Analysis Overview
SHA256
ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
Threat Level: Likely malicious
The file Bootstrapper.exe was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Checks BIOS information in registry
Themida packer
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Blocklisted process makes network request
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Checks whether UAC is enabled
Checks system information in the registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Unsigned PE
NTFS ADS
Modifies Internet Explorer settings
Gathers network information
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
cURL User-Agent
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 17:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 17:11
Reported
2024-11-13 17:21
Platform
win10v2004-20241007-en
Max time kernel
538s
Max time network
540s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\Solara\Solara.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\Solara\Solara.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\ProgramData\Solara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\plumbing.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AnimationEditor\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StudioToolbox\AssetConfig\version.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\graphic\CityBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\130.0.2849.80.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\AvatarExperience\AvatarExperienceSkyboxDarkTheme.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Social | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\configs\DateTimeLocaleConfigs\en-gb.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DesignSystem\ButtonY.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Menu\buttonBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\lib\set-immediate.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\PathEditor\Tangent_Handle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\VoiceChat\Misc\MuteAll.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\PlatformContent\pc\textures\water\normal_23.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\TextureViewer\arrowright_black_16.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Menu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Settings\MenuBarAssets\MenuButton.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@colors\colors\examples\safe-string.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\fonts\BuilderSans-ExtraBold.otf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\R15Migrator\Icon_ExpandArrow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\destroy.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\generator\ninja.py | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\avatar\compositing\CompositRightLegBase.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Chat\VRChatBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\InGameMenu\ScrollMiddle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\graphic\Auth\builderman.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Staging | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\content\using-npm\orgs.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\validate-options.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\safer-buffer\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AnimationEditor\fbximportlogo.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Settings\Radial\Alert.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\graphic\gr-bloom-circle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\fonts\NotoSansGeorgian-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StudioUIEditor\icon_rotate6.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\identity\ci.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AnimationEditor\icon_whitetriangle_up.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AnimationEditor\FaceCaptureUI\FlashingDot.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StartPage\Datamodel.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\eventlog_provider.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\postcss-selector-parser\dist\util\stripComments.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\lib\nopt.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\with-owner-sync.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\man\man1\npm-stars.1 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\npmrc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\InspectMenu\gr-item-selector-triangle.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\ours\errors.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-prefix.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\MaterialManager\Delete.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\resources.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge_proxy.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\lib\commands\root.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\verify.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\query-selector-all.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC7BB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57b054.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBFD9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE76A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE9AE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB548.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC7EB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEEDF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57b054.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB4F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB537.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD38.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC019.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE827.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57b058.msi | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\ProgramData\Solara\Solara.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\ProgramData\Solara\Solara.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\notepad.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Windows\system32\notepad.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0 | C:\ProgramData\Solara\Solara.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2437139445-1151884604-3026847218-1000\{5E6F066E-E0C3-43EE-8858-9526546892C6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\system32\notepad.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 329978.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wevtutil.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\notepad.exe | N/A |
