Analysis Overview
SHA256
c28e6fd5a32ff323fc91a31910904826f000231f769138cb2347005bd6535e0c
Threat Level: Likely malicious
The file SolaraB2.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Sets file execution options in registry
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Themida packer
Checks BIOS information in registry
Checks computer location settings
Registers COM server for autorun
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Blocklisted process makes network request
Checks installed software on the system
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Modifies data under HKEY_USERS
Modifies system certificate store
Modifies registry class
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 23:59
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 23:59
Reported
2024-06-16 00:02
Platform
win7-20240611-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\system32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI9EB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f769176.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f769176.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D2F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9E3A.tmp | C:\Windows\system32\msiexec.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\msiexec.exe
"msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding AD8E27A78649C9D0852EC142B2DC54A4
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding ADA86B8171BAC3A1715F86D0B6DBFC96
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 1492
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
Files
memory/2200-0-0x000000007451E000-0x000000007451F000-memory.dmp
memory/2200-1-0x0000000001300000-0x00000000013CE000-memory.dmp
memory/2200-2-0x0000000074510000-0x0000000074BFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab7744.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7786.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11f0219f58ff326e82cae1498c2c3eed |
| SHA1 | a0cb6454a90c1e0bb946d5507eba0c426f15ebd2 |
| SHA256 | 518f90ca7b6d33dbe17ab8675ec080afb4e34a6bf3d8b14899ab4f16bca648a0 |
| SHA512 | d409e05b9bea69806c888a551761e2aa1ad0d9f605f100e3cf9358cb44aba8b7bdbd2d684a4d27a4131aec2c83adccc37b8db8836bf2d45ea7b0c246787a7b5b |
C:\Windows\Installer\MSI9D2F.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSI9EB7.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
memory/2200-92-0x000000007451E000-0x000000007451F000-memory.dmp
memory/2200-93-0x0000000074510000-0x0000000074BFE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 23:59
Reported
2024-06-16 00:16
Platform
win10v2004-20240611-en
Max time kernel
1050s
Max time network
1051s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.6.1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\fil.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\CONTRIBUTING.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\events-once.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\compare.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Sigma\Social | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\corepack\CHANGELOG.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\Xcode\README | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\install-test.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\text-table\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\load-workspaces.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\utils\pulse-till-done.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\verify\set.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\bs.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\find-node-directory.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\msedgeupdateres_et.dll | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\ffmpeg.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\show_third_party_software_licenses.bat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-deprecate.1 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\EdgeWebView.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\el.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\MSEDGE.PACKED.7Z | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\MicrosoftEdge_X64_126.0.2592.56.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\using-npm\orgs.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\metavuln-calculator\lib\get-dep-spec.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.cjs | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\license | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\ini\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedge.exe.sig | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\once\once.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\easy_xml.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\client\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\msedgeupdateres_kn.dll | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\gl.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\lib\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\yallist\iterator.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\classes\range.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\agent-base\dist\src\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\unpublish.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\base64-js\base64js.min.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\hosted-git-info\lib\parse-url.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-dist-tag.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-audit.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\enforce-clean.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\diff\release-notes.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\kk.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\install.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\msedgewebview2.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\mip_protection_sdk.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\lifecycle-cmd.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\parse.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@tootallnate\once\dist\types.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\fs.realpath\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Locales\qu.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Trust Protection Lists\Sigma\Fingerprinting | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.56\Locales\ml.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\semver\functions\coerce.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-team.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\license | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\init-package-json\lib\default-input.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e574a1d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4ECC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5353.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5538.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5BA4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8151.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4F2A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4F3B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B84.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7D68.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e574a19.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7BF0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e574a19.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5568.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7B23.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629697337097901" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\roblox-player\shell | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Version = "303038464" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\roblox-player\shell\open\command | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 291276.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraB2\SolaraBootstrapper.exe"
C:\Windows\SysWOW64\msiexec.exe
"msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding F767699EC039B6BB60C37EC12AAC4D09
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9174A7DA21621027147496710C1A71DE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D5DBE6732135CE01F05205A31A644591 E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{9F79E04C-AAF7-4725-87B3-17CEA7F013E4}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{9F79E04C-AAF7-4725-87B3-17CEA7F013E4}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540 /install /quiet /norestart
