0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virus.exe
Size

12KB
MD5

06f13f50c4580846567a644eb03a11f2
SHA1

39ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA256

0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512

f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
SSDEEP

192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe
Downloads MZ/PE file

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Executes dropped EXE 2 IoCs

Processes:

XcHvYYrNa.exeRobloxPlayerInstaller.exe

pid process

4772 XcHvYYrNa.exe
3384 RobloxPlayerInstaller.exe
Loads dropped DLL 5 IoCs

Processes:

XcHvYYrNa.exe

pid process

4772 XcHvYYrNa.exe
4772 XcHvYYrNa.exe
4772 XcHvYYrNa.exe
4772 XcHvYYrNa.exe
4772 XcHvYYrNa.exe

pid	process
4772	XcHvYYrNa.exe
3384	RobloxPlayerInstaller.exe

pid	process
4772	XcHvYYrNa.exe
4772	XcHvYYrNa.exe
4772	XcHvYYrNa.exe
4772	XcHvYYrNa.exe
4772	XcHvYYrNa.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll	themida
behavioral1/memory/4772-1912-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-2051-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-2109-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-2444-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida
behavioral1/memory/4772-3678-0x0000000180000000-0x0000000180ACA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

XcHvYYrNa.exeRobloxPlayerInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

27 raw.githubusercontent.com
32 raw.githubusercontent.com
1 raw.githubusercontent.com
3 raw.githubusercontent.com
4 raw.githubusercontent.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

4772 XcHvYYrNa.exe

flow	ioc
27	raw.githubusercontent.com
32	raw.githubusercontent.com
1	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com

pid	process
4772	XcHvYYrNa.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\compositing\CompositExtraSlot2.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\sounds\action_falling.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\sky\indoor512_rt.tex	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\configs\DateTimeLocaleConfigs\en-nz.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\PermanentMarker.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\models\AssetImporter\bonePreviewMesh.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\models\ViewSelector\Axis.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\places\Mobile.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\compositing\CompositExtraSlot3.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\compositing\R15CompositTorsoBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\characterR15.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Guru-Regular.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\plastic\diffuse.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\configs\DateTimeLocaleConfigs\fr-ca.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\DenkOne-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\Creepster.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelistMock.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headA.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headM.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\configs\DateTimeLocaleConfigs\en-au.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\scripts\humanoidRunFamilyWithDiagonals.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\SourceSansPro-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\SpecialElite-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\GothamSSm.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\RomanAntique.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\Sarpanch.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headB.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\BuilderSans-Bold.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\models\Thumbnails\Mannequins\R6.rbxmx	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\plastic\normaldetail.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\sky\indoor512_ft.tex	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\configs\DateTimeLocaleConfigs\fr-fr.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\scripts\RobloxCharacterPackages-0.0.1.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\unification\AdapterReference.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\defaultDynamicHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\LuckiestGuy-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\models\ViewSelector\Corner.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ssl\cacert.pem	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headF.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\head.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headD.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\BuilderSans-Medium.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Creepster-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\GothamSSm-Medium.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\NotoSansThaiUI-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\Arial.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\defaultShirt.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\IndieFlower.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\meshes\rightleg.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Ubuntu-Italic.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Ubuntu-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\LegacyArial.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\sounds\action_jump_land.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\sounds\ouch.ogg	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\sky\cloudsfb.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headJ.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headE.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\arialbd.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Fondamento-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\NotoSansKhmerUI-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\compositing\CompositExtraSlot1.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Arimo-Regular.ttf	RobloxPlayerInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exechrome.exeRobloxPlayerInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerInstaller.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608740643109146"	chrome.exe

Modifies registry class 11 IoCs

Processes:

RobloxPlayerInstaller.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-c5a2369e0d774f91"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{B4042FAC-A64E-4EBD-9FD6-AAC7A35BD7A2}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exeXcHvYYrNa.exechrome.exemsedgewebview2.exeRobloxPlayerInstaller.exe

pid	process
328	msedgewebview2.exe
328	msedgewebview2.exe
4792	msedgewebview2.exe
4792	msedgewebview2.exe
4772	XcHvYYrNa.exe
4772	XcHvYYrNa.exe
3452	chrome.exe
3452	chrome.exe
5268	msedgewebview2.exe
5268	msedgewebview2.exe
5268	msedgewebview2.exe
5268	msedgewebview2.exe
3384	RobloxPlayerInstaller.exe
3384	RobloxPlayerInstaller.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedgewebview2.exechrome.exe

pid	process
2264	msedgewebview2.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