| N/A | N/A | C:\ProgramData\Solara\Solara.exe | N/A |
Suspicious use of WriteProcessMemory
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
| HTTP User-Agent header | curl/8.9.1-DEV | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c ipconfig /all
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 2BBF781920661C60E57BBB9A663BF33A
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DD23FECBC028019299DE79EC54E64E06
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C795462FCE7931DF7226DED458DC8C64 E Global\MSI0000
C:\Windows\SysWOW64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 5eb0895109b3453a
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 086d57641a474a20
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
C:\Program Files\nodejs\node.exe
"node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 50b11870125049f6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef5ad46f8,0x7ffef5ad4708,0x7ffef5ad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=1936 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6340 /prefetch:2
C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU9DAA.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQ2N0Y1REEtMjQyNy00QTYyLUFDMjAtOTVGQTdGRUQ1NkYxfSIgdXNlcmlkPSJ7QTI0RDRGNEEtMEQzRC00QTM0LUJEQTUtRUJDQUVBQTBFRDcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNUU5QTFGNS05NzRDLTQ2MDktQjBENS05NkE0NDJCOEM4MUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzE5ODQ3MjkyIiBpbnN0YWxsX3RpbWVfbXM9IjQzNCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8467F5DA-2427-4A62-AC20-95FA7FED56F1}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQ2N0Y1REEtMjQyNy00QTYyLUFDMjAtOTVGQTdGRUQ1NkYxfSIgdXNlcmlkPSJ7QTI0RDRGNEEtMEQzRC00QTM0LUJEQTUtRUJDQUVBQTBFRDcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBQUQ3RUUzRS1FNjczLTRBODMtQUZGMS05QjcxQzRFRjlDMjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MjQyMTcxMDAiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\MicrosoftEdge_X64_130.0.2849.80.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{214209A8-190A-48D3-8770-419B1E61CAB0}\EDGEMITMP_FFF10.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff6dad2d730,0x7ff6dad2d73c,0x7ff6dad2d748
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4940 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQ2N0Y1REEtMjQyNy00QTYyLUFDMjAtOTVGQTdGRUQ1NkYxfSIgdXNlcmlkPSJ7QTI0RDRGNEEtMEQzRC00QTM0LUJEQTUtRUJDQUVBQTBFRDcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNEI1MzBERC1EOUUzLTRDNzYtQkRDQi0xMjJFMTMwRTE1MTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODczNTA1NzE2OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MzUwOTcxMDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDUyODc3MTkwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yN2NiNzI5ZC1mZjk0LTRkMzQtYWFlNC0zMzg1ZmEwOWM0NGM_UDE9MTczMjEyMzE1MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1QMGlDUVFabHklMmZLOFk5NE5XY2tHVUdaYU56dzhrcXZTWnF5M1NXalJIMzRNTUpEdTdoRDduanNZa0xlRSUyZlFaSmVmSnpic0cySjJGR253MmNLS05Ia3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzUwNzY5MjAiIHRvdGFsPSIxNzUwNzY5MjAiIGRvd25sb2FkX3RpbWVfbXM9IjY1MTMwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQ1MzA2NzA5MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0Njc0NDcxNzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDc4NjE3Mjc2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODA4IiBkb3dubG9hZF90aW1lX21zPSI3MTc4MSIgZG93bmxvYWRlZD0iMTc1MDc2OTIwIiB0b3RhbD0iMTc1MDc2OTIwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTExNSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16168729241086727273,13904286826784419950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | 27.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientsettings.roblox.com | udp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.nodejs.org | udp |
| US | 104.20.22.46:443 | www.nodejs.org | tcp |
| US | 8.8.8.8:53 | nodejs.org | udp |
| US | 104.20.23.46:443 | nodejs.org | tcp |
| US | 8.8.8.8:53 | 46.22.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.23.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f4355544.solaraweb-alj.pages.dev | udp |
| US | 172.66.44.59:443 | f4355544.solaraweb-alj.pages.dev | tcp |
| US | 8.8.8.8:53 | 59.44.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 8.8.8.8:53 | 235.3.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:58813 | tcp | |
| N/A | 127.0.0.1:58818 | tcp | |
| N/A | 127.0.0.1:58821 | tcp | |
| N/A | 127.0.0.1:58824 | tcp | |
| N/A | 127.0.0.1:58827 | tcp | |
| N/A | 127.0.0.1:58829 | tcp | |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| N/A | 127.0.0.1:58846 | tcp | |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:58849 | tcp | |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:58852 | tcp | |
| N/A | 127.0.0.1:58855 | tcp | |
| N/A | 127.0.0.1:58858 | tcp | |
| N/A | 127.0.0.1:58860 | tcp | |
| N/A | 127.0.0.1:9912 | tcp | |
| N/A | 127.0.0.1:9912 | tcp | |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| GB | 128.116.119.4:443 | clientsettings.roblox.com | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:58886 | tcp | |
| N/A | 127.0.0.1:58889 | tcp | |
| N/A | 127.0.0.1:58892 | tcp | |
| N/A | 127.0.0.1:58895 | tcp | |
| N/A | 127.0.0.1:58899 | tcp | |
| N/A | 127.0.0.1:58901 | tcp | |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 95.101.143.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:80 | roblox.com | tcp |
| NL | 128.116.21.3:80 | roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.43:443 | static.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 185.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.146:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| FR | 18.245.175.126:443 | arkoselabs.roblox.com | tcp |
| US | 8.8.8.8:53 | 126.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | usermoderation.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| DE | 35.156.245.220:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 35.156.245.220:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 88.221.134.57:443 | tr.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nrt2-128-116-120-3.roblox.com | udp |
| JP | 128.116.120.3:443 | nrt2-128-116-120-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt2-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 220.245.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | t7.rbxcdn.com | udp |