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pizzaboxer/bloxstrap/releases/download/v2.5.4/Bloxstrap-v2.5.4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc73bd46f8,0x7ffc73bd4708,0x7ffc73bd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13898042907227844245,12524008008939861145,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
"C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
"C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUA4B7.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDBBRjZENzUtMjVGNC00RjlGLUI0QTktRTlFOTc5M0M5MDQ0fSIgdXNlcmlkPSJ7NzhEMUEwQkItRjc2MS00M0E0LUJCM0EtMTk2QzMzMEQwRDM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5QzlGQTZDMy0zM0JBLTQzNUEtOUI0MS04MzY4RTZDMkFGRER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0NjIyMzQwNzYiIGluc3RhbGxfdGltZV9tcz0iNTQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D0AF6D75-25F4-4F9F-B4A9-E9E9793C9044}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDBBRjZENzUtMjVGNC00RjlGLUI0QTktRTlFOTc5M0M5MDQ0fSIgdXNlcmlkPSJ7NzhEMUEwQkItRjc2MS00M0E0LUJCM0EtMTk2QzMzMEQwRDM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NzZCNTgxOS04RkE2LTQ4ODQtQTFFNC0wRTAzNTgxMTkzNzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0NjYwNTQxMDYiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8218ab58,0x7ffc8218ab68,0x7ffc8218ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff7be86ae48,0x7ff7be86ae58,0x7ff7be86ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4868 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4536 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\MicrosoftEdge_X64_126.0.2592.56.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\MicrosoftEdge_X64_126.0.2592.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.57 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B9F6B896-6D33-41DE-B1E8-BA3255CCEEEA}\EDGEMITMP_C82F9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.56 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6c25faa40,0x7ff6c25faa4c,0x7ff6c25faa58
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDBBRjZENzUtMjVGNC00RjlGLUI0QTktRTlFOTc5M0M5MDQ0fSIgdXNlcmlkPSJ7NzhEMUEwQkItRjc2MS00M0E0LUJCM0EtMTk2QzMzMEQwRDM1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0N0Y0MkZGMy01M0E4LTQzNjQtQTZGNy0zNDk5MTJCNkUxNUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi41NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ4NDY2NDMyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0ODQ3NTQ0MjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzU2MDA0MDkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGFkZTM1OS01NDY3LTRlZWUtODE3Ny1jNmNhMDA4NTUyNWQ_UDE9MTcxOTEwMDg2MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1tTWxYRXNWdU5SQTlqSE03eEFRUU9LSmlWR0FleUFDbHJmSmV6VzJSRmZXTDZUbmdIeXZtZVU3WnNxZXFHRzVtZmNpNGxBem5MdkJZVHBwUTlSeFhvZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzAxODY4MCIgdG90YWw9IjE3MzAxODY4MCIgZG93bmxvYWRfdGltZV9tcz0iNzk1OTkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzU2MDk0MzM4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjM3MjE1NDE5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjgyNDU0NDEzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwMDkiIGRvd25sb2FkX3RpbWVfbXM9Ijg3MTI3IiBkb3dubG9hZGVkPSIxNzMwMTg2ODAiIHRvdGFsPSIxNzMwMTg2ODAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ1MjMzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" --app -channel production
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3016 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1600 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3064 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe" roblox-player:1+launchmode:play+gameinfo:1cVu_p4VHCLbADzxxaCfaTkTSxGdI2B4-Bf5mW4bgx4Jf6X91DOX-Gh92em0uE8gG5NIujGf8TubC9eJGbKVZNVgJ-fh9aOz87ngGW9xhHF7NvadjSJ2KWyEPtbflkmtACSwumUszjoRs08-UJZCjk1cqi7DNxZftwtdOYFDzbb3b-k4O27sSftHE-zFGvpYeeospVFvy5GUOLEmXcQSQ31ntspuuaRCm56g0ThwI10+launchtime:1718496257927+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718496143623019%26placeId%3D13253735473%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5d85ee24-6d7d-439d-867a-0159e47edf4d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718496143623019+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.6.1.exe
"C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.6.1.exe" roblox-player:1+launchmode:play+gameinfo:1cVu_p4VHCLbADzxxaCfaTkTSxGdI2B4-Bf5mW4bgx4Jf6X91DOX-Gh92em0uE8gG5NIujGf8TubC9eJGbKVZNVgJ-fh9aOz87ngGW9xhHF7NvadjSJ2KWyEPtbflkmtACSwumUszjoRs08-UJZCjk1cqi7DNxZftwtdOYFDzbb3b-k4O27sSftHE-zFGvpYeeospVFvy5GUOLEmXcQSQ31ntspuuaRCm56g0ThwI10+launchtime:1718496257927+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718496143623019%26placeId%3D13253735473%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5d85ee24-6d7d-439d-867a-0159e47edf4d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718496143623019+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:1cVu_p4VHCLbADzxxaCfaTkTSxGdI2B4-Bf5mW4bgx4Jf6X91DOX-Gh92em0uE8gG5NIujGf8TubC9eJGbKVZNVgJ-fh9aOz87ngGW9xhHF7NvadjSJ2KWyEPtbflkmtACSwumUszjoRs08-UJZCjk1cqi7DNxZftwtdOYFDzbb3b-k4O27sSftHE-zFGvpYeeospVFvy5GUOLEmXcQSQ31ntspuuaRCm56g0ThwI10+launchtime:1718496265292+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718496143623019%26placeId%3D13253735473%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5d85ee24-6d7d-439d-867a-0159e47edf4d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718496143623019+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp+channel:production
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4912 --field-trial-handle=1960,i,8123936459525886617,16873459935002418170,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe" roblox-player:1+launchmode:play+gameinfo:GAV35rDUtQZWZCHT6XvpwLb5e7U3oZYB0HEMVbXfQLJFhxs1PYv-ATFI_kArdRAZ-trZxvF2WmXHVpZ6xZQ1b0JZM3FTeICjpTIr2ZdJvwygVP1ZNbJOpx4YgFJqauI-rfWoy1meWBsT4KzKWOB2O4pvom-zTSxpReucn_XmukyAksgv7nWEb9iwM6xXB-pXDmIWBZmKuvwWrhgiBR6tEcIsP8kOpSJsLiwsbOYiydM+launchtime:1718496287218+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718496143623019%26placeId%3D13253735473%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D35798efe-4f95-42bc-9610-13ba0b9f6d05%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718496143623019+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:GAV35rDUtQZWZCHT6XvpwLb5e7U3oZYB0HEMVbXfQLJFhxs1PYv-ATFI_kArdRAZ-trZxvF2WmXHVpZ6xZQ1b0JZM3FTeICjpTIr2ZdJvwygVP1ZNbJOpx4YgFJqauI-rfWoy1meWBsT4KzKWOB2O4pvom-zTSxpReucn_XmukyAksgv7nWEb9iwM6xXB-pXDmIWBZmKuvwWrhgiBR6tEcIsP8kOpSJsLiwsbOYiydM+launchtime:1718496294144+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1718496143623019%26placeId%3D13253735473%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D35798efe-4f95-42bc-9610-13ba0b9f6d05%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1718496143623019+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp+channel:production
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 92.123.242.18:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| NL | 2.16.43.25:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| DE | 52.85.92.36:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 25.43.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.92.85.52.in-addr.arpa | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:57255 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.19.161:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | tcp |
| FR | 128.116.122.3:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 52.85.92.94:443 | static.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| DE | 52.222.191.81:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.4:443 | roblox.com | tcp |
| DE | 18.155.153.74:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.3:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 42.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.191.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.153.155.18.in-addr.arpa | udp |
| DE | 18.155.153.74:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 2.17.107.170:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| FR | 128.116.122.3:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| DE | 52.222.191.42:443 | css.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| DE | 18.155.153.95:443 | images.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 170.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | twostepverification.roblox.com | udp |
