986ff93d69ed07ed967fa36be550f1a58ca2286d |
| SHA256 | 752d53f6529940694965ff22a9136a80b464a2750e326eeebde66eac4c08ccd5 |
| SHA512 | 921690b07f50368630b59bf25ab3f2d649b2c7c2b344f7cb66270987645004a5f4179f42850f572b0b197fd534e12a696743b82538db4d3dbcc2109691bce5ef |
memory/2396-218-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/2396-217-0x00000000003A0000-0x000000000057C000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe
| MD5 | dee4a16b8a08762e6d7abe7f71ad1b5b |
| SHA1 | 09248ab4df71826c4b9128b091a0e2cba6f63dd0 |
| SHA256 | 7168ee307189a338fe189acc983899d552fa2652579bedd627ea83c91b33369d |
| SHA512 | 0ce9fb7fda310f77bfe5b6150ca0ff466e6c530e8ce77fe0f8ddfad478cf935d779c94ae912aac74bbd05efd86c6d7c3a5909d235ede56ae8d205404621885a3 |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
| MD5 | 337f0c70d43d402a28cfbddbcb821a2b |
| SHA1 | c7d148c12b401a7fed082747ca565ff987db74f8 |
| SHA256 | 41cef8681a124639bc6475c431180dc6312d13a4e9a94d1b589b7e0225b25cf0 |
| SHA512 | 4e1dd04bc799ea3fb372137a33fa1d32e2f294a1573dcd4ccd0f1af65e99e86d469063b2859fab6e17548d8802f9cdc95d81f2aed32bcca7dc87efae790c89c8 |
\Users\Admin\AppData\Local\WeMod\app-8.16.1\ffmpeg.dll
| MD5 | 3621280d3e04d9643822ef8f5dc0fb91 |
| SHA1 | 6a552d28c3d87908fb583eede8a3eab44ebbd259 |
| SHA256 | 5ac630e962666a21346cf7efa20eb09ac2a45ae3110eaf6c28ad3ddc87533ed5 |
| SHA512 | 9c655b0d5b72d57d49b5c94b406b5abdc2e1d668f40a7e754134655e333abf50cc96204b0d516dbcc4c74831ca7f3577756f7d6f0112bc610e8b3e59837333dd |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\v8_context_snapshot.bin
| MD5 | b32cbc4a5ff34f441e8e0c264aa61849 |
| SHA1 | 435d88a3e50ff85b6030c4c6e8918161fa340201 |
| SHA256 | 4f72c7b625b64d38f819a970cfff5921ff4080e27de84b00b9a7cf8be15277c5 |
| SHA512 | 7c13eedfab9fba821d5a26e5ba81444a84b48aff13a7cd508c03f7ea113997c2edf7126e5547e16fb3e98a942f0070a5d597c25971afbde92b46125085b57b4e |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\icudtl.dat
| MD5 | 76bef9b8bb32e1e54fe1054c97b84a10 |
| SHA1 | 05dfea2a3afeda799ab01bb7fbce628cacd596f4 |
| SHA256 | 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3 |
| SHA512 | 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6 |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar
| MD5 | 539471ef86f782e5863248b43637b986 |
| SHA1 | d7622bb8c7d9c2000557831b266505aa66b9cf31 |
| SHA256 | 9b2744abdcb0eff53c2763de1f6d3008037cca5392661a6e0893c05826603c39 |
| SHA512 | e5e16dd0fa89d1dc5e810f1bee50ae3c15dbc10702efd1b3534b1dc56ac965dd89ad5b5449554700576a41ee623bb0bb85eacb50e47162bd0adc71c59a9a651b |
memory/380-235-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/380-234-0x0000000000190000-0x0000000000366000-memory.dmp
memory/380-237-0x000000001B570000-0x000000001B5F0000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\WeMod.exe
| MD5 | 962ad3ca5b38e18954d2992912369d49 |
| SHA1 | 99a9c9d14f9f2ddaf7fd0818cc8b829c858b141d |
| SHA256 | cfeab93bcfd99a583a0dd47197c0ead1c54a4ce94d19d777cb004eaa9a18f909 |
| SHA512 | 0340397f3326a237332704112125e522fef1d967e408493a5674fc0a997fdb3e0fbe308dca9d5a9d4cf8d21addcbd9ad2e9a5f7e9e09239384a5af76152f2d52 |
memory/380-244-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/1412-254-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/2332-264-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/2332-263-0x0000000001030000-0x000000000120C000-memory.dmp
memory/2332-266-0x000000001B8C0000-0x000000001B940000-memory.dmp
memory/2332-272-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/2396-260-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
memory/1504-282-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources.pak
| MD5 | f5ab76d2b17459b5288b6269b0925890 |
| SHA1 | 75be4046f33919340014a88815f415beb454a641 |
| SHA256 | 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c |
| SHA512 | 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\locales\en-US.pak
| MD5 | 3f6f4b2c2f24e3893882cdaa1ccfe1a3 |
| SHA1 | b021cca30e774e0b91ee21b5beb030fea646098f |
| SHA256 | bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f |
| SHA512 | bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\chrome_100_percent.pak
| MD5 | d31f3439e2a3f7bee4ddd26f46a2b83f |
| SHA1 | c5a26f86eb119ae364c5bf707bebed7e871fc214 |
| SHA256 | 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e |
| SHA512 | aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5 |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\chrome_200_percent.pak