| GB | 88.221.134.8:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 57.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 88.221.134.8:443 | t7.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| FR | 18.245.199.53:443 | sc0aws.rbxcdn.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 151.101.193.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | 53.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt2-128-116-120-3.roblox.com | tcp |
| FR | 18.245.199.53:443 | sc0aws.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 151.101.193.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sjc1-128-116-117-3.roblox.com | udp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| US | 128.116.117.3:443 | sjc1-128-116-117-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 2.19.252.160:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 160.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| FR | 13.249.9.88:443 | clientsettingscdn.roblox.com | tcp |
| N/A | 127.0.0.1:51440 | tcp | |
| N/A | 127.0.0.1:51444 | tcp | |
| N/A | 127.0.0.1:51448 | tcp | |
| N/A | 127.0.0.1:51463 | tcp | |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 88.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 172.169.87.222:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 222.87.169.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getsolara.dev | udp |
| US | 172.67.203.125:443 | getsolara.dev | tcp |
| N/A | 127.0.0.1:51705 | tcp | |
| US | 8.8.8.8:53 | 125.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.19.161:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| N/A | 127.0.0.1:9912 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
Files
memory/4048-0-0x00007FFEFB173000-0x00007FFEFB175000-memory.dmp
memory/4048-1-0x00000136EA7F0000-0x00000136EA8BE000-memory.dmp
memory/4048-2-0x00007FFEFB170000-0x00007FFEFBC31000-memory.dmp
memory/4048-4-0x00000136EE4E0000-0x00000136EE502000-memory.dmp
memory/4048-5-0x00007FFEFB173000-0x00007FFEFB175000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
| MD5 | 0e4e9aa41d24221b29b19ba96c1a64d0 |
| SHA1 | 231ade3d5a586c0eb4441c8dbfe9007dc26b2872 |
| SHA256 | 5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d |
| SHA512 | e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913 |
C:\Windows\Installer\MSIB4F8.tmp
| MD5 | 9fe9b0ecaea0324ad99036a91db03ebb |
| SHA1 | 144068c64ec06fc08eadfcca0a014a44b95bb908 |
| SHA256 | e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9 |
| SHA512 | 906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176 |
memory/4048-28-0x00007FFEFB170000-0x00007FFEFBC31000-memory.dmp
C:\Windows\Installer\MSIB548.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Windows\Installer\MSIBFD9.tmp
| MD5 | 7a86ce1a899262dd3c1df656bff3fb2c |
| SHA1 | 33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541 |
| SHA256 | b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c |
| SHA512 | 421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec |
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
| MD5 | b020de8f88eacc104c21d6e6cacc636d |
| SHA1 | 20b35e641e3a5ea25f012e13d69fab37e3d68d6b |
| SHA256 | 3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706 |
| SHA512 | 4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38 |
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
| MD5 | d2cf52aa43e18fdc87562d4c1303f46a |
| SHA1 | 58fb4a65fffb438630351e7cafd322579817e5e1 |
| SHA256 | 45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0 |
| SHA512 | 54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16 |
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
| MD5 | 7428aa9f83c500c4a434f8848ee23851 |
| SHA1 | 166b3e1c1b7d7cb7b070108876492529f546219f |
| SHA256 | 1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7 |
| SHA512 | c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce |
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
| MD5 | 5ad87d95c13094fa67f25442ff521efd |
| SHA1 | 01f1438a98e1b796e05a74131e6bb9d66c9e8542 |
| SHA256 | 67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec |
| SHA512 | 7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
| MD5 | d7c8fab641cd22d2cd30d2999cc77040 |
| SHA1 | d293601583b1454ad5415260e4378217d569538e |
| SHA256 | 04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be |
| SHA512 | 278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
| MD5 | bc0c0eeede037aa152345ab1f9774e92 |
| SHA1 | 56e0f71900f0ef8294e46757ec14c0c11ed31d4e |
| SHA256 | 7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5 |
| SHA512 | 5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3 |
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
| MD5 | f0bd53316e08991d94586331f9c11d97 |
| SHA1 | f5a7a6dc0da46c3e077764cfb3e928c4a75d383e |
| SHA256 | dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef |
| SHA512 | fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
| MD5 | 072ac9ab0c4667f8f876becedfe10ee0 |
| SHA1 | 0227492dcdc7fb8de1d14f9d3421c333230cf8fe |
| SHA256 | 2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013 |
| SHA512 | f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013 |
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
| MD5 | 2916d8b51a5cc0a350d64389bc07aef6 |
| SHA1 | c9d5ac416c1dd7945651bee712dbed4d158d09e1 |
| SHA256 | 733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04 |
| SHA512 | 508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74 |
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
| MD5 | d116a360376e31950428ed26eae9ffd4 |
| SHA1 | 192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b |
| SHA256 | c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5 |
| SHA512 | 5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a |
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
| MD5 | 1d7c74bcd1904d125f6aff37749dc069 |
| SHA1 | 21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab |
| SHA256 | 24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9 |
| SHA512 | b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778 |
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
| MD5 | e9dc66f98e5f7ff720bf603fff36ebc5 |
| SHA1 | f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b |
| SHA256 | b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79 |
| SHA512 | 8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | 1d51e18a7247f47245b0751f16119498 |
| SHA1 | 78f5d95dd07c0fcee43c6d4feab12d802d194d95 |