| FR | 128.116.122.3:443 | twostepverification.roblox.com | udp |
| FR | 128.116.122.3:443 | twostepverification.roblox.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| FR | 128.116.122.3:443 | twostepverification.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | 94.122.177.108.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| DE | 18.155.153.68:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 68.153.155.18.in-addr.arpa | udp |
| NL | 96.16.53.133:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| DE | 52.85.92.57:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | c0cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 151.101.129.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 205.234.175.102:443 | c0cfly.rbxcdn.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| DE | 35.157.243.125:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| DE | 52.85.92.96:443 | c0aws.rbxcdn.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 133.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.243.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t4.rbxcdn.com | udp |
| DE | 52.85.92.30:443 | t6.rbxcdn.com | tcp |
| DE | 18.155.153.98:443 | t4.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 30.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.153.155.18.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 13.41.166.68:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| BE | 2.17.107.152:443 | c0ak.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 68.166.41.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | voice.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 13.41.166.68:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| BE | 2.17.107.152:443 | c0ak.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 151.101.192.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 176.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| DE | 18.196.253.254:443 | cs.ns1p.net | tcp |
| US | 34.205.21.180:443 | aws-us-east-1c-lms.rbx.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| HK | 16.163.183.208:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| HK | 16.163.183.208:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| DE | 18.196.253.254:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | bom1-128-116-104-3.roblox.com | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| IN | 128.116.104.3:443 | bom1-128-116-104-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 254.253.196.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.21.205.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.183.163.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 52.33.51.5:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 3.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 5.51.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| DE | 52.85.92.60:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| BE | 2.17.107.82:443 | setup.rbxcdn.com | tcp |
| DE | 52.85.92.60:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | 82.107.17.2.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| DE | 52.85.92.17:443 | setup.rbxcdn.com | tcp |
| DE | 52.85.92.60:443 | clientsettingscdn.roblox.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 17.92.85.52.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 135.47.7.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 96.16.53.139:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| FR | 128.116.122.3:443 | presence.roblox.com | udp |
Files
memory/1092-0-0x000000007495E000-0x000000007495F000-memory.dmp
memory/1092-1-0x00000000002C0000-0x000000000038E000-memory.dmp
memory/1092-2-0x00000000051E0000-0x0000000005784000-memory.dmp
memory/1092-3-0x0000000074950000-0x0000000075100000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Windows\Installer\MSI4ECC.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
C:\Windows\Installer\MSI4F3B.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSI5538.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | 1d51e18a7247f47245b0751f16119498 |
| SHA1 | 78f5d95dd07c0fcee43c6d4feab12d802d194d95 |
| SHA256 | 1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f |
| SHA512 | 1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76 |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | d3bc164e23e694c644e0b1ce3e3f9910 |
| SHA1 | 1849f8b1326111b5d4d93febc2bafb3856e601bb |
| SHA256 | 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4 |
| SHA512 | 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | db7dbbc86e432573e54dedbcc02cb4a1 |
| SHA1 | cff9cfb98cff2d86b35dc680b405e8036bbbda47 |
| SHA256 | 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9 |
| SHA512 | 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec |
C:\Config.Msi\e574a1c.rbs
| MD5 | b63538fcbbabe90750f7678a2f1d6dad |
| SHA1 | ad40f1b7dcc9f76539fb9e97cf0bb1729739361f |
| SHA256 | 5f85151868c908f6f003c82c3e6fa87c657da90d49165ab54684bf4893d3ccd5 |
| SHA512 | 84ae6b28c4f6879686ed8a078996bd2bd0b7790a197a17eff518b309defffb9ae44c8cc3b5aa961f6b63644cadcf18440bcb9c40149ed28f315f8820a9f69fd8 |
memory/1092-2382-0x000000007495E000-0x000000007495F000-memory.dmp
memory/1092-2383-0x0000000074950000-0x0000000075100000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
| MD5 | e091e9e5ede4161b45b880ccd6e140b0 |
| SHA1 | 1a18b960482c2a242df0e891de9e3a125e439122 |
| SHA256 | cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b |
| SHA512 | fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b |
C:\Windows\Temp\{9F79E04C-AAF7-4725-87B3-17CEA7F013E4}\.cr\vc_redist.x64.exe
| MD5 | cb264f7d256b42a54b2129b7a02c1ce3 |
| SHA1 | d71459e24185f70b0c8647758663b1116a898412 |
| SHA256 | d6aaee30c9b7edeac6939f78f4a55683c6358d9cc03dac487880d01f18700e83 |
| SHA512 | 4f623f5d21bc216f3dd040e6d0c663a8ea37efe5d0ce5f4aeb1ef5c1f7c873e19d1abc979d3e40d4dc70e2e4f0fc9a1b114b17d9eb852ea9a41d0f84356cd7cb |
C:\Windows\Temp\{05F5A8FD-8CAF-4DF6-BC99-1313F8B7D5D7}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{05F5A8FD-8CAF-4DF6-BC99-1313F8B7D5D7}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/1092-2475-0x0000000005FF0000-0x0000000006082000-memory.dmp
memory/1092-2476-0x00000000064B0000-0x00000000064BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2992_DKGCXMADLRZCZECB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fbdf9aa383091aef90cdbfd769b48a0a |
| SHA1 | 87abf85c950998c2ab3b246042ae77d0dd967b8a |
| SHA256 | 0415be622bb57bdfd9233bf865a64ee86c83394804496937dc3fc9dc0eb3e491 |
| SHA512 | e5ad63a1669217a2d8ce59c908df28b8274aae8fd7cfe527144d45e1616ff33757f340da713f941facdbdd99ee87e5e18c458e2be82d080afe56f8c7053302d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/1092-2510-0x00000000064E0000-0x00000000064F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
C:\Users\Admin\Downloads\Unconfirmed 291276.crdownload
| MD5 | dbb820772caf0003967ef0f269fbdeb1 |
| SHA1 | 31992bd4977a7dfeba67537a2da6c9ca64bc304c |
| SHA256 | b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc |
| SHA512 | e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d213a75b1956398e4c36bcc2f93339bf |
| SHA1 | 6a2739cc0e67f5593c744fbcbc8f00f12eef9954 |
| SHA256 | ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4 |
| SHA512 | d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7 |
memory/5732-3981-0x00000212C10A0000-0x00000212C10BA000-memory.dmp
memory/1092-3982-0x0000000074950000-0x0000000075100000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/5732-3986-0x00000212DBC90000-0x00000212DC1CC000-memory.dmp
memory/5732-3987-0x00000212DB810000-0x00000212DB8CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 34ec990ed346ec6a4f14841b12280c20 |
| SHA1 | 6587164274a1ae7f47bdb9d71d066b83241576f0 |
| SHA256 | 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409 |
| SHA512 | b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0 |
memory/5732-3989-0x00000212C2E40000-0x00000212C2E4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/5732-3991-0x00000212DBB90000-0x00000212DBC0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 177aac484ccade71ff6550a0177f7fca |
| SHA1 | 219d687c8f41d64af3d3ef4fd8454bc526a6af32 |
| SHA256 | 0648d8e89627ff04f71a80994efdac0b9066c7fb1d4830d0ca9032aa6060193a |