| MD5 | 5604b67e3f03ab2741f910a250c91137 |
| SHA1 | a4bb15ac7914c22575f1051a29c448f215fe027f |
| SHA256 | 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c |
| SHA512 | 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d |
memory/3032-287-0x0000000000B50000-0x0000000000B51000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\icon.ico
| MD5 | 34ee19ccd44f31cd831dc50920f19890 |
| SHA1 | 24545d2f4741fb5a4649840486ffd3597b7ade5b |
| SHA256 | 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d |
| SHA512 | ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a |
memory/2632-337-0x0000000000B90000-0x0000000000B91000-memory.dmp
\Users\Admin\AppData\Local\WeMod\app-8.16.1\libEGL.dll
| MD5 | 8b2fd69c70b2b1a64558893bbc9c1423 |
| SHA1 | f619e5b9202063221ffdd746aa4b630d07e3bc3c |
| SHA256 | 2eec2c76aa01b0562be3f76c539b1a5086a437d66254c7237c6562056f767fb8 |
| SHA512 | 42ad67059380fa4be5d2481d2db282716cbe0dfa20d63ee88d3802c022c9fb088b313c686b849b5fe890d5f89f7ea3d4ecac0c64e201335fa74c5bde29f0ad25 |
\Users\Admin\AppData\Local\WeMod\app-8.16.1\libGLESv2.dll
| MD5 | b309eccc727895e3b3481f9326bdcb41 |
| SHA1 | 149f033e550de20f41311c46bb23fed09bb9201f |
| SHA256 | 9dfcd4d9b417f70e80c0b81b9e55a6be9800900d0c30e34fb6db12d5a094497c |
| SHA512 | cba32db9d50c4c79b4a740b083baa5a7b24858d7608f0671a4abbc1aa63a738352fbda219ec7690e9b386eb1bcfb7765daebc1950c18e6c8bfe46a9387668827 |
\Users\Admin\AppData\Local\WeMod\app-8.16.1\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Roaming\WeMod\Local Storage\leveldb\CURRENT~RFf76a14e.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
\Users\Admin\AppData\Local\WeMod\app-8.16.1\vk_swiftshader.dll
| MD5 | 1bc5d8a0419f8d8ac2b2b7a74e9678ec |
| SHA1 | c64f2f7f3b4b174866b4db8e720d809bed557b91 |
| SHA256 | f58c0177b48538f6ec2cfa3675cd9420ed82a50ff49185e7dd581a778c48b48e |
| SHA512 | 434181b1b4d5adfcaff457c31a0fdb4df77cf01da2cf4d7090e9f387f44006fc829b372f10ebb64e795e4f38096eb7678ab3c3ce539074d93e6f7b7845a3a79d |
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
\Users\Admin\AppData\Local\WeMod\app-8.16.1\vulkan-1.dll
| MD5 | 18b618dc84321794a818a665770d3720 |
| SHA1 | 7dc7990452bd3c2e26dfdb7f14fdc38310b2ac79 |
| SHA256 | a7888b8651d16156fbe389ae25581332b7518f50535cadc1b7da554c98ddcbfa |
| SHA512 | 166d96a69ce08085d40d4207c2cb02fbda2ae51e2187c3e67ca08b6c05c2b31a77c39dd920ecc028f12854399eb2fcf48954904c36800bcc42a92d97d96a3a3a |
memory/2748-445-0x00000000003B0000-0x000000000058C000-memory.dmp
memory/2748-444-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp
memory/2748-446-0x000000001B560000-0x000000001B5E0000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
| MD5 | 74bdec2a1b6ee5cc7276f47d13edc48a |
| SHA1 | 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e |
| SHA256 | 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19 |
| SHA512 | a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30 |
memory/2508-451-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp
memory/2508-452-0x0000000000360000-0x0000000000450000-memory.dmp
memory/2508-453-0x0000000001FE0000-0x0000000002060000-memory.dmp
memory/2748-458-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | b10664206c67c22168d75f2814d92e80 |
| SHA1 | 7f7b31490faa972af0de1d8f6e6121f0cbe85211 |
| SHA256 | c1fb336edaf274099c94bd36ce270095d72fe2cf9550dcd543d73d1d4d498489 |
| SHA512 | 3269ff3df819f9a8fc07fb32e979c6f2ab9b6666ff94ec8a71fa8e96b7f7b95093ff6eda306cdf838f36a956ecec85a3662666ba70901267e642dbc3e51bd881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | e744b211753f45b387e00af2aae69c6b |
| SHA1 | 23beb8357e158d3a162524b96495f293853b8147 |
| SHA256 | bfde85cbb4f9503779c19c8ed8a463e2782028fed2ee0726cc55018856baed9e |
| SHA512 | c4ccacdfe546522ca8be841b535005f688d250a2d9a68011d5181bf07ae6466785c3dd0c647c6930ed7627d65ca928e4397fd61ae46331b41a110ba76b3962bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3a46e589d8d0f0b924076d7349bdbe |
| SHA1 | 001a9c0a5ea5c67c10bbdcb58121d2599eab2c9c |
| SHA256 | 2d128066dcecd1bbe620a849612d8a4e569870b59a0ee6a390d92c06ef884e98 |
| SHA512 | 2704e991ff9fa5bf9c5e2ecc248c5582831282c72b21898982f9ac639ac22303b238f9945dbaedc6170137f2335bfca8380482e49cfc64dec0081d3cc7189913 |
memory/2508-516-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp
memory/2508-517-0x0000000001FE0000-0x0000000002060000-memory.dmp