| SHA256 | 1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f |
| SHA512 | 1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76 |
C:\Program Files\nodejs\node_etw_provider.man
| MD5 | d3bc164e23e694c644e0b1ce3e3f9910 |
| SHA1 | 1849f8b1326111b5d4d93febc2bafb3856e601bb |
| SHA256 | 1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4 |
| SHA512 | 91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
| MD5 | 35b86e177ab52108bd9fed7425a9e34a |
| SHA1 | 76a1f47a10e3ab829f676838147875d75022c70c |
| SHA256 | afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319 |
| SHA512 | 3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
| MD5 | db7dbbc86e432573e54dedbcc02cb4a1 |
| SHA1 | cff9cfb98cff2d86b35dc680b405e8036bbbda47 |
| SHA256 | 7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9 |
| SHA512 | 8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec |
C:\Config.Msi\e57b057.rbs
| MD5 | 34110515f242ef9e3c901ebe29c80ac7 |
| SHA1 | 785751f2b22b129de5a6a28a7d517bcf7d7c8db1 |
| SHA256 | 361565fd326f1f31902061aa55afbe451414e2ec1f3fe2393519d8ec20e9181b |
| SHA512 | 46138c3666a6336ae47497a84be39bde6d88e69ae7c03045d578893e05f0dac9d470eaa45ed6df25553b7b2a8c72af817607d6fbe38c5e7d4ea691f6542db6d5 |
memory/4048-2383-0x00000136EEE60000-0x00000136EEE6A000-memory.dmp
memory/4048-2385-0x00000136EEEE0000-0x00000136EEEF2000-memory.dmp
C:\ProgramData\Solara\Solara.exe
| MD5 | c6f770cbb24248537558c1f06f7ff855 |
| SHA1 | fdc2aaae292c32a58ea4d9974a31ece26628fdd7 |
| SHA256 | d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b |
| SHA512 | cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a |
memory/2784-2801-0x000001793FAD0000-0x000001793FAF4000-memory.dmp
C:\ProgramData\Solara\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/2784-2803-0x000001795AEB0000-0x000001795B3EC000-memory.dmp
memory/4048-2805-0x00007FFEFB170000-0x00007FFEFBC31000-memory.dmp
memory/2784-2806-0x000001795AB20000-0x000001795ABDA000-memory.dmp
C:\ProgramData\Solara\Newtonsoft.Json.dll
| MD5 | 195ffb7167db3219b217c4fd439eedd6 |
| SHA1 | 1e76e6099570ede620b76ed47cf8d03a936d49f8 |
| SHA256 | e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d |
| SHA512 | 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac |
memory/2784-2808-0x000001795ABE0000-0x000001795AC92000-memory.dmp
C:\ProgramData\Solara\SolaraV3.dll
| MD5 | 22839b454638d2a728e74c80d4f4627f |
| SHA1 | 0cb857dc52cd87add9c8990f7aa7201443cc3016 |
| SHA256 | 3339bc99b0925ede3dbded788e526f74a45b03b2c4e57646d1dc295257410704 |
| SHA512 | 69aebfb4ef4f2def2a01bf6afe67fd0174c791a5eed03c8fa7f86cf102168a4ae64a129dfc8ac992fc1675129b15ada60a84e8997e40a5d04efe25e2abe97f63 |
C:\ProgramData\Solara\Monaco\fileaccess\index.js
| MD5 | 0e709bfb5675ff0531c925b909b58008 |
| SHA1 | 25a8634dd21c082d74a7dead157568b6a8fc9825 |
| SHA256 | ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67 |
| SHA512 | 35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\parseurl\index.js
| MD5 | 3750351b6b1aa7f3e65d5499ea45006e |
| SHA1 | 7f8870a8a8d53bda04d1c61037a348b5ae2f7de8 |
| SHA256 | 811223d4a19492ccc642384dc84f0af4ad935557dfe8f63750d7ffd673e40f17 |
| SHA512 | f50d89b90850793e75919c19024a9f1fd27929628bc9c121d685f73c5472c756c8260f0101269550ee4708d370186472c01ba80a76e9220d1ce763f43725842e |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\parseurl\package.json
| MD5 | 5b1493bd775444f0994d0b1063db1900 |
| SHA1 | 646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66 |
| SHA256 | 98c7b953c844cac7c0be2d5abc6559c6fd3a6075fd159b04c0f1bf46145bfed2 |
| SHA512 | 5be5ba8e172d288fd8f66dd3afcfae75d9f48d7fed3648bc34b4901fcc3f6ecca59ab7d6a73fda298dbad33a372d74c083696e9169e6a6485e7bc4b166fae318 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ee-first\index.js
| MD5 | e7a3f46d4b903c9f8a025cb753b1a538 |
| SHA1 | 6721b521ac3509731d3d0f9b0074908176e1fcc4 |
| SHA256 | 29d3cccddc7148f48715bfc94eb6f7b9f9132a5ecb704b9d4b713de87e7603dd |
| SHA512 | 8e679ea25f82928ed7d55a6e2c08a647c6457d84749155716273ba3b33a030c262dd359a3bbb12465a58e3dc89bcec9c3fb7e9ce64b3ecfbf2b14df49b9dafea |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ee-first\package.json
| MD5 | 3ed21090e07ef5dd57729a77c4291cb9 |
| SHA1 | 7ffe61f87f94a558fabc177cad5c9b90b16481cf |
| SHA256 | a4eece6ff6b38bf7ac107323f381cc60500097a9cbdd473f5d5b45e68822cb89 |
| SHA512 | 54de61c6ab428104f9a559ecd3df7868ab7f1b5c8b85a3f658c8dab13d435bd0766c6b48178a1d5bd083b0829f6461158e303538c7d08761b201b17f7c9940b3 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\on-finished\index.js
| MD5 | b1c3d24b92f25989b8aefc7f6aaa91ba |
| SHA1 | 3f69307bd04cc4dfe71cd13616509f443b48f923 |
| SHA256 | 8e16bae14ec63bac9cdbb50572a7b53061fee914712f5e803ff03c44e8845276 |
| SHA512 | 4225c714bec718d7cc59cd2c91a07a77e41cce3ab52502bf9b5b9ccd7d0ce88c040e0a765e5b2c3576ac8f101dc00fff94f8c7ac7586111a545b228831a11ed0 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\on-finished\package.json
| MD5 | 436846dd0f4348ac2ee93c9c5eb291e4 |
| SHA1 | 777e9cd400b42dee1199eacfb325876caeaff3cc |
| SHA256 | c812eca4b0dee2317cb446124cb27ae8e5b993c8fdd0144886b629ef6ef53fc1 |
| SHA512 | d261e261bc9d2e5a39a50c6b072e6da995764769abdc4f9f3cf219cc2296c0e45ee194c3f4f431a248fd1d46d90745ad0b576d2fcb24e59d9208804b9c1532d7 |
memory/5020-2815-0x0000000180000000-0x0000000181112000-memory.dmp
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\escape-html\index.js
| MD5 | 0c95e46d0f08bd96b93cfbea66888afc |
| SHA1 | dfbb19c79eb0ca7ff2625fb1975a35cf47be378a |
| SHA256 | 42a7f91883d0c5ce9292dda4e017e1f8664d34b09276d89fb6f3859c29d1ca9b |
| SHA512 | fbeb545274e55f0dface8407a563878083e8d2edc16320a31802e7b4c1dbf6d37f20b772c7436cb1810adb524ef86b3378b6b76a35e0967b6cae58340c58d4ad |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\escape-html\package.json
| MD5 | e9c758769fec9883d5ce3d30b8ee1047 |
| SHA1 | f9d3fd64a0196e77965489ce9b81fe4ce3a9ecb1 |
| SHA256 | bd320a3e9d23249f5f7d3ce72f2fa426e28a6b2704bd2b281d0c92806a1f5223 |
| SHA512 | e54bbb849368a53c620b65d0e4a847869dea8fbb767f3559315d9e031c11f23df4ac9d746b7883caf3f693c748e1b9c90f8789519891ed179399341cd49dcae2 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\encodeurl\index.js
| MD5 | b90cf71779f72e14be703a4e494e968c |
| SHA1 | 842f42d9ee581d91ac82a7fa018f61bb3f8ef63a |
| SHA256 | 1d0a4e941c1504dcd9bc6cfbb77f7b44d93e56a29cba6f2ccebd78d501a51c16 |
| SHA512 | 8db5d9a938f397c11c75c77c0cbe6eb609c5d4f81a590f221163fe3291cd0cb2a6286ba8935c8f8cfdabecec9f7e49a5bfa836dc777e936271fbe0daea7414e6 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\encodeurl\package.json
| MD5 | 453a9bb10c91e0ec44f305b14e30ce82 |