| SHA512 | 87fc29941096a9c453094c25ad7dc91cf87a321f481ebe764524538e4ab989c36765f3c12c16c2c2cf6762882d3fe78b608de647a7dd3c18d5b435f053c83268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a62b53e02d19e2349dd031e84027313 |
| SHA1 | fcb37843f6cc41dc6a8a625e66e860a177940578 |
| SHA256 | ea756984b754b76161db0b0e1b0da4f13f08a8d1861a0ae4d4e909a23b2d1a2e |
| SHA512 | 360c59839b6f800503d9306563c60d03c31bd33d38d12143e127f6e5b4bdf2e3bea5cbd4b40a9c2f9ba53d658fc86b089ae421ed124b59b89c9f2ebb3c690644 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\configs\DateTimeLocaleConfigs\zh-tw.json
| MD5 | 702c9879f2289959ceaa91d3045f28aa |
| SHA1 | 775072f139acc8eafb219af355f60b2f57094276 |
| SHA256 | a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5 |
| SHA512 | 815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\configs\DateTimeLocaleConfigs\zh-hans.json
| MD5 | fb6605abd624d1923aef5f2122b5ae58 |
| SHA1 | 6e98c0a31fa39c781df33628b55568e095be7d71 |
| SHA256 | 7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00 |
| SHA512 | 97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d44927f2f21f1c690356b52f8e1bacec |
| SHA1 | 5056e0ca84dabc33bcfa46d3e3f477ee35b53d6f |
| SHA256 | c982fbf4af65b31e24e873ccb1255128e3be8ee97129008533917c6d83825cb7 |
| SHA512 | 9cf38c51a052e2dec6a4578b8f286529afc3c0d0b90c20fda1a56e9c8e4cc43fb9d18b507ccb408fd28f4ba393c2e0ccf8b382d5991b61a77791261ebc2017cb |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
| MD5 | 464c4983fa06ad6cf235ec6793de5f83 |
| SHA1 | 8afeb666c8aee7290ab587a2bfb29fc3551669e8 |
| SHA256 | 99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed |
| SHA512 | f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfa5d0dfa2eaee3d5f793fe49fa58b61 |
| SHA1 | 68f9a4612348ea687662b6694e1a5f67644a5e46 |
| SHA256 | b6fbdda3c6641413d064e4de77f7b71675b2d28720ca2666cc9446f68389ab56 |
| SHA512 | 0f6f4fd1ed532363f118d6862bdc018709524ff78b4073e843e0537a4217c4b4845d0f82bec646a537b475bea8243bf9513532158a868110d5963313d12c65eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76274ddc721fc748777d23fe1ec78a4b |
| SHA1 | 36a642a3eac3275b30c6318c413812c761cffa4f |
| SHA256 | 7cd5c4b9fd44c114bf9a029622117a17b1c34055d81495fc19797409f98acbc6 |
| SHA512 | 6674b7e75d39a51dc831d9fa25f538726e56db6be644b8c4fb46d9bbb867983f2ee68b962e5766e898c5017da9591c474a927f4118f1262828e4fb557f9854d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5cd008cf465804d0e6f39a8d81f9a2d |
| SHA1 | 6b2907356472ed4a719e5675cc08969f30adc855 |
| SHA256 | fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d |
| SHA512 | dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\Clear.png
| MD5 | fa8eaf9266c707e151bb20281b3c0988 |
| SHA1 | 3ca097ad4cd097745d33d386cc2d626ece8cb969 |
| SHA256 | 8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2 |
| SHA512 | e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
| MD5 | 521fb651c83453bf42d7432896040e5e |
| SHA1 | 8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9 |
| SHA256 | 630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70 |
| SHA512 | 8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\checkbox_square.png
| MD5 | 2cb16991a26dc803f43963bdc7571e3f |
| SHA1 | 12ad66a51b60eeaed199bc521800f7c763a3bc7b |
| SHA256 | c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646 |
| SHA512 | 4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\Thumbstick1.png
| MD5 | 2cbe38df9a03133ddf11a940c09b49cd |
| SHA1 | 6fb5c191ed8ce9495c66b90aaf53662bfe199846 |
| SHA256 | 0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517 |
| SHA512 | dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 83e9b7823c0a5c4c67a603a734233dec |
| SHA1 | 2eaf04ad636bf71afdf73b004d17d366ac6d333e |
| SHA256 | 3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067 |
| SHA512 | e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 499333dae156bb4c9e9309a4842be4c8 |
| SHA1 | d18c4c36bdb297208589dc93715560acaf761c3a |
| SHA256 | d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591 |
| SHA512 | 91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\Thumbstick2.png
| MD5 | a402aacac8be906bcc07d50669d32061 |
| SHA1 | 9d75c1afbe9fc482983978cae4c553aa32625640 |
| SHA256 | 62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102 |
| SHA512 | d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | 55b64987636b9740ab1de7debd1f0b2f |
| SHA1 | 96f67222ce7d7748ec968e95a2f6495860f9d9c9 |
| SHA256 | f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc |
| SHA512 | 73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\XboxController\[email protected]
| MD5 | e8c88cf5c5ef7ae5ddee2d0e8376b32f |
| SHA1 | 77f2a5b11436d247d1acc3bac8edffc99c496839 |
| SHA256 | 9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd |
| SHA512 | 32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | c2bde3ba169916206ef61ce2af29abd5 |
| SHA1 | 9ea8cc423fdd68280988d94f2eac468e445d34f8 |
| SHA256 | 2099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526 |
| SHA512 | 442e5935be20dd345fb9940113a7db2e06649eb36fc79a4b7128e3054c8a27a34c62b826397b2d46810ea32f3b2d8367bb375b7996019fcbc2d400dff5f21ca0 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
memory/5732-10103-0x0000000180000000-0x0000000180AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
| MD5 | 3fec0191b36b9d9448a73ff1a937a1f7 |
| SHA1 | bee7d28204245e3088689ac08da18b43eae531ba |
| SHA256 | 1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89 |
| SHA512 | a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
| MD5 | 4f8f43c5d5c2895640ed4fdca39737d5 |
| SHA1 | fb46095bdfcab74d61e1171632c25f783ef495fa |
| SHA256 | fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1 |
| SHA512 | 7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa |
memory/5732-10904-0x00000212DBC20000-0x00000212DBC28000-memory.dmp
memory/5732-10962-0x00000212DC530000-0x00000212DC53E000-memory.dmp
memory/5732-10957-0x00000212DC570000-0x00000212DC5A8000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
| MD5 | 81ce54dfd6605840a1bd2f9b0b3f807d |
| SHA1 | 4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c |
| SHA256 | 0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386 |
| SHA512 | 57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 961d8a24e0a87c967495f34d2caa6434 |
| SHA1 | 6efb7c2b8ed0e3b979bba68a4ad72e922e48dfba |
| SHA256 | 794cc07b668e982ec099668e0bc3b561dcc5f79eb5809a6f7dd22089f793a08d |
| SHA512 | 525f30b4a28ee14e70e04df43ab680d2d32087b57affaae1cd7785f102f0b7874c22b33387c639c7d7727a270501356faf0a7ca0f0d59d47ca82800cd27d3524 |
memory/5856-11205-0x00000000009F0000-0x0000000000A25000-memory.dmp
memory/5856-11206-0x0000000074900000-0x0000000074B10000-memory.dmp
memory/5732-11208-0x0000000180000000-0x0000000180AC0000-memory.dmp
memory/5856-11215-0x0000000074900000-0x0000000074B10000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9a1e881d92d10454ef718aca543a0d20 |
| SHA1 | 4528b058e94658f923a8d92dffbf85de9ccfeea7 |
| SHA256 | da49860a42bef406c499c17817ed9bfe933181442f2defecb003677fae842688 |
| SHA512 | 55bb6ab93c85f726aaf65640d384109c1899fb3785c203f10704b0bf1a277845cc2552daedaa61ad0650bf2cbcc47827afefe39e5cc006a8e55ba250304672b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29bdb555ee9599c38648f3f03a0031d7 |
| SHA1 | b84d1f50f7fd3a1f7b2ff63af35d6d7ab9027629 |
| SHA256 | 9ab906393a60bf3137e248a649c30b6a7f3d3e6c69045cd6fcd38a213a8d0b84 |
| SHA512 | fb5d0247221fa583b9ebb8ee6b106d5856d373a8472081847ccbc767ee0083bb62993e3657f49896a53a02f3c6c9683995e31363aa4371f6ee7c05d1e6e71011 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db70d3cf6879137a055f03d83a328138 |
| SHA1 | 9d5be3a74e6f94db9679f2e9b1e5db31cde03bd3 |
| SHA256 | 7a6ee3c7fe0bca13d41078f63d6a2e491c5cdb1e60de8416e524e792a20176b3 |
| SHA512 | c84a09be82bf7a689cc615b96ce137ee5ba439665494507aa5c82f1e0121dcaec99a7361d9de22cdd121a0ac35776aeafddf8aad0ddc7979243ad244bf44245e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | b8965edff52351ac210c91dc056829a6 |
| SHA1 | 96a94d600e1c28fd3077d40727b9c95d40df0781 |
| SHA256 | e669c377210d8413aa44e6047e7b5adf27c86748eb4c0e05de25b24481f052d5 |
| SHA512 | c41c7480f02212b9cc15ec152974b244dbd3fad32cdfd9689a1dd331e98fed80e5117e97ba0ec9c3acc5cf4c88acc78515230416e470c7b90a7ee1e3e1758f34 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 4eb1e219fece47d8a7d206f8e7ab0817 |
| SHA1 | e8d1a27a7a180495f368f5af9e919dc9792ee6eb |
| SHA256 | 3ff1ed6d89d9ca314093d1efb1d8d7c984d236d4254680143fc562dc5f3dfea9 |