virus.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	948	virus.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe
Token: SeCreatePagefilePrivilege	3452	chrome.exe
Token: SeShutdownPrivilege	3452	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedgewebview2.exechrome.exe

pid	process
2264	msedgewebview2.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe
3452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

virus.exeXcHvYYrNa.exemsedgewebview2.exe

description	pid	process	target process
PID 948 wrote to memory of 4772	948	virus.exe	XcHvYYrNa.exe
PID 948 wrote to memory of 4772	948	virus.exe	XcHvYYrNa.exe
PID 4772 wrote to memory of 2264	4772	XcHvYYrNa.exe	msedgewebview2.exe
PID 4772 wrote to memory of 2264	4772	XcHvYYrNa.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2064	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2064	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2280	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 328	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 328	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe
PID 2264 wrote to memory of 2696	2264	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\virus.exe
"C:\Users\Admin\AppData\Local\Temp\virus.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:948

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe"
2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4772

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4772.4720.2607866426463653095
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2264

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffdf0123cb8,0x7ffdf0123cc8,0x7ffdf0123cd8
4⤵
PID:2064

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
4⤵
PID:2280

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2228 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:328

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2480 /prefetch:8
4⤵
PID:2696

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
4⤵
PID:4376

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4584 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4980 /prefetch:8
4⤵
PID:5392

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5004 /prefetch:8
4⤵
PID:872

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,15737915039714151677,16889083030469099055,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4948 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffde441ab58,0x7ffde441ab68,0x7ffde441ab78
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:2
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3792 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4564 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4228 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:5832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4856 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:5152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3256 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:5256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1588 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3428 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5544 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:5660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=868 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:1
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2540 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
- NTFS ADS
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5744 --field-trial-handle=1792,i,4039062824421679463,17659884939684263565,131072 /prefetch:8
2⤵
PID:564

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3384

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3480

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
Filesize
5.3MB

MD5
0469bb703f1233c733ba4e8cb45afda2

SHA1
a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f

SHA256
00314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0

SHA512
342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
87KB

MD5
3944ec974f9d57012447b02314e03231

SHA1
125677c1232fc7c771ad1ad7348820c252b87217

SHA256
fb9a3ce419e5466534c7338eabf1d80a9b05ef20cb76ccd429100c29b0a59be1

SHA512
4f4c97210e00d7ccf2f13f54572c15f8ae2a310e5c64a9ed8e3ea9fe2c54833f5745212e2f65e07da551ccb6981e7e0d19becd672485ee77499c271a5f9503b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
49KB

MD5
20980bab135f476d48a3f69148762f28

SHA1
75394cf4059ccf01a554278c554a5610dcb9b73e

SHA256
e4219e58333dbb133997b1fa9b51e906b464190beb8d206f0f39f1db909f95f4

SHA512
ab291427fb1da8b8e6b47018d18de6b9267bceec59fea507cae5c43203e4099530e3a17a12d6840a231f9f5b3539dcf5a480573d61ddea14450dd48ba4caaf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
8a78871c2a7525bd0ac46894f181f89c

SHA1
295769a6f5b34248c3848df1add502a43cf3dc76

SHA256
a4e457aaa2ca5de867d14da8e2880695c4ad0c392e35dbe1a9fbabad155832a4

SHA512
d8335cc1ea38aab79cefeaa25fbbadcebd623545c4dd2574e4fb1b96fde893dd726f7b1fc6beeaeb7bda092ee4528a78e3b82cfb71669a4bea3d9a81d8402b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f5be5a438df9dff5d41fbb9f36c717ad

SHA1
27c97e3a730852132ba89782c9dc2ea554d5f8bf

SHA256
192117c1c9c1be4a18229f9ae7503336cdfc4d8bd5d814605c8757b1da3cb07e

SHA512
645ce9c072bd6a5bf60b4bdb57ad76bd3c780503294d89789efa9a64ddaa23f6707348979fb01df26e8ae136c8f2c5e57132a6d9c997350d60eb76f2f5fd85b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
387B

MD5
5e31728e100e45b09a257ec3837fe082

SHA1
ce517e3d38b70b3bba4ebe19fe3345e19fbfe5d4

SHA256
9d6fbb11bed7fd66d30fa1e2b8d83a32d3000284a7e2ddb2521c5c7db982e7bc

SHA512
1f6be8fa5d782d9ee8372ecf3da42bbbcabb3d2dbd52049c30a86a1189df461a2e2c176eff04c10a48cfebfb3cd8a702508ff300c4ac500dfb468c66b0ba50c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
387B