| SHA1 | 73c01b81f34a9978b158df2744ef8c45251d6193 |
| SHA256 | 30b1a43843675f42033fd6c77c19b20ad4344844f0bd5526c586081e93a48fe8 |
| SHA512 | d81ee5f2394493a5f93918ecae6581f82ee529fbbd257e0dc10ea68f09c39d0d19e3a6b0e9560eb1250d88a9b1f591d6469f28404410b16b580cbe179e37da0f |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ms\index.js
| MD5 | ae157c9a8e70902576c2d8a06dbcde32 |
| SHA1 | 0d10ee921436fa5ff5988445cc67676219dfffbe |
| SHA256 | 4bd92209cb9dacf3e3773e725acb7aaec43ea9e78540324e4d0f73e5ce9adef7 |
| SHA512 | 4c2f31f1f2a297ab6c55a21d58a5c26cad22c1ed1913e7a48605111d217257ae2d9f26ea889e8610e011ba9b9c487c91ecdb4cea3437534faf905e8fb89ba248 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\ms\package.json
| MD5 | cbd55880a650b56c3d5acddbbdbee9bc |
| SHA1 | 4d354da7ece1c7d5689b8104f3b6f3dcbac7790e |
| SHA256 | 30fbfaa3840b2f63978ad4bcd7ed8dc24d277b818e4755fe93eda8cb1bc8b74c |
| SHA512 | e329a6f6a38dd33bd60334a8dec4a91aa6e7dab28f0893240374ae6a303c12646399d821403e3b80eb51317d1808e6abf30bd91b0bd99951f96815a22ba105c7 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\debug.js
| MD5 | 74bdccf347345d27fe8a4ac3add99c60 |
| SHA1 | a2b8a915c86fc750f56a7137860f19ec1182ee21 |
| SHA256 | d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a |
| SHA512 | c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\node.js
| MD5 | 25807a97fbb1fcc42a013abc7d7768c4 |
| SHA1 | f24d52cbc9144b011def218234ff7b50e7ddcb19 |
| SHA256 | a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0 |
| SHA512 | 8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\src\index.js
| MD5 | dd13897ea2eed92695bb7e4e744a9148 |
| SHA1 | 182314d32e789e4f9c29e3150ae392f1630f171c |
| SHA256 | 9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe |
| SHA512 | 0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\debug\package.json
| MD5 | 71a7656944ffe50cc27ebe02491ae49b |
| SHA1 | 8ebf0f80660d982fc68f00f82855696157e74b10 |
| SHA256 | 6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee |
| SHA512 | 5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\index.js
| MD5 | d50e9637775204f194d629000189f69c |
| SHA1 | 50d1a1725cb273b0a8e30433dabc43d65f55169b |
| SHA256 | 96900b458b12085ea16f228151439d9a7bae6b5d45248e355ad617f4dc213540 |
| SHA512 | 563a8375e3ab7936162a9d209800f8b41c416c1500fe24de817871c3e5489e8faf5a4dcb7fb239f697a8736432356e60ecf1578d0aafc0de80d6e0ae90c34aad |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\finalhandler\package.json
| MD5 | 3d09ac571e0b6eaf8fdb9806118b6d30 |
| SHA1 | eb758bb6a7d3e4f32f0fa2f941265678539e74f1 |
| SHA256 | 243d853d4386c4132508ae9a99e5176b25be7f5cb6967bc1bab241f20e937e72 |
| SHA512 | 0207cf364e3eac974cae61ec68fe3975fd1f1eb6150f51293ce67f62dbb0f27a3d9c193101ef282dcd099fc653ca73cd3c875c18e5e266964038e3334697b5b4 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\application.js
| MD5 | 15cf9c2f48c7ba6583c59d28908e3e27 |
| SHA1 | 19c7718f6a3d0f9dcd4ca692c19718ec29aae092 |
| SHA256 | 5901b32f609ba349351bf7406dbdc0c4c57b77ce6f7215ea67ccca5ac2a28e88 |
| SHA512 | c063277a59b83dffc085116769475ec5cce1c47c167b9bd2246e8bda04f0ebc2773b5f06e3b44fc5ed057e043f6d33e77741f34d15e22542134e3865574a29be |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\index.js
| MD5 | b4d3859e603602c87a45682862055af0 |
| SHA1 | e95cb1c14d70be457eba2ce61b2f4e90a13b21b1 |
| SHA256 | 88564234b9eeb2f0fe2cc5d03f617a97eb4802f126bdd21aa223c3c87c02531c |
| SHA512 | b17bb8c8b652f27d8037ed60f28b0d19a68e77bcc45d1e2be7dd304c942f6e85570e9720011f983fb8783d670eb66c0c3174d5fd90690b2aa79c2b402adcd00a |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\merge-descriptors\package.json
| MD5 | 570e06d8ce0167e07a32ba70fdd56795 |
| SHA1 | 39dc652dfa419d46d6fed0835444c603c57077f8 |
| SHA256 | 45ebe570483c48b6460767fc4a0bb69e4dee4bf4becc645b0e0627172a30a580 |
| SHA512 | 9c8ddf41b3207016935affce00108d87f176a9e473a01f03f1110456397c88ee2fbaf34f9e497e6cbff2b65c4f4c7f254a5129b4c1eaa2b85fbebffb8fe43777 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\index.js
| MD5 | 002a1f3e813cc05d9e3cc011f6601628 |
| SHA1 | 1690c27457637ec234d6b7658f1b96e547a0eb99 |
| SHA256 | 4d587a5662e20a7bb9bfe6555afe5987e1b80303a819b447394f37a93297ee91 |
| SHA512 | ea1ad9bcf09a73a10dd1fd8a66daac12f87725e16ad27e7beff6d9fda937579976cd5d7ed6439c4122b16178c3ffdf410d6c7a54918f94bc98fa7950adf3bd54 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\depd\package.json
| MD5 | 7f0a9d228c79f0ee4b89fc6117f1c687 |
| SHA1 | 3c10082c1464a6f589aa10cda88285e780ebf857 |
| SHA256 | 5a3659bcc2e47b25ebf9f23f38eb9452a58920bfe4b59410bfa6fe84639a3b99 |
| SHA512 | 7bdd7259bcb8d79aa41777f03d3a3f8a29b60c2d25104072edba9febeb813e12ef78d31573637702decddbaa97d8fec263bc413bd27dd660ded17d644458cbc2 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\index.js
| MD5 | b9e991c0e57c4d5adde68a2f4f063bc7 |
| SHA1 | 0cb6b9eb7b310c37e5950bbcaf672943657c94b5 |
| SHA256 | 9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241 |
| SHA512 | 3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\body-parser\package.json
| MD5 | 826bd4315438573ba1a6d88ae2a2aa65 |
| SHA1 | 3e27986a947e7d10488739c9afb75f96b646c4c5 |
| SHA256 | 0fd31ad69fdcf1e2a94530f9db9c93e96709b690393a14711643123f678ee956 |
| SHA512 | 2e98ba8e57cb0950e45d20365d16e86ad94a60cfd4cf103b7d55dae02de677985d37c0f771e16ae0a628cb3b59adce8a9e1742cffc298f18cb7d935d72536e6d |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js
| MD5 | d467bc485eddf6d38278bc6b1dc16389 |
| SHA1 | e233882de62eb095b3cae0b2956e8776e6af3d6a |
| SHA256 | 2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d |
| SHA512 | 2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61 |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js
| MD5 | 866e37a4d9fb8799d5415d32ac413465 |
| SHA1 | 3f41478fdab31acabab8fa1d26126483a141ffb6 |
| SHA256 | 4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140 |
| SHA512 | 766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc |
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json
| MD5 | 3b5b76b70b0a549dce72c5a02756d2a8 |
| SHA1 | 07786baebb5c52882e28a8bd281c9a36d63dd116 |
| SHA256 | bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859 |
| SHA512 | bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3 |
C:\ProgramData\Solara\Monaco\fileaccess\package.json
| MD5 | b9f2ca8a50d6d71642dd920c76a851e5 |
| SHA1 | 8ca43e514f808364d0eb51e7a595e309a77fdfce |
| SHA256 | f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde |
| SHA512 | 81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a |
memory/5020-2817-0x0000000180000000-0x0000000181112000-memory.dmp