| SHA512 | 81eab0a3dfa8926dd605c817f2f2d993f52c771e825a031377835bbd97dbe2c31beb49d3e40ff998b6053d008a8c51cf23dffb9d1be1f355b9326489767401ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 137ba4444c996c9ce5ae34c9e4b762b0 |
| SHA1 | 79997a933be1dc1ad1a5871666d032a60f473c8b |
| SHA256 | 5c843f671c9cfa3eb152089a2db46745709db7406e9a396ecfee4001cae68ae1 |
| SHA512 | 4c3301a61f29e96f545917d00756e5befcb9d0e2e77fffcd5641228940a25f5c583f29998dabdf25fe2a57fe82002d6240f2903ecf4342c7b1aa4b7d6c29fd74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e777a73df12977c28a178b7c55c65ec0 |
| SHA1 | a6631ebec21833d06e8cd53df0a18e366d387d6a |
| SHA256 | 45b29f68bb578c1cfc7d8db1f1ab0e2a9b42918a5d87a1d48f19712f744d7acb |
| SHA512 | fbec186d6a0165a6ebe7b864f517091318de02cc827b38a266c6ada561c1209e82793011f8d8aad87be74b62745fd15c4e31ac17fb955bc273ff41329924d45e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2aba7adfeffa719ae5db5f22cd334eeb |
| SHA1 | 7e5921b4be1869ac2e7d500f16cb45aff2afe32c |
| SHA256 | 8843bd2be5c0698f4da8a520b3ae0d8ce0aba2a4dda90dd0af1d3e6468a4c3bc |
| SHA512 | 6f358061e50214ab7003fe3566e271387037c4b97fa816e0fe1d135a35dfa50851dd353e9bb712855f40e3935848051b9a225218c328fec3bae4dacd4efb3dac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3559.TMP
| MD5 | a39e5c6c2b036b3c9d2275f1f1647acd |
| SHA1 | 686073d478faa4ff85845777eec9ff59b1d6cdf0 |
| SHA256 | 5b2397c858dd8f8d216c1566bea489075279b446a685575c3fe2e4ba69b2eb2a |
| SHA512 | b23d0b12860e941b15bd50b858f34973b4af31265e203e9f96eed81ace15a04f836fc676243821c75d4205a74acf0447c3c36dbc39deade1f1a76bff344a63a3 |
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.56\Installer\setup.exe
| MD5 | 2db3410f16bfb551b063112f170cfe92 |
| SHA1 | 4ac32b5efaed17e0aab5146774e0a90dd912b0ff |
| SHA256 | 34a13e267b18b462cfb5c2b13c822d2b7d06b631f0e3257585382a10ef379c72 |
| SHA512 | e499fd5fca2c9dfca23b11a651a647678d814f7e64cfafd8ce0e3a88621655f7d75eca8fdaa6d1fd248f6549f544ea91411bb7544420a662891fc2cb231bf23a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 662fc859deb257b53c1d19cfb371429b |
| SHA1 | 5e21447ba0da4f3492b89a73208edea4f86d3073 |
| SHA256 | b49835c17c56750c438169624e8accd2291cd19d96c00f5a69571b86a11262f7 |
| SHA512 | af517f57924b70efc122bd149cc3fadec7b02fc6b4bb627ea74770795160058cf45c8232313ec0c1191db16d30ec394244b7ec9f9b2f618f992219a320a97423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d7a30c45c00274064bc26dfa56f3edf |
| SHA1 | 2c270bfe42112bf49fcee51de1b6639368570c9a |
| SHA256 | 622a70f6b69e51464bb0d32b1f88554b7ac390e1e879777d65e247b74e93e0ed |
| SHA512 | 77a89a822bc8043b46c12d4ccf4fa1ae01afcd7fa6de26f7d2be398420de47f14508c2e48d536577d7d14e3ae5ab3100d05c3409911a884bd9c91e209e691d04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec54f09101d634369d5c4a454e8cd5a8 |
| SHA1 | a08278c61fe5b9b4742ecb30b6df4df3405e9893 |
| SHA256 | c14af638c701694203403a3ded7306382317306ae03eb6127eb0c31303cb406a |
| SHA512 | 9d5101789f2605878149d21d412241971f3232ff5fc0e59c4de6819cbcd2c1c476e71f0374e6d862a13b4b254b4c58c2d91ff908e5979bb9812ac4762dd45422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b00aa7bcc03ce99fa750f3926aa8e8f |
| SHA1 | ccc665df83260925891bbe9ac6ac80e15a455466 |
| SHA256 | fd15074652adaa8c4b63d1643898e86871bc1f7f533a214a673ab006030eedd0 |
| SHA512 | e9d5abb14e6a2d5b9480f647012b4da86bb999749503af1ec4b05d04fe3f5bfca0c19a8cee70aa7bd6b7c9da57fa4155e8d11823871b4ddbc563f51cad3100e6 |
memory/5856-11799-0x00000000009F0000-0x0000000000A25000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
| MD5 | 636492f4af87f25c20bd34a731007d86 |
| SHA1 | 22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a |
| SHA256 | 22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d |
| SHA512 | cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c |
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2cca5ed32b534b2a\content\sounds\ouch.ogg
| MD5 | 9404c52d6f311da02d65d4320bfebb59 |
| SHA1 | 0b5b5c2e7c631894953d5828fec06bdf6adba55f |
| SHA256 | c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317 |
| SHA512 | 22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4 |
memory/2912-11837-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp
memory/2912-11834-0x00007FFC8FF10000-0x00007FFC8FF20000-memory.dmp
memory/2912-11833-0x00007FFC8FE80000-0x00007FFC8FE90000-memory.dmp
memory/2912-11832-0x00007FFC8FE80000-0x00007FFC8FE90000-memory.dmp
memory/2912-11831-0x00007FFC91180000-0x00007FFC91185000-memory.dmp
memory/2912-11830-0x00007FFC910F0000-0x00007FFC91120000-memory.dmp
memory/2912-11829-0x00007FFC910F0000-0x00007FFC91120000-memory.dmp
memory/2912-11828-0x00007FFC910F0000-0x00007FFC91120000-memory.dmp
memory/2912-11827-0x00007FFC910F0000-0x00007FFC91120000-memory.dmp
memory/2912-11826-0x00007FFC910F0000-0x00007FFC91120000-memory.dmp
memory/2912-11825-0x00007FFC910A0000-0x00007FFC910B0000-memory.dmp
memory/2912-11824-0x00007FFC910A0000-0x00007FFC910B0000-memory.dmp
memory/2912-11823-0x00007FFC90F90000-0x00007FFC90FA0000-memory.dmp
memory/2912-11836-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp
memory/2912-11835-0x00007FFC8FF10000-0x00007FFC8FF20000-memory.dmp
memory/2912-11822-0x00007FFC90F90000-0x00007FFC90FA0000-memory.dmp
memory/2912-11849-0x00007FFC8EF90000-0x00007FFC8EFC0000-memory.dmp
memory/2912-11858-0x00007FFC8EFE0000-0x00007FFC8EFF0000-memory.dmp
memory/2912-11857-0x00007FFC8EFE0000-0x00007FFC8EFF0000-memory.dmp
memory/2912-11856-0x00007FFC90A90000-0x00007FFC90A9E000-memory.dmp
memory/2912-11855-0x00007FFC90A90000-0x00007FFC90A9E000-memory.dmp
memory/2912-11854-0x00007FFC90A90000-0x00007FFC90A9E000-memory.dmp
memory/2912-11853-0x00007FFC90A90000-0x00007FFC90A9E000-memory.dmp
memory/2912-11852-0x00007FFC90A90000-0x00007FFC90A9E000-memory.dmp
memory/2912-11851-0x00007FFC909E0000-0x00007FFC909F0000-memory.dmp
memory/2912-11850-0x00007FFC909E0000-0x00007FFC909F0000-memory.dmp
memory/2912-11848-0x00007FFC8EF90000-0x00007FFC8EFC0000-memory.dmp
memory/2912-11847-0x00007FFC8EF90000-0x00007FFC8EFC0000-memory.dmp
memory/2912-11846-0x00007FFC8EF90000-0x00007FFC8EFC0000-memory.dmp
memory/2912-11845-0x00007FFC8EF90000-0x00007FFC8EFC0000-memory.dmp
memory/2912-11844-0x00007FFC8EE20000-0x00007FFC8EE30000-memory.dmp
memory/2912-11842-0x00007FFC8ED10000-0x00007FFC8ED20000-memory.dmp
memory/2912-11843-0x00007FFC8EE20000-0x00007FFC8EE30000-memory.dmp
memory/2912-11841-0x00007FFC8ED10000-0x00007FFC8ED20000-memory.dmp
memory/2912-11840-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp
memory/2912-11839-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp
memory/2912-11838-0x00007FFC8FF30000-0x00007FFC8FF40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 63a83a88f5063b0226153a2f1e8e6fa1 |
| SHA1 | 6a0bdd789b49ba6f6e13f4b8697748cea34e8a32 |
| SHA256 | 9f7cebb14507159a9f7e4ecabf788169d001f068ece0951f0510b24b485d1e49 |
| SHA512 | 0723b9157df6da66028889b6d38758d183002564641c316d498ebc65f3a66a6b52a25349b1cd5bec4876f0c63914df39703f8724eebe33a39706ce5a20a785a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 217997eceeec73133e7ae5e94403c78a |
| SHA1 | c6309526b5bb1a88da43ce900c490cc319070f1b |
| SHA256 | c46c50f62d975cd3b512afd16a8e4e844f5b662370405fcd8c530306dc3e7721 |
| SHA512 | a35812220f84ee3aa4dd018cf3c4e4269079d963690242ba0b8432b83edec90ab20eb0254e17ff7d489deb5898bcb517c81b07c8042cfea77f7fd3b91e1f825d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | d2895d96341b1d0c1eefec5fb110bbbd |
| SHA1 | 3e8cfcf221da48d743936a5acce94851d0a3a3b2 |
| SHA256 | d389e6eb3728840e524e4aa67ea2e0cda842ba753df9390539fb3768651d27bd |
| SHA512 | 15623935d525a08f663296543a43483551b4d888367147d7def69d5752b88a169ebfd96ef425a5cde9c1263a35c8059390ace0f94c79c390a936bf52e1e84c38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 759ab24cf5846f06c5cdb324ee4887ea |
| SHA1 | 41969c5b737bc40bbb54817da755e3aa7d02f3c6 |
| SHA256 | 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471 |
| SHA512 | 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 741336ab5d9724e6d2c8504539ce35bf |
| SHA1 | ef5b0042374a8c2c93e935a1f3b7c7b9bd6f96e4 |
| SHA256 | 11733a43760fd203b20d1a8054ebbef2bfd463726198178cab7f756ae3954280 |
| SHA512 | 5672a7a5458c383c043760ea4a2e61f8d655afccb8cfc2881e0c7e59da4eb1ed3a9a47584d83f28a2d804d607ea9aa73db6028838e32d91faca3ce37547f6d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 88c947af318c5ac526fcaf85219a74ef |
| SHA1 | 57cd33e176713570faf4b96f791bcd2695a47ec4 |
| SHA256 | 27461cd0dd0962cd533b59ccf8f29365b0b549d25d94854c4ee60fc94696fb70 |
| SHA512 | 830706e41577fcc236f32a4c871bde37e2c705cc2caf1c29e8274730fdd0a0ef96985d93f1610f91134bd3ec1cf006b1203ce91aa2d261e80dd0b765da9e93ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5b9de2.TMP