MD5
72777ef6b9a917c5ea04f9de6a6e7a8e

SHA1
9db7ec113482c7b992bbb61494b33efb7530ef53

SHA256
9a49b3328e32857a9e73e3dd7648eabdaf00e96e564f47358d5f531c5a82edc5

SHA512
4aa97615402728ce97cde4fa1b3794434c8a6a978e87750606a1b977fd4127b8b1a79ce6df93a278e29d9738b277335b9c0bdaafaa96edb764db2aad4eea353f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe590313.TMP
Filesize
347B

MD5
485e7c60202c09d5c5eabba13afc50cd

SHA1
fb483b9bb0bf10fa5cd4c76264c27df353476f12

SHA256
fb0b76d6f2979861e9912ce936578006135f29dceca9ac93c8fcb5a204a58bd4

SHA512
42768bff2c8df2e254e4e34cc9dcd37733408c8c0413b27ca4b74abeac4b7d705a46cdb4154cce554afb62cb0bda562d727eecf36309dd673e1dac9b91594379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8552b14c-ff03-4264-a56d-34f6dc06ce0f.tmp
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
55b501d57ec348a04279da3293c9930d

SHA1
1e0a6cca74f9eaa2147a957f6e0157f65dcc0c00

SHA256
67839cc486a6668f1fc7a11992983e480a59ddefdce8478ae293854c9785b6ef

SHA512
87eab3d5ce7dd719a4c34104e6a7a45d17a443363c3b75bbbdd616d3595135a3647621e64fe33bb428a8b0d6c5da776035f3cb2e1837e3be498986be620ddffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
a6230117e9f74b83747d498091796340

SHA1
3fbf8d48cab193f0a086c072b90a0bc3bbbb489a

SHA256
01ed99119badf91bc865b68f5eb2837ee7c0ae1e91cd64573b2939a12bc97198

SHA512
081f98379bf048a60b915f9b4d3cff51aa80e3326f42af583808fbfb49e952d04465725ef69767acfdb59bbd615b28a4e086676ad12f4e8c9868e9ef40d29dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ecdcd66b82dd5e0065bf1a60525d4709

SHA1
55d0d7424925cb1e65a3e6d79836739bc419c367

SHA256
32ba8a20e55709a9f290d78dadfafa7109a9e6f6bd0c9784dfbb3819d4b7ed0a

SHA512
563d3ff111da885bd292123124f5fa85912826b5ae109d6311531c81d484ed39883cbdb1730c0e9392da98068331f319b5c208e5c803659a66bc4af29432401d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dd99463dac0121fc0285ba3681a29da0

SHA1
0d2944553a77c2cc9adeb6461021275d3a762e6f

SHA256
58976d3b3c1d1fbc03193d6565156a74c32ffdb04244abe58b938041a4f86160

SHA512
bb42832350348b982b0a1a14010fe880fef7f62b070447e991cacebec3473965cab27e0a3dec0816c7fdf65b5d80e078ea3a089822f18b5d529e02701d94c6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
ab1e825999f26d3ed21328a24380c616

SHA1
54eb6099a787f7704cfba9524887045cd8330ef8

SHA256
5fe4a0e6570647a41adbfe8d8a4f9f86c9c43dd5c91f0a1d387393b38dea4747

SHA512
526cd92976f9779023f388ae993da8f0b2b8a0a1c2a5fa4f78b8b17316bd9fcc257114c7eee0d74e2872118152dacd272849f10336c91c1b5ecba3fd49aa5efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
76e0cd327c40915727afaa27baef9420

SHA1
1a5c516ac1fc0f4b90d2c27273ba07596e8f7035

SHA256
b0a542d00a841af00979271cf8650d6907c2e308a303d9e8d99de9c5a60a6d28

SHA512
eaec38b1d810afe7cbbf5fb48c5675d04c2cdd28d1b9ac5c564eace4d0a487b2db24b7f4a85b8e2ea15f278c8fdc48e53d36321c1886738b3eeeafd82faabf40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
793099fa34eef5d6b31bd396b587ddf4

SHA1
e1656a8adb27ec786daf44d06ddb5cc5a097e98f

SHA256
1d3894772fb5c2e8152dc60dd7bf99408e9a4cf63a008543537045894b231e2c

SHA512
6fed7469c8cb845bc164189f01d5c59783007d97112fd333212830f68357af44be5dd4843a9b4c04b47a32dbd748fe0bc5a832be0d389654085460139700fada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
5f3da96624fce84049df381d99182c95