memory/5020-2848-0x0000000180000000-0x0000000181112000-memory.dmp
memory/5020-2849-0x0000000180000000-0x0000000181112000-memory.dmp
memory/5020-2851-0x00000149ED9D0000-0x00000149ED9E0000-memory.dmp
memory/5020-2852-0x00000149EF0D0000-0x00000149EF160000-memory.dmp
memory/5020-2853-0x0000000180000000-0x0000000181112000-memory.dmp
memory/5020-2854-0x00000149EE950000-0x00000149EE958000-memory.dmp
memory/5020-2856-0x00000149F2E20000-0x00000149F2E58000-memory.dmp
memory/5020-2857-0x00000149F2DF0000-0x00000149F2DFE000-memory.dmp
memory/5020-2858-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2860-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2859-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2861-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2862-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2864-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2865-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2866-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2867-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2868-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2869-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2870-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2872-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2874-0x0000000180000000-0x0000000181112000-memory.dmp
memory/4212-2875-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-2878-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-2877-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-2879-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-2880-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-2882-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9a4c33de6dbd1f6a8eaa089207612e6 |
| SHA1 | da6e5cff6293478620d28ca67dadbc7c2d72a03f |
| SHA256 | 598929b622a8c965cc99fd138819a3d416e58d573a3a8eeef597063c2670dc67 |
| SHA512 | 0bf0545f582b5b7c0f9267a2f93044458b637b0ec84b1a6f260ce5366ac375c6e1b9f01f9c2bd566d6cfa981db5ee11ed0e4cb1f7cf41d1b7281d352e7ff4e52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/836-2925-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a5a61563d67621b58e8cb7055ee68815 |
| SHA1 | c904690431d8d7e9e1d9257817d3d7e3f0b23ab4 |
| SHA256 | 83db53a9a5595a94b61cf293bac5166e7aee81a2d4fdf781bb6daa0d2d04df3b |
| SHA512 | f7e5930e3b77bd9af9158abc562c730f13ba1af3470f457e0cf09a328b780743ea649a8f7c4c6972f0a2f47ba632225f5d78dadb70c2b2ec9b8b1fd2ed55630a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe6fb26db5087a4286acedcd79d5f9ee |
| SHA1 | dc662f856bb3e97edb2ad040b511cf403b79466a |
| SHA256 | 0c2bbc132ff19325e7ca084211d57c4d435b457aee8d3b16c9413fac3a8eac1b |
| SHA512 | a5ce8b3fbaae80105dee0b3db8bf1987721f9d550f9c353a6d1124693fe43bad0f4602e635fa1158be4b467918cd23910064c8e5eed6544b68ad150b7afdb879 |
memory/836-2940-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-3209-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | f2dcbb1f3153e72e5f9335a4776bb51d |
| SHA1 | fcf76e5002b9aa519906913f3ec493fb7affa3e1 |
| SHA256 | 2be16e2098f1c7f123d123adab5c763061ddd3db74fcdff7e77299267d4bd1bf |
| SHA512 | 0f9510cd8fe090ccc0ea7c60105b56147cb6f11d9726d1775cdf298c8d131f103b6d0cd71502ca1c72646020a067cd2b9e6fb41d18431a57dc86a8a1688b3afb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 213c57c689ba83cab9c3d436d7d5bebc |
| SHA1 | 5213109033c4982b6d6f651f1b2e9d0ee8e126e0 |
| SHA256 | f1214ad6c3b0e0d8c6aaaf70a2a3440b5b301ef2892d0b66ed5191f191b55b3a |
| SHA512 | 203a060a15c0368de2bb93664bf87138adb372ed71c790d0661817c4dfbbd07225445601a4ff67082b105b72d20e5e7956fc8b9dadb857fd137e13ed3329056d |
memory/836-3272-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5efce7ed46265255a48ba142b9dfac2 |
| SHA1 | d55cd03280ef6fb35562f98de4bf57bda6af53dd |
| SHA256 | 6ffca1071f4d6a10a8f9913bf64fca45bc551e7df48452aaa2829cdc203066d7 |
| SHA512 | 95bf4cd8bb2c05e033361683e52ff14f61aa46137ff799e87e6b08efdd93892014b80918bc9fad11bde8899e10784670621c955edacb14398a9dba1ee00b9715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9153ad68b27aecec115257808154e36e |
| SHA1 | 2cb898171bba35ee00ad88be6fa197929b0bd059 |
| SHA256 | 3db1ba22df9c2e38f6ef0d4c85f4c00ae5d11404552732ea7c78b5cd103397a7 |
| SHA512 | e972bc626ee38057cc227ef20c65a71a94570496191c6d865b9ad6b63e75d169467137eb727946732c59f2970119d214e548737126af71cb30878691cdcae8f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c36b7.TMP
| MD5 | 26aa8d68e9e8f444d1a4bc7c16a2670d |
| SHA1 | 414d65ef11dcac00c624150e49fa2435d9153ace |
| SHA256 | dbaaf84311706ae23e324546e82357666aa134872d3a316d93c7036209b0eb2e |
| SHA512 | 67ecf4cc698f7fa90eb7eccfcf61f3a751d143f44ae4c8c18a3126d944a10f009a1eefacf811ce53c0807341a6c7709dc856eaf652b2ac1898100ff6718a7590 |
memory/836-3291-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f5ac6a5fd06de83b075da1e350b433a |
| SHA1 | 34064aa2a0f7831192b0466616276d1f2cf51c6b |
| SHA256 | aae2e4a6ac8e4e10846032f5fe8694dae9f27ecf91dd02000bd5217736f77c9d |
| SHA512 | 3043e0cf3a105d9234b6591231a2db4eda4618b6431e16585b3612cd01d70b9f9128c0fbbcf7b0198123bc73167ab363093570ea7a7204a95f43ad6a63b3e9b0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/836-3332-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cd22c36a10cc7bc6336b731f4a98377 |
| SHA1 | addc07f2d3caa20dd9221796aa68035062137235 |
| SHA256 | ea00a2642bfaadfbcdc2fa5f6adc77276789731472ba180d0451d23b2e428a57 |
| SHA512 | d2e49671aafcea9fbe52b6ed92a4445b976bd0d59fcf2b1eba463c35962ab816126029d07d311a29cd0438c00e8d7750c42feed2c71f1de2d8b7deb2c1443d58 |
memory/836-3368-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6bbdd39a8aeb2f4fbb4b5e60f6236eb |
| SHA1 | 2fe472c5163260a01919fa5a34a301fd010bb144 |
| SHA256 | 59ceec8862643bf51656980b92238ba4874acc759814e02c6c9d1318f01e2e49 |
| SHA512 | 992647c14495717a593db969f10cd6302cc220593c3bbfeca0ac8cdb280258b4f0090863da42d85128bc4f529199f15c5d1370fd178a6e5e8bbd226ede24caa3 |
memory/836-3726-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f71496947f40dd4693a19e5b35ca59e3 |
| SHA1 | 40d5ce9e8319c3560d701151a1e071208de123ef |
| SHA256 | 27a39793d052031382711312149ade03ea748fa81cb14857b3e7d45a8a19fcf5 |
| SHA512 | 8ef1d6a9f0bd172e7290894b7220c5da845942174eb7c028f02f46da3047e4be3ad84356a9e5d667cfc99b62b51d33961476dd57cf14f84c2ebf204bdb972c4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 20b2d9d98809b71d827e2313cb69a8da |
| SHA1 | 2670f79d1fa23873a48edf6ea782a0cec79249a9 |
| SHA256 | 6685e53f77f4a8856a75cfee9256a1d526f6c81d534ee76b8acfc5b83078931b |
| SHA512 | 569993a86f66e9fbb6fa8b0a41168dd441075d551d2e3e707e0677aeb391c1cf72d816cce17cd043b3793bdde4f1d0bfef2cb465661064db6a173fba16ecfa75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5cc710.TMP