| MD5 | d3cae21f92c134f30cc88ccec7ffb457 |
| SHA1 | 7648780c68fac49bddaf56c3f4513277ef4f4b08 |
| SHA256 | ec7b40fd399ae77e057c3482eeac29ca7917fa31b07bd9be3595622e832252b3 |
| SHA512 | 4b803deea9752a2099815a74d37791707b0df93dfd2d3a9dfc66475055e7c16eccae92052b766ece22a1ae043b34085e3ce27c410475b702672d9a984a5de5a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | f6d5863c3a6b090f3de82cd9e75a80e8 |
| SHA1 | 66086768daf915cb1611cb07000fd45aef777005 |
| SHA256 | 4ee09cf9d1d938d98608d2ef5fc54f74efd18156e0179f2bc010770126b77ef8 |
| SHA512 | 26e21eabd4943ebfd1a79d2fc9e8d0683f26980380e3b8b5f35913434f1c308003ad7ca5f123a82383781a5f011c8592487d240b4e5417381f6526248dcc2ff8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c08a3daecbe455d26e79e8c02524befe |
| SHA1 | c183446591685a8dc2ebc7152736e2cbcabc5387 |
| SHA256 | f1a8950fa5d3c099630fa8ee249999f6affcc989ff50ff23c19f5173381c8cf4 |
| SHA512 | 109667ea8cf8932462f4aedd84c19a60b8d2e19382cca8ae2825332dc337305ceb25d5c85557579ebf58c8dec6aaf38e7a4e9aa85c771c993d47c013a98fe786 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e0ad86595e534acec22c5197dfd5c13f |
| SHA1 | b6a873b3ef710448a4454150cdd0205790cfc8a8 |
| SHA256 | 12d8c1e42a01703de2a8eccd8b80963600a5ad33af35dfd73e2f28a7897c99e1 |
| SHA512 | 5bac1c1e50a7fdaedd59ae2865714c7f605141359a2e4c5e70a493783450d2c5d50d7a87946f853651ec3fefc2877ca15ccc69acb45994ecd23e7bda7d11d7d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 70bc73e185ff339ce9a2c0479b579c64 |
| SHA1 | bb2ee7cdb4cee858403b07ac951c636e381e210c |
| SHA256 | 1d90643bcdfa0889bc85b6d56e2ae936ae3f385e7f41dec9d0462f8b533ec8be |
| SHA512 | a51283a53ec68f9dc9f8671011d9a8691facb74782f07e02fe90adb9e5c0cd5e338b91902c2a110e5b144a5c53b896f80bf11be4517156d767f2854454f4a0e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 5a653c811c62256370458d8e82003084 |
| SHA1 | 50df28f6d491cb243a302690a5141008aa23cf18 |
| SHA256 | e78e4d660aea2d8bf4071fe713b3d8b837d6e868e8be5e45c766470e4e2681d6 |
| SHA512 | 07af8499bd7423e56a8fc5eb46fa73ee005214c1184e01984a28c8a8e759ff58bf3c57a794bd0dd686d5f123d2320873a6aebef071346152502288d40e0ae182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d65fb440b598f65d81306b30cbd1193 |
| SHA1 | 49c44baa6c55932ed091f4f1f774f3ebea414d7d |
| SHA256 | 3c06b140502c69804ba5bf3b7d9a5176b88b6e51f79e106b7565a084d0b9daf3 |
| SHA512 | 4454ce652956b63636b8ed412eba99cdec700fb764d1c16b1088c226035c3ca5783a7cb59daa25bd56c94b56ccfe88597577f6d85f1b8b2340e1ddf2c9103be8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7e55c25f6b7ebc79dcbf374010cab249 |
| SHA1 | 0be7512d0a3406f325bff742afe9d2579d237dab |
| SHA256 | b4d49cb0c738911d3516ccc565936603f65a250f9b9f55ab05bc4c886086a1c0 |
| SHA512 | bb2030e56e3920c1c19eccec7ee5bd8d8295e8f3cb48b74e43498ec868b397a8404e70b19060b0dc349934778c6b05053afa1c3726b3e218248896827e2311bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0cfea57f7e2702b200dafd0639ef476a |
| SHA1 | 15b26ca8fd0655b3e45e102a6ec07676c3586348 |
| SHA256 | 10a77927d1239dcf647cb0b306df1d4daf154ead92f98aec70245b0797f84383 |
| SHA512 | 14081535fd5f8eb739ad954ac61163e5d46a9ea42b010b8ce50b84de8c033736e9bc23d9d473859324a4129ecb8c0e13a084e1eca6d1c0a5f0bfdfd265bffdd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 42fcddfaaf5facbce6cf3ac3b9d1b341 |
| SHA1 | 27e6a034879a8656c9bc48ebb914c2140834c447 |
| SHA256 | 85aea10e23b1b47fe328b6387ee27dfe86a77e11b4aa04ec06d0c04952fe9cc2 |
| SHA512 | 81cae47a00587073626ada564be9ffc4b4eeb58a9159bad39e32f0607b5de7543c9ff8c1ef89f11e03e3fb8b1b9a3156673aa60f497f770337cdd4b294666541 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c0cd078e0fed0981c4bb6d98a75fba8 |
| SHA1 | 101ae6eac692e9dabbd33e890fc057d696663d27 |
| SHA256 | 916f15ea94d8489e7f803e4866797fe1183ffa599a7eaecc69d0cec97e737725 |
| SHA512 | 40fb6e088dfab1aa8362b430da8863008c660bac3bbf5dbf5c5b313099c123b63f0042249008904756371a21d0694957d69c4c37d5a1f01ec1837d744969b23f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e920b9abb5d1464ba46b7d92ac4752c |
| SHA1 | e93b885f5a4b6ad91c382740fc6627aa38ea6810 |
| SHA256 | b4a5962dcbf80a1d17cf7ed58d5a12bc3d5cd3534b583795ee1e1f6e4e6f1d88 |
| SHA512 | 2489d40bec79f5a19bc688fda8d6fa64b8e02541b87d9c2769184b2cb775ea94a3cb2a588a2d6bbaafe8c62fcf34f0d4dc1f0d137ed669b6ca7d56ccdbf07c24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3048b5f3906433daad5ca5cf0e388141 |
| SHA1 | dd713b6d1b3cd2af223c00d151c39b0af88e1661 |
| SHA256 | 0a7291d6d4697e098a184acac8c4831bac0ca4af20b63aeb1f85fb19516d1d12 |
| SHA512 | a3320b0f79ee38f81b02438b28dbcdcad3e41609d48014cef8aaa1d81f9f85299ab939741a9013ff6f3e46faa5a3cc35742da17081b21c7572b96ea6ccac4168 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ffcd0f2c6bf32bf4784f560d90010241 |
| SHA1 | cc01c101748257bfd9310cfbd3d31c827ede6850 |
| SHA256 | b10d0b2504334e0d9e5099f730b47bf98e19117723c1813c83f8073b38ce2bdb |
| SHA512 | 5f5e0bd849b9e340ed1e0698035d3fd1110cd83ce0a0c81bb624c5a56bc6f4335cc844f86aa2b0bc553f8f451974518b1c9cd0831046f4941f957b6f554063c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff5e6041c1ca6066d03aca7f3a299370 |
| SHA1 | fff8c835aa2f6ab1e28d68444fd96d68cddb1a17 |
| SHA256 | ddda8f2816b59c601b890f094b34e945794def8dee74b4c0dd95e5b175cf5b2c |
| SHA512 | 3004ca241b65a1bc7e774e92a23c09799eea455edeb3699396064fe2af1e51ed305cb81f181f9af0c19840a3ff4fb7347012aa11608d467c24e3938c47dd63b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 99fa3ed54860192ed82e22cad02100d6 |
| SHA1 | a8328267ae769437529a7a7292c148170ef8e39e |
| SHA256 | 88d33fe274173d464c88fbf425524ff78d534cc83ec1876a3fe0fc42527fd92a |
| SHA512 | 4ce829a2ea34c4d78ba7d3365db76b34921859595ec7ad458bfbe545d8aa54cd8c2da9b4fbe8305668a3c14449a88927b22ddf92d33c52dc4307c8054f1845f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b298a26be2c9c732a9e891bc1d076d60 |
| SHA1 | cfac8c3dfe37844030d80dc44d2a67dec50e2e7f |
| SHA256 | 1c5a82223b719d8db77c66eecbe1b726f496fd5f343916eb8af01e0cd0e4fcaa |
| SHA512 | 12a1d898d337422901725043d2c61646a431b092f007dda83fe8e3bd591367e4ce131cece3c1a95ff5c6aeddba0cbe7299df798fdb1875d3cdc4d11a8f880243 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51e48fa697aa9ce64a098c22f847dbd3 |
| SHA1 | a6013468b966204bf2ec3ef709c8e5e1ddfe7b68 |
| SHA256 | 5892d713137e91d69fca3628fbed9969241085a419a8a7a8da02fae54bb0b5ab |
| SHA512 | f14efbd3c476c8b1f7589d1ac209cb1463f653dba667b18e9a0f8098f6c8b0237447c9eb6ce1b2e3e31e15802981f3f60b0bcd50c365a100eb2ebbf1593b1f6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b02cb41bd4714fb492ee73d7bac42b9c |
| SHA1 | 6615a825ef4aaefefdb793b59dfc34f025d8d061 |
| SHA256 | 26ba17310614c40b3a06276328627435e35fec0108acc427a3f242aa7f01d718 |
| SHA512 | 697c89209f70e06c4e8b893a58128e1202d4170d692edd7eea29bb44b29ada100cde708c8b1f1d6cd195c1ba6aaea27320bc6d8104e6b5b8dc0389b8ce5341d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 21e11529c630cfa85cc047d22790c021 |
| SHA1 | 03dcf323ddf086453e8327d7a4eacd90ce6770f5 |
| SHA256 | 93b4df03daff39b20d74dd71cfe3baeee2f1ed83e9ce4716b0abc6ed12a77541 |
| SHA512 | 54bb57fe59e783b113345d1e808c5179d626202b54fe7af2b40720dfaf3703336b2dea5228c85d4e0bf1f91a3cd04b93b82b397b5652e665f3f971926497c9cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cc6e11de-3ab8-40fc-9af8-25ca05563ce9.tmp
| MD5 | 9c0909caf464b2c1ac1841fea4c31016 |
| SHA1 | baccd27e1deea085c9015ead017e8a43b6b0d8f7 |
| SHA256 | 42e6042e9b04883d4a260496d02433b2ffebadd4521ffa225d209b7b6655f20a |
| SHA512 | 1c99bdd8ee60f0665568bc490f1449fc818c0c3c30211e712630cc6de5c9043a2b845a49c0aa0034ccd970a4e9f9aba30ecf375042320c280801bf9cfa845501 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7d109434ef61eca2fb9771c475b73580 |
| SHA1 | 5396493a02151fa2fe87f7db07c2877e116a9aae |
| SHA256 | 57d01fc3ac1f1ecf8ade802b6625fc60e43051e8fd9171f404c50f76fc5bab28 |
| SHA512 | 2f0478779661a01c602615fc40a34f79e0dd3a3c8869c4d7f4dc971e32bcfade791c6be2d1a55a0b50daa1596403ea6c0d2804a1ecde42b62d35bc19e27c9abc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b623532fe7c716be8555d8e9376edfb1 |
| SHA1 | b97d8cd30f8dc47cabe7fe3118533ee7b4cdd83e |
| SHA256 | f05042129873c829fa6f7839bf8e3ae37c14687b48970d3cd8cbd625b25182c4 |
| SHA512 | 45390f6e98ebac49f4980bbc95e9e0190f01190d29a26da60fc94d8a2ed84bf30359a098587ed1235afd2854d3f3c39019470b88db6b4c7dcf8e54fe25f7d852 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7688ebe8aca7c0e9104bd8b7a1924bab |
| SHA1 | 01aa7fef30ca521bbcbceddbcc45588b7dfc7e9c |
| SHA256 | 4bf8f4121198efe70a3a98bc0c555d52fa279817804403c91bbfbad6278f04bf |