| MD5 | d6efcb3bff0887630ff86bbe1fcccca9 |
| SHA1 | 50567e5b306b67870a0c353942757bb8381e1bf8 |
| SHA256 | a53daada6dcb7558a6fec6ef05477bf671b12404828a720c93a50818bd9337c9 |
| SHA512 | e6878b60503659d65f2c46630c98bccbe57f2a01668158b19a00b95b70489a5c7b6ab50020247e43ec45cf17b9fae22a017a54a957fec810d66d828776985bbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9107350-def0-4c71-bb46-353e52379bbd.tmp
| MD5 | 31c491df8bbf73649a8ffd94dde60e9e |
| SHA1 | 4781a5f9b65a7bca3bff72b7e836633b6a6157d9 |
| SHA256 | 8705b7a9fefd0f1a9466c5ec8df857f579caad207b609be5e5df1904d620fadc |
| SHA512 | ceb52130060d4c603bedf35abcafd59c4c484e09fbb0f23ab0db919cf110b4d2726578ed82ea041dd0010acb716d438701aa9092a5f8eb562732732edf2c03ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 74f752ced0b902d52b72134b3450cbcb |
| SHA1 | 860ac667267a263c07a98b84de2627eba371ebef |
| SHA256 | 05478ce604907f1243fae143c11ee499ba8fd6e643f88b15b5f1f9d240ad08eb |
| SHA512 | b16041aa044b32ac0b5658c8b740e0ca030f2b7041562473cc4770bb342399d8b6c2d64342d1b72aa78f6ca76a9586840a8274e98abed75a52bab4ab802e7661 |
memory/836-3853-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d881d141b761f26149747f7293f29ebd |
| SHA1 | bf4df6b1a9cecb6e1b5f8530c3e962eda3eee246 |
| SHA256 | 7700b548aca663ccce74882e523d44777907683e397c8f4ccf22933e99821df2 |
| SHA512 | e342631c6bb783206e3bbfa0b3dd6d4b5e6814510df797b55960981bba78d576cbb38e40ebe7295e6c2df1f3d59eb0da6e7099a62116dccb16836826c1ce9057 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | bec5b2ed531be81f1a1b0c8f10637a7f |
| SHA1 | 2855fd304e54961e9f379f478ceeaf6db98171c6 |
| SHA256 | 81e9a380b64b405f20243948e5861d4588fb19e6b2382675cb423decb5f7df31 |
| SHA512 | 5a497eb230fbcd798f4378593ba690a245c185ab40713eb74004070d692687b8730a158386bd4bc494129cee5b216316093220663a8df67a51fa3cfe57b0765a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a979e7ee64b23015d2b19da4ef704d77 |
| SHA1 | 6f19a49a98738f37c9a85592df7c3b97f03ec255 |
| SHA256 | 32011e788732d9e64841dc46c9de152f22282d0be226eac0753a586720a24d97 |
| SHA512 | 3aec2573554f5f552dd496d14f22967683fddec9ef24f8dea136b16453be45816f86613419862e59361c953ff3d157b844e7f30deec72b3e77b73fd3d2c3d9de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 86c80ec4ccfa01a96cf1f617f9d77629 |
| SHA1 | 349b6fe8afa5a4b0742ad3dffdd841af8733c850 |
| SHA256 | 138ee1385335e7771ba62e1551de6ea4a9b11f92dbadb8058c419438cdb3164e |
| SHA512 | ac6eb2650e5eba4dd6b96cd6f376017f08c2517b9a9901198b8dfb74e1a72608ba5ebdff89279d39f4cf3800eb23d7296bbd79d319f2db3961a6c5b706a37157 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb
| MD5 | cbd4452d0891ae0929d8e4078c21fe64 |
| SHA1 | 14bc16c9fd64a9d86e67ead1fe1d671180fdb812 |
| SHA256 | c77d9a9c7bd1c8b5a5f8448736789c2b44370815e45a0255ce718df22f5f861b |
| SHA512 | fca5def42a9aa8a3ee31e8fd4e48d06abb7c0c2e691d39ea7a7da14a9b271df97b473914bbbb17f81b3a17791de530c34e65f9ef74e7cbc85cb1f64a0acde3de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
memory/836-4206-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a79f67ed4d810b16257d2db155e837da |
| SHA1 | 6d1ed0c431db588f1acd27cf53f341c69e0b9f58 |
| SHA256 | 9eb8003c10c88759e51214f8b67f71fbb1700289548dac2b5d80bfffb9971e4e |
| SHA512 | f21b53b52183dae046ea1bd17d02a19a1f302fcd4de0f08f6b326601d0f4abbdf035ae4187b19a9b6751e7fdde48edc834e0fc254eed417a6948144bf3995bc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30a8b39643e376041b31df8621167b94 |
| SHA1 | a22f75f795be0d9b3d78d948c5b9dfb589676310 |
| SHA256 | 5510fa093bb3a058183005136d6ba4dc19f3ffff49ae257b2b67a9fac589d90c |
| SHA512 | 9b45e99400a00ff1cf63e4996dadd2f80991cde1ef27f0de718c19c0ab4e33a5e711abb72d581069749a53aca0cbe6144413ae7dc8175361db3f44e35414b915 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 4e77d546aefad52e3f62ea9e5d1dae4d |
| SHA1 | 6d767d32d61d5de523d8dfc9fce21a5ae782ebea |
| SHA256 | 34404d4664f48ae5a17ec434e2ccaeabdd7a6d50c19bf5a288585382276851cc |
| SHA512 | 7892e26061a8028a109924d50fa1b34f9aa7451ef5d807d30bba01ccf5c92687581323f55d46edf169abf3f8fb231d6900ae438565c30535ace9214b78f55838 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | cfcda110e511737b7cf9e85c2b2ed4d3 |
| SHA1 | 20959a34bc87aa3ef4b68ef30930e5208526090d |
| SHA256 | 6d0fc15e06399ad5dfcb8966c72dd7f517bcb0add67852c4c9f15ab70c0b839c |
| SHA512 | b6df93fbc5fab16161d0cea0ad672b128af892da8a5cd7b0e34a0abe9e70d6fff411e55b5a230772afe500eb07a07ab3d98ec387766fe11b778078b1dc731001 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 98558221ee30bfafb1cbe1b9b8c65adc |
| SHA1 | b8fd11706692b0d1091959b2b1f28b035e9628c1 |
| SHA256 | 9d5c2e4eada553a8eb20b57b8b677766e4e3707cc1cbb2f7358714056d1bb048 |
| SHA512 | c3d276bb2fd3fe842fa099bb654dead6342f5a1c93070dce2a8886f8c072830d944b1b1aa816725c6777c3a28ebc4d5d2d2b45d10b5b0331d7cc3f4e9aec8503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 1d91dc01433ed6a7351e18ab797c6221 |
| SHA1 | 88cd0207766ee67589a0762349d22fd509d02847 |
| SHA256 | e54f9340e0aa7ffa7f1db9aa2bf837c3e4f6727e86d734a7b9f36123647d4cde |
| SHA512 | 1800bc2b643a49feee737423011049a5e2de878a8a434735c5291873aa0b5ce23443a28f264b7dd9a174e5435bbbe463a3c770f1cd703411481d14598021763f |
memory/836-4257-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7f0e602000553f3502541b6eb6fac49 |
| SHA1 | 38aeb1802da23665af6a9f71d06887e5ef5bacbb |
| SHA256 | 346577005555b6eddf75be6b7bcc863d7afddde06f4e689222250abfd982e937 |
| SHA512 | 51a7bf1f3b40c2f2b8521409f5c4b3ca9d679cff8e987a45d46cc215bce67a86a11e54c91ad0f5a6dbfb0bec85aaee69cdb71471e73bf8857584b6f2102d3230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4b20fe1-b26a-429d-bdf2-48396bc1ab49.tmp
| MD5 | e3c5ec15fa7b93b3c35e9e3990e1fbb3 |
| SHA1 | e051c87fce2ff1bf5ae27f2d1280673db7788b4a |
| SHA256 | 0eea3e03c2a40abd9c25d8d4824b79e8c0e42eabd0f407d1326ad972f701b946 |
| SHA512 | 7aece9ad319631adabd090c80b1072ca1a0c8501a7d1e9b491fff0685ad86af9928fbddaf44a2f9d63ffbba23c0e7123fc83f25c5faeb100734a056b3e9bb331 |
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
| MD5 | da5705f4ae30d837139cb7380d941e1b |
| SHA1 | 08ae6cb9b2703df17b2bf554586a36f4b73502a6 |
| SHA256 | 9f205a55a45a2a45d2ebb98afb21499b191a4b2e26f4311568d0337b32faa1ca |
| SHA512 | f3042947d05222aff5facc14ac6123380d502435e98608dc6d053848997cdd0fb22b121a381e67df893c15ae14ed836a58fca5898540ea5dfb0a0da32ed8dbef |
memory/836-4322-0x0000000180000000-0x0000000181112000-memory.dmp
memory/1524-4323-0x0000000006FF0000-0x0000000007030000-memory.dmp
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | b68e7f7ae52ef8e962723c7ddda4f75d |
| SHA1 | 686bdf2057cdd7b16877fb5eec0aff150fa074d0 |
| SHA256 | d779b2acc52b4b3e72c1461dbc7e950f0b650e924b3799db425942f64624e94d |
| SHA512 | cb0ecf531c95d657019b0188e648520b36b8386516d2e640239d99972ae44439d21ec6fcbe7902fc59c6f65db3571db0944e48f2207a442f3be5d10c9655bbb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e405bd1caa318af459125d43c646c369 |
| SHA1 | 4dbbdd1404dc7f652e0ba141d61c41c6c4d5a1d7 |
| SHA256 | daad42a815eaae520b5fd58cb26ec2999ae901d1858d10c3de3da40f37872815 |
| SHA512 | 6350e9236c3f6c97a0e4b616973247185c1c2baec7695623f762049582d22400599363c814b42df5541ef3023a8161f31f4de6628cea99d1b3d9ed416988dd45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b2c07bad073d22d9325f03f556d4e55 |
| SHA1 | 16863883408ae2be3840317450184f963cd2c381 |
| SHA256 | c9c68d90523c91ed44cd9e633f415b24d321f65e3b844dae3bb5c77703b8015d |
| SHA512 | 3c32986f4fabd8c41c81a19f22b1d52692dfb1841bf1ba468d3406bfb0a1e8c356e76a872e84ebe7938ee8c52a25e80a788ca922c2f0037fc61119bb79e1ff80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4780117c1262ebb670090ed71b8e0644 |
| SHA1 | 94ef91c7d38f9446f3476feedf980fbbb3fc02f6 |
| SHA256 | 09ad6fdb1822a751bc55e4875ee11438c21d6cec50de125faf0599a271490e46 |
| SHA512 | f84e13d6418044b20cb85228567262ceb2e128806c00444a95e48e1a08b8af155d4dd8ae498191f6ff9ab96efa60fa9aad22ba3f6e5908a5b252b2dbe90cd5b4 |
memory/836-4412-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\7f3632afdee7118812dd116069729b41
| MD5 | 7f3632afdee7118812dd116069729b41 |
| SHA1 | ed116033aff765c3eb24c3059aff6c6fb0be0c0c |
| SHA256 | 6c98e86a6d732761ef8b8b2df2646f55190657e02201ec8ab8b9137345154c5a |
| SHA512 | 44948874e9d243c234882ab1db269fd729f57ad5fb36a3b22428e0d78a9fe5a05366ed2eb97d0331caa0ef1b622528130344016e13f809b266dc1bdc10ebf9ed |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 363e89cd20ba836dee9cb9d8108b18ae |
| SHA1 | 9ba7fd824dd925e0b06334f3d09dcf106d74b619 |
| SHA256 | 3b5905fdcf734b3e44b8e1822f72a60542adc685ecc090af4a9a2fad9e0331c6 |
| SHA512 | 743941f8adc1b7cd17cd66c5f8e865ad6f558123b5ab179a68ae1fb9885b8af46c40c4a23c8a5901f9143844a688ca8d0b7496231a49f90de560bf5adb79f5f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ddff166110f7c83a05ea217f87bf66a0 |
| SHA1 | de2590d7a9156a2a0f348893cad5b11a62b50eff |
| SHA256 | ed51df5cf335e0ea9d75a473391e38df794e7ec7075e5934447f30c3fdc6c92b |
| SHA512 | e05e98509ae6238bed1e1ec8d90d9e831deddec40adabddbcdfc575943c588eba58a731713e0dad0d7f18a9af568a932feeb29aaccded4937a123e081f978f32 |
memory/836-4564-0x0000000180000000-0x0000000181112000-memory.dmp
memory/1500-4568-0x00000000738C0000-0x0000000073AD0000-memory.dmp
memory/1500-4567-0x00000000003A0000-0x00000000003D5000-memory.dmp
memory/836-4569-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3768d32261085819320776130c724b00 |
| SHA1 | 49f2aa4234aaa3b1dd93a3f29bbebf5a0a84e6e5 |
| SHA256 | bc49ee180d7c4a08f086c069d9242a269f818d48cc7a49970cbf62fddb78428d |
| SHA512 | e4978db4b288c3b05afaddd1efe547a251cf78e37916f5979f6852f18f2cd4798eae2d43c0e7bf43e27eca2391b334cf39036fe3f8aebec86f9a3e7f6a1c3a34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4d4469c1e712cbfb9f5d80353f800dbb |
| SHA1 | 3a187210886788f2182efe8d621a8c618d95b71f |
| SHA256 | 8ea98fe6d247ba3b59a1490aef64bce665659226770b3da7e075cbcd9dbf6c30 |
| SHA512 | 74481f75b38f0a92568f2ff9c2c3de3894aa857f2b46f62f7f1b2460872c8277d5b1ec3523b42eb95ffb7d6cd3f049fb7ccb020c504243969ae2077b03623c68 |
memory/836-4590-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-4594-0x0000000180000000-0x0000000181112000-memory.dmp
memory/1500-4596-0x00000000738C0000-0x0000000073AD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b524b31ec0422b8a8687c2ccf00239a |
| SHA1 | de399e5cb605092875e3b44b002a26e2f808eb3f |
| SHA256 | 1c396b6c8abcecf7f60fd21872752747ca022c176689c6b3dbaea0fed291aa83 |
| SHA512 | 81d06cba372a288f859f7f3a4e4e7ab0748253cbded80eccd63a9e4cc6dfeb18ff45e5676b8f33941f38b0f4b33303e5d3ea9db98d2886abbd522509f86fc544 |
memory/836-4607-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-4610-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ea602d094538946e0a361d02bb9298f |
| SHA1 | fae7086702d5348373b7b7d3ebd9c6468aba4560 |
| SHA256 | 27ef5484a8f6101ddfdaee6f62307e01bee9b84b4d0274d88d30f166de4de89b |
| SHA512 | 1f1dd3e2e7de4896ae9e8d0888d1fdf900431d3c2b788bbb071f5c0fc9a9d9776488e948b3ec58fbd192f3f1cfd18a9eb6910fa987f4f4ada6ce5bdf960b6901 |
memory/836-4624-0x0000000180000000-0x0000000181112000-memory.dmp
memory/836-4628-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 731e6a73ce09e426af60e03f6fce0ed9 |
| SHA1 | 0b7a8fc1d8816873ac340ce4c5937e0821691bce |
| SHA256 | 7b5e932544756be9fefa88860f95ffc2b4c5727dab04d4cab5e58c46e33ccba8 |
| SHA512 | b04a5852d04bf7027204e3c57652f87319ac3cf2d18d54a2eeba60f4d97bb6e3431fa6f95dfc3c8c6c781da143d8853c5d887214c2e11db7f5abc1835706e910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38b1547a759e14da2d6c1c2d1d7cda93 |
| SHA1 | bceaed85da44646620e9a4282c5f69f785cb2150 |
| SHA256 | 60598a1f00faedb6656221f7a70cbddff431b6601831204b73a40922ca471bd2 |
| SHA512 | 6aaff0029511adcbc379812ad64c206a6fdb297b798858980abe98261839e1d57ed923d4acec7f7ff263f03063d99b291d04042d5c43ed116d47ecf81a2e5925 |
memory/836-4660-0x0000000180000000-0x0000000181112000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe
| MD5 | b621cf9d3506d2cd18dc516d9570cd9c |
| SHA1 | f90ed12727015e78f07692cbcd9e3c0999a03c3a |
| SHA256 | 64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6 |
| SHA512 | 167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 89e5aab3d8e02eae7f01ccf16dc001b7 |
| SHA1 | 1408e502100037c86dc93c701e491947a6ad662a |
| SHA256 | f0fc4564502a0d42ab3878355da36124f901a75aaca4d0a68e341defa94667e8 |
| SHA512 | 79128a0481b9d898efe13a55b424a705662504f366d88780ce276a0e2dddd45e30ee66a96f00a59150e37805e24f1fe7e5cc9e94ab378efd65f1c41348cfae5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c944beb4f47f84c81b17290114efdbc1 |
| SHA1 | 14e42492b12b6acb0b9c2323e596220014ee1ce8 |
| SHA256 | be5a45f4f4b9e4b785786c64f5dc99ef58c4a6d566811e0b03898d7e0aa080d5 |
| SHA512 | 69c432648a874316524e2c1cb13af0981e2f5cd52765330823f14703a44569852b8b34f231e8abd7ceb0bf1988a34c7d869e18f19bb8fe537e7d8c0b3972d2f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f542a2897675341d839bd6eb68a7b721 |
| SHA1 | 0081e97b686a59a7640aa86c7c101a2273b6a8f0 |
| SHA256 | e9a0a698e0daaf89481b94a54fa7708e1830901b3eee34171d0fe1ab734a937d |
| SHA512 | 916381f31afa21f1e53b7559d6bd0d32f2a32998d14e2ce25c66b37157e154701e3c866648fac9e14e361f431d2dbe8e1a9747bbdc04c97aab4ce067cd548db4 |