| SHA512 | f5df404e0f4eabf73f3910b1f4cde93f0cbfcbb2cebff6d6b48d0e72547c07fb68f52ca8a14a8a2566e3ce0a3b7bf6482510272f54fa845e1deecda4eed70eff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e19a13b3b3b40a02c6035b14da7f81d1 |
| SHA1 | a92624083f921ecdd0fceb5585c18795a9f901fa |
| SHA256 | cae95ca0407f035ac0a034a292dde174b14dbb8eab010dae832b358c25ea27ef |
| SHA512 | c38cee4b1fd6bd31d4d446345f52b073b887257c05dbd310b165c6317d47dce9ccf5bca1ca0458e9aabb915649fb26c82598de0f2e0cbfda159127fb0b060849 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a4c8f29e3e5c710babc6ef866eea4b5e |
| SHA1 | 486d2c696eeb7902eb7ea962e3c58732bbcd3ed3 |
| SHA256 | 13051e612452a70493c476d66f4f20a09f0ff20e2b379726fbae66b8e8f54050 |
| SHA512 | 69497b447ce11ba7be8fac96f8ed716692a84bfd4f2d9f83186a177954cdd95528e14a74feeafcfd77e4ed32386b843236a9c8c8138f1fe0eaf5cd888366c0e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ea507e52f89cd3b2e30f829d7472cd6 |
| SHA1 | 826858b0b8e0dae67550ac494e08f19261ca9094 |
| SHA256 | adf82a98e8739c45daafdf7646309b8e3d211575bf349ca6077daa1f538862cb |
| SHA512 | 2962f8977dde7b6e8ada168f0e7b804c757e2d348db97e828adfee6158dafe02a1a823c45c4402c74cf9e766c639f9bf3427b194f96a51c8f905d5cdf599f6ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e497a82b71b746dd5fe46a554ce4a38 |
| SHA1 | b5a36bb901ae3d6a29d241f449e6bad3ad95bd3e |
| SHA256 | edfa47b2bab59d349132b3e492b59fd258b37aa0b2c730486b72a58630655e0f |
| SHA512 | 8e48cf8bb8428ccf361883097a62378456bcc34d5c8d4591ee2ca1241fb0fc945b6af7b3403b32d09b3b904d291432aa425dec05f9d91e7da76c711890cb1e7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 472e7bcc031386812a24921a1a939f48 |
| SHA1 | c6ab29333e49407e068816163835f5741629c038 |
| SHA256 | a47924365db948ee9615ec2b2a4aa78feda12a57ea7af267615b495989b4de73 |
| SHA512 | 41533a943b219c9b66bced0f124e4aa9af0690b0a0e3642cbe59ee237e9927ae2efe5e2dd3c247057d1a8fd1980c007af54b38157f86bb3b927dd5718b8fa94b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3cf04fbef94bded13d5db7c71529cc2e |
| SHA1 | 34f4fd20a5bb2d05f4e8f2332562118d8b39fc7b |
| SHA256 | 6fa3ef088e92845d765407895bd70fc10ea6f4042b0492aef4f8f6cafb28b3df |
| SHA512 | eb7d66b0bac57f30175a2d861dff70f2d950911642acbc4be124d2d6cf352b9f8d41f3f849503924d10ee41ffc0598dff408ff013c25f16e13fc0596923d8b95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec19734533e9ab773010529b048c76dd |
| SHA1 | aec8e60d306797641ed5587089d70194a7735f0f |
| SHA256 | 79676c61f76d42a8d5a09cacb29f5909b8b975ca780ebc38d20c681a37ea0ae6 |
| SHA512 | 3faa4ed7db23f0cabc34ebf818e7a7f577e2b3b2496f855d238301658778a6fddb27478b799f68e5b8746fbab323db0e133cd12365d1db9f125457f32c50c708 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e1acf2ace48cbd81b1983c8e807d1472 |
| SHA1 | 6061a6aa6ad9a1f78b5c67a1a11ddb4086360395 |
| SHA256 | 9f7bc25c898f6993dd59720ce033b793bb12609525c2be06b0a7b5740755a01c |
| SHA512 | 11dbe75ae15d78ef307b41e5715a768c02b65ce5d1eb256c59038799abf8deb82b0c8e18e4247163efb7144b0630ac2c1843e850002eb1abcbfa36839742ae9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75a7fbf3e02e79c8c35d557b9adcd3da |
| SHA1 | 13f2ca924ae8cb340ca3e8c4212372a64fb9e8b6 |
| SHA256 | c5ae1f5c2ef36ca949d738f13c2161a913f5aa658456ac7d7bde935cbf51663f |
| SHA512 | 4769afaa70165e7fd794e2521b4a0be22cd12c6a42d4ec717ec1c0f85855193ee3ccad6c7351669df98b66299b8673699a94f576801c3672e516659104b59a76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bf713bd5b72f35a69e3da9deade7bc9 |
| SHA1 | 75c5c6a4c8ab98859c30c3de6935a4e6ce72c6b8 |
| SHA256 | 8b303b77db2706a8292ef90fde63d154afc795e4c64f288b6d0d99250c7e7ed4 |
| SHA512 | 803e86ea2d6a7a683e707bd147f9c7faca19e5f9b7c5d0f44b723dda9ca8fc3d670966d9eaed792c64b0ee8a7b76d4e77456e967f224e4aab338d8d1a71f251e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6e5b18623fe197ffd5b173e76fb212e |
| SHA1 | 23e5f8c80a64ba13a21a0a479d824af9f08b83c1 |
| SHA256 | a4d3cd3a064693bdef72bac9e4beed063cd6ba97eca44d5ae083f41c127f4d1b |
| SHA512 | 6eb55c8a247f41a600894c55ac65a61df06bcc38b1765e3d9bcb72703b1c023f0055353bfb85aea1c0036b811f2945326acf5ab3db632cd3363597e39653031d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 729b6ab682038e3a4d5747254a5a5fc0 |
| SHA1 | f3254b95096be73eac06c60be2a6a57c08ff2971 |
| SHA256 | a9e82981d4d2cd551f2e04b18cc6bb175d18427d0ccc929318b0b39070101ac2 |
| SHA512 | dc79aadd36fd99c7140dd87b8bc9e04d6c52c355c718f19dc642eaf521483a05e0d956ca0eb5d84e45aa374e7f6b39e17cf64f9105f495d259569fe252422cef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fca257629df0dc06123cd6124d09e9e7 |
| SHA1 | 4821cd580f95ab5aa1d1c25dd94bfb149e4d1617 |
| SHA256 | b5b06cb5ec1e14437612c53e2661eb482b271c8638cec4eecef2b0a1101fb850 |
| SHA512 | fb8c0003af522a3764e3108c6d13077a6fe652abeb11ade21f9013eb27557b7ed27fed3cfdbff1125deaf2d36549c557387dab33c7a85e93739bd40d9a87ed70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 931ab74356ca35731817b2b39c8f1f2e |
| SHA1 | 6a74396f8cb2e077603bd045f14797d252a880c7 |
| SHA256 | e591387f0c6241c3cb6baedbb980944cbd7ab5c1a08a674f56bdf1f8cb412642 |
| SHA512 | bbd190191d3c17d9b3701d7097d60dc6a925b60f3d02ed7c3e36b0ece33f1a3f53c21b3d6576575c078502b0c59305acf6e4233a534f7058b3956d5c5d39ef88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4619b19c041696f2281ab734d0e95b07 |
| SHA1 | c00c84e00ceca003fabdbeaeaf38b477d8c31067 |
| SHA256 | b518e99c8d20606029d74d6037b147043015d4be63023ec334c0d0e6113666a9 |
| SHA512 | 2c9976b4d1cc7d8661a3aea2617e99ac31f6961e6e0b90bfcb61a57e34df1049300310d3728fdda431adea1547f0959037e7128f7d7bc2dc408b90d11d9e76a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eb6350523dcac477b575715c32031f76 |
| SHA1 | f20bc2047542060fbccb04d9a5ad47fbafc50f08 |
| SHA256 | c590bebcf1ffdd0ce7ca2da3e6e4dae81b0c8f6610db1528ca12534bfc8cb59f |
| SHA512 | 14e9bdec5eadf90d86005d95ab8edfbf181942b3158d99faba79dc4f5149b294b080382c50a3b2a9865981a7c5df955e1867fbc0b4e93ed2298ee70f1e07dcdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd59dd9a2a274cde560f9726b58aa3fa |
| SHA1 | fb9d3d7d1087b942bee4e13d2f1714f52967c560 |
| SHA256 | 9b6f7c6870f9895ade80b70051798ec6e09987a084821c5389cba123a70374e1 |
| SHA512 | 423a2ede0238c592b73a2d244e01ec150a5e20eddc0b492fcb50e8d2682ebe74b8e38106bef49d1be08cbd1754b36116995df4347a44248675181ca52f137771 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e311b5007c2beac5c64072c7f49b17fc |
| SHA1 | 72e9cf5baab976a2e5577376c14744278ed817f3 |
| SHA256 | fefced24dd8e42697c5a88e5101abc87e376be12c796c73e1c3b64744227bd03 |
| SHA512 | 03fc34805d300fad3c488e9b86ed55c6228cdf0ee9ef35055760034cb0ad33063c6c2ebad415e2ad9d027b1cf41c81f0e3af8285a558923a5a3908a9e72f3076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69a5b8c768da309fe83732ab6bc35aa6 |
| SHA1 | fcfc93585249c1c0bd74494771b5dec080087e8b |
| SHA256 | 320bd4b9c4b1ce0de1289f027ebc10d0cd1fcc4b8469ab1cced7a3580bcf921f |
| SHA512 | f36cc2154b1628055e3a38921bd89d5ded58478f3e4232c5af0f4b6daa9a0f545da95f553be8f805af254694a6451fe407be937c22c272dda7bbf33d4febef76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db65c17be217406b39a926e2ba8aa77e |
| SHA1 | f67c56bf487b9123119f0985d64efc180bd562d9 |
| SHA256 | 02c8dbb271d28ea054714f35d55ae44f4aeb150f89c21a92bac2250a2465d1bc |
| SHA512 | 21a004b41bbbacbb1021c90104a2314738e065385ef88b593fce05552afca16de2d2e32adaac59814c7a12a58fb9c515f1be04fb8afcb55c8762ab325fe08cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3bdc06421d1a6f9136f71451ef8c9969 |
| SHA1 | 3a61bcba72e866ae2723d13b21154592ed0bd975 |
| SHA256 | 77d2c0eed4fee13e3103df23e6f07fc1fe84089325bffe6c34ff2d567c3b7c9b |
| SHA512 | 7c9f79f69a8dc945909d7b87937f1fdd0aac68896793cb316f0b15f15abaea832edccedb64d745fbdc57dee9d2b8bf47220c23e8da1c977b5fe230c29e3f614c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37811c8461c23ff74a0436aab0af1890 |
| SHA1 | dd3d115f0b3902bd60a0d1fd6a28407fd326f0db |
| SHA256 | 3ea46988b19603d2ffae23c072157b5d580e9d9007da87f2ad4feabcf41b2900 |
| SHA512 | 037589090f6f03fd0ad98dce1ab55ae77c461fdb09fc22dba6b854169a9988a8c59163ef015c8a7ca548534fc3b5d5eaca814899b600a6b340c6b89b4dc38a60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a35748c5a379e333d7777d8f63cd3674 |
| SHA1 | 111ae2b59b5a06901c89aeec898797516aa4b5fd |
| SHA256 | 593e578506182a3e01b84cb9c8e5e3b0b4b57d77eb2a09cf298390865b9d5315 |
| SHA512 | fb663b379950d27776ed64862dc25342dfb9fc83cf0a746c8cc288e691ea07477961ba856ca642deee07282751fe3195fcffc299f8cad42fe676db9d6681ab06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd46181db0d4bc3f44a0785cca43786a |
| SHA1 | 43e94529925a73775f52826766e15b4ab288e378 |
| SHA256 | 8c55f2902f682cf4f94f1c2bbbebb9a06ab43dd9f7f008aaa58683a406e838e7 |
| SHA512 | b95b6d0c1b04755726c5c61e085e489a0f0093fc8dc3c4fe5f8092217ddc2126262f94f8b6e4fa09492ae30ff8a84d04b8e0228045bb462d1437b48567a62ebb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3ec201420b83c5276af1ba882c0c46d7 |
| SHA1 | 3219e9586d017b82fb3e5352a415ceee4d911ea6 |
| SHA256 | 96f05e3ab28d2efbea3f91868cba127ae510e2ee0aea08a76b8bce7c51f7e64d |
| SHA512 | dcaad47bbc20b6b8d892891706236730a050a0dd39012efd3ac3a1a79acdb73db4db5284ab7de8db271589f70c5568374634872613550cb8cfcb7b864c05e0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a7bb691bb8a67feb6676088550c0c72 |
| SHA1 | 5c9b7ff53c5f13203ba5d80fc6ac28c28281968e |
| SHA256 | 8eee11a292e31054697f2dde1e17b9f56d8cbd80af5964a8b9e17525225ea3ca |
| SHA512 | 255ea3d8ffcd5a244ad634bb0b8502f07e4c507437a747b31992d7851accf552dfeb7ff018e561c68ee6594c3c071ec7fed5753388342936040517035bff7f7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 594bb4bbb9163b0de56b038d1d58716c |
| SHA1 | 91aa6fe490b22ed8df8dff71ed995af527fed225 |
| SHA256 | 88f70a1744ea284bf6410a78f5f46aa4bbe11f09e7958a17e4bde1b27281fa59 |
| SHA512 | b4f5fd81f5ad9c84754c63f909641f5dc9fa100a50cdb466f3e6c4c2b4104c126774e68e6a9812063eaa7992783c7b2a756db70daaf1d9b53553d65070f05514 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88017dc8e09bc265214b8b724fa0a143 |
| SHA1 | 31d655790f2a88f09d1394d490a74c747fc29ca2 |
| SHA256 | 1147ccbe157602adea2a62e7bcf83c1c7dc503323c76d1c66595b33034093d87 |
| SHA512 | 8d8555ea04499b28e70f0af3ff965a6c40d31f40b1e148fac376ab6575f78b608e5adfdf10e768f4da2ba97918a7b506f49be912ca6244bc96d9e164245ae3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd4539caa4eb77700cf74382da1c3828 |
| SHA1 | d267caa4c2c89bad3801a4400c9b279030fbe3bd |
| SHA256 | 806a797c6351ccc1659647329954ac36d354a7b0bb425bf93383485948c188be |
| SHA512 | 8f2e16b930cb25b19dd2518320aef867f5e17df618ba6b24a2c8761ccbd7479b4151f8fae5046758a906b75cd88c3f905ce1413a4018ad7e764a1989c9a94463 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 584840a8d903f9816cfd8f5af3a7f43b |
| SHA1 | 852f6e8aeae2019548c96978e332eb295e6ce146 |
| SHA256 | f8f0bbb68b0f368f4655c2042d504d9664c9b6b767b7d01b8ef5fe3b6398fe3f |
| SHA512 | 286f879fdbb04498994b249cfb35fa0d321d54d9f710f5e096695e652e950974cc9a5bb9a9c501d45b2e11e1c6730578afe1d4edff54ba20aa60657e69fd5d30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00e3ebb505cf82912bcfad10d74e1bef |
| SHA1 | c27cdfe561c13e83305306ae260022af9262e4f9 |
| SHA256 | bb0f9b1280f1f276d731626b56348bde58500c5b1e5f2809ac4361950d5be3ad |
| SHA512 | dc5c276ca591f6ba740bfb2a9a686fd23203dd1f654753a0d198d029fe3f7326e68a67931937632f61c7c7e72c489f7ff923837c6d4e86d8d7f7418e94f93662 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 03e349e698c11cf90c1c0ca4f397e009 |
| SHA1 | 4907e143e3767cfa64d0486c032786b316150d2e |
| SHA256 | 04714d646fcb584fec2db4af746577c53f9a216e96fa76e4363feff884ca4706 |
| SHA512 | 48613e5faac4984eb8c44e48a0e8abbf1f8c40388a2adb64a98cd6372409d447a053a3eb51877ee48cae7b0c11bc035c4b2ab68e22226c89183564748dd65b06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 27fcd46cbe0a970979b3fd127be3f3b4 |
| SHA1 | ca130ec2d13ed4ba76cdd8245bf223f51e87974a |
| SHA256 | c3bfd1efac6fb6c2cad70d6a9b9abeb206c24b2498e5b27cf19945111164c678 |
| SHA512 | f36f2ebf91d994b0339d89d74441e2bfd02aebe04230b7f60aefbbfe984bfff7d96a1783d41d2021e3d8421097f3a2e475f9685bb144a33b5cf1d2ae075affe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08081d5201cc346d1d6965b78e5b0084 |
| SHA1 | 8487940c36d84baa2d8daca60792d2da2df7a349 |
| SHA256 | ebd21bd7e507281ec1e096f01a4fd53e0c5bb0fc1d1a8f883a97749537ef14c2 |
| SHA512 | aa68390e41e5e42d91b2a297b855df3aa977ae8fe62bf5ee9d568823aa5c8f2d15c8ae82694f0b868bcb269710aa94e910bb294a27f0f7042b3cd11e11057945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 85b5ca6ac898d3b47e4edf145d0999a1 |
| SHA1 | 90cc633b160914ccece57969d5d8f7c7ea763f71 |
| SHA256 | 6ed49bb28a2295b9f6f75e9c787ca9c7f7c0d23c6109adc18e0fd85778eef0c4 |
| SHA512 | 4f99833ce787e8f803ee6ee94ed86b182121811cfe18b99250e17fbe47d33d9b2bc105fcd72fbf84f1d3053e3d614cf617f683e5207652e59b098aebd9a253e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 71552657e09a5ee93cbf2a0920cfec8a |
| SHA1 | fe5af1faf1d0fe280ec73487fc046601ad97fb9e |
| SHA256 | f18b874dd60278c36fc1a7cbbf307e00b7d6042541388ce62a0ec7f3a118c8f8 |
| SHA512 | 93172b5c76f265ca5d569d49c1d410ddd65c1e25afbcefe4f306755cb2ddf428302c29147400deb299a00cd2310e45f6a3d024c2e7a1165ed11c8a743f258234 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78f5fbdd84ea6506d7720f86a631ad5e |
| SHA1 | b620a6f1985be181a4428c5e260ca5f4bf19cfe6 |
| SHA256 | d8f1109ba821b8451a0ee13ee4dfc49409fa8b2015f1c2372bf75f01f06df470 |
| SHA512 | f430d4a6e2f660fc603d5b485b2d2f334816a8cbc61f7ce925150b1287c3f822fd7e6472b3b0939f564efdffb01d8d22791fe8fec13be29237b6b6e65f73aba0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b8610d114fc7acf8cd0e20277b618f45 |
| SHA1 | 7656b12877691602d501b5a1ff4c6cf3bc02a2fe |
| SHA256 | d0105c9a69ded41769755a15436f04ccdaff43e4f5b5093cb8d947d5615bdfc9 |
| SHA512 | 3edcccd8f99f89b52dc2b23d6c4577f816ee2f544f9f18a4cac937356937ff58fd40d1818db3b52b580b2a4c652f2846c9ddb255d857be0b6af64a24585685a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8e83c8fe21217fa57e9a31e65c1b4557 |
| SHA1 | 799f0e968fa704ed6b9a1a193eb171838392d207 |
| SHA256 | aa27f17e941fd6ca3066d4a54a014d18623f9ffe10010eeaceca1c3633b2c21b |
| SHA512 | ac43145ed4314863221422e6d870d0ae89ed014051954d16d697329b4499bca2d8e0382d4f9d67f1ab14c105fbe00f1ccf4b7e8d8356ad85b8a4afbb5649f6ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7fabd184b54cc31a4f7c4ad9472c8673 |
| SHA1 | ec333b5226179fc2f38cafea3802fd318c091fbc |
| SHA256 | f3c3117776484bd218c2545240ec69f420037727fd7061507d40d99f6225104e |
| SHA512 | 71cbfdaa06c0e085bdf3e1691a8201f4a85bf3b6872337929ec31dd2bd9dfe46b1364b73f699b8fee98e477dc640366c0e538934bf6aa9d9a7a4d05323b83140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8219ce63e30b869beddb98b14eb96271 |
| SHA1 | dee7369efba3a3411d9402078f3ed0d44234602e |
| SHA256 | 8af51d3a8edd3e4012e75e3383a410e78b4a89d51352a0107af25017b026bdb2 |
| SHA512 | f0239e5f1145e0cb4a903585ab68ab8397ed7948edadd9b82be795c76a93eb7afce2cd3a4595339ecb32a76f222fb1303106235c7e6dcae93c3500bbde169394 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1059b227f8738575d5416adffdc280d4 |
| SHA1 | 2a5ab0bec2f5a33163470394711b1728f5fe8b47 |
| SHA256 | adc0c3e43919a820f1369532b004d7266eb7682391a3138282ad341c46a61bec |
| SHA512 | 408f31df4036ec9d5bc85494064303447178c8465f4706945cd7bc71b745a17a653740d58504f3abc0d979684b91e8ba9bc03c1b4ecc99c02b42f32eb7bcebc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3b40cdbeb14b0897a191c979c17cd99 |
| SHA1 | 5c4bb7b2de1ffeee80d9e9ad6f41ebcae9fb7d01 |
| SHA256 | d2f4b4a545ea4f3235a81e02e07e2ccbb5cf1a20aca8afc65bec657a04c40153 |
| SHA512 | 0b3c8bc624fdf74419229995572e97479f8d80309ba65d889373407c639f0f09f1ff34552c8454a60d5d77c7ab20062a015f8e05ff3e8cec30a363c72393b556 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00d81ba03fda26f5bd2f163710399c8a |
| SHA1 | 90192855f0c79eae3d90478ce105eeee30bd55f1 |
| SHA256 | ddd0eca32f8069733c0fd9e45f259efcac6373a70def4a40698b5f746599c7c1 |
| SHA512 | 0e93e5892c92ac537ee0fe3d36b64713b211527d345bee17c5138d7a207ae80eb58a58760047c1f67d2edd7271f5b2dbf9b1ed5858dbd174b961117b4e128cab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 70e5522930595eb8b21e5e6273b17c4d |
| SHA1 | 8bece2297c3ff2dfb2f0a026f05bf0e7a931ed3b |
| SHA256 | 20dedd44f28c45f8837c6d4faa05bb91ed61c2c1188dd6010234062044d9f852 |
| SHA512 | 15158c9547068d4acc077544a3ae4167ac3ed08302c9f08cfbbbff91534c67115b80ab612d8cd57f454b802fd5b8cba589932799f3341d09bdc8c67907663dd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2ba1c5229371cf7fc42c2990ddeab74f |
| SHA1 | 623c7868f382e729656cdcdb8ba4154ad69dbb58 |
| SHA256 | 03a4957d614a0142ccc82cbf05824765039fcdd521a6f8f86537882e029ec39b |
| SHA512 | 7fd18bdc1298e2427fd048602d146b94d7f558bd68e76dfb4def6f4386ee6ad8fec0e92f30b76d69dc9ae312ce1532d20e1256a8aebb25e1e56659c72b6feb67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b167bfff42911dd4e92e22182826068a |
| SHA1 | ce10bda67b2e4da2fc8bf168a397e5a1ef8d9d91 |
| SHA256 | 6c18a06c3730ec204e4b5235193cbab36e7eaf25365f38d786fe6ccc81c4966a |
| SHA512 | cc03e61ea2ef179d44feb6f5b3b45ff381abf669cdd097080060c9bd2db4094d2b70099089cc61c866cb18c8dd039af6017a9e6591afa1b52476115e6743f96d |