SHA1
83e8f5454c0fd49e3d31d77ab155cad0e97e927a

SHA256
8568cfa4a6061f06b120eaab1aa4394e9be74da1e1666bd54cb241076f3b48f0

SHA512
85f3e845a70d8575f99f0015479a3b0624f835aa7f7c6df6ac7e55c20c3437c0b96f8bd5452997e09ada79eeee2913ae21b286e7cbc44609a63db60d92dfe243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
acea1207559586e8fb5f022093dd1790

SHA1
89c7255d991d7dd56e2d7ba31cc6312b33d88cde

SHA256
57df94abc90b73bae62e587d18db733efe22cfffdde306eff8fa4eeb38da4160

SHA512
4074e2593ad40dc363f2a974921da758ebe998791b684736ca64c72358801baa84dd5b6dd2048d454e13e0ccbdd9bfac5aacadde09b0530a68d0ab85e46bcf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
51c85f3697064b790b2a40966d14378d

SHA1
7a3fe6fb0f1698240e4d6e36a309e8f16137e4fb

SHA256
5366a76ed844195d1fa3fefb099884f5e969461056fdb4d8a214c9e41ba8eb3f

SHA512
6f97049f9ef042f72f18e26157056212efa7265ea519bc6e1cba2ca5e623f7af50e76515093098bfc7ed77216b09c6abc381b70f4b23f189dfb2f796f38ce8dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
47e898adad704518fe948c9d8b317a17

SHA1
c375049c5b23dd7fb43c486d52352bce8f13ddce

SHA256
d45b72c481049c6a5189abecceac7d5dd530d193325abef10ed16ddf7f9d7c46

SHA512
68355976d3f45e33ccb98d6649e328d9ba86069d095ff3128e4d31254b62819af25932b1e1bfd5b994f6e7ae9a41d5cf581909dc36eac830f28ac39e372b75c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
b581e9a8297e98b67e822a3faf9009ac

SHA1
1a08ee05213eb4f139e5ea8aba9261d0c11c6303

SHA256
f3a7255a58ddc409d68013d56a0024463b82ca804ce146d119b4e0e196612be8

SHA512
eb3fbeae5f7bda2e8491c910665881a3b77d5268278ff405e1e5dd0aef0e058cc86192b7aa8f9cd225e9feb0614a4c2d616694c347b4e0cad20712a278fa3a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9cd6334ce97c79a6a47fb267aabe2080

SHA1
b0ed8d6fc3d75e13369a80c346140b1e67db1003

SHA256
06c2763f6387170e35136b4bcd420fc253f6b78b38b2e83db809462ab39a1867

SHA512
677871772c762b5ce8154b24aff27d0ef498ee38d5e40b185fa795e65076b47895e663bca9d25fe49d695e4cb9f444d230fda3c8aa8837cb1b93904d4673d202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d21b458a-1e1c-4553-a14c-54f7ed25246e.tmp
Filesize
16KB

MD5
b6759c79daf8b77437d18fa18147d292

SHA1
5bdbb10d70a380cdbb95942ffef1f64a1882efb6

SHA256
752ce945e0d4dd8310fce244e809d02c3d7e05e85b49f58f2fed960069c3bfcc

SHA512
734ca6dfbb9da892a15fddc5f0649ae62c1e479f66e328cb5181f7746bfe31a282cdcd9274edc02ddeb003f6b4feb18cc6344a632ea5b1ba8f3e1e1f89281e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
1076246dfb23756b7d39733899d3add6

SHA1
1ad55b5bcc653d2955584adff4d4907954957f98

SHA256
6c425479e96d1b93dcbb32181bc8587dc5ff26fc94b0d30fad33b53313baa6c2

SHA512
8d287e61ca3b5b24355bcadd243e5ea7097c6ff7d399ca3250924b8b14639f4e85a5a2b4e9c0515df164427b3c4bb67552a7ce6bcec33494b364c127e55da639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
85KB

MD5
760f3b4ad346d0f6bca9e1fc84416ef0

SHA1
cc89821d2b010df323f26da830b253d168f8231c

SHA256
310578dc6cac63f7042fcc3313f48670d9872e8fadb75b2c9eb9978ed86366c1

SHA512
e85226657e016496420ba4b85d9719a446f9ca7aa5310e52c6b0981bfa9587428ab106844e145bf5525716c68f4e1d10d7ea1622a9382e11def01f2ce1c97da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
2b06f37f1208604b596a818685c5b7e4

SHA1
4b2245b2030a801ff66d8e5e304693dccd27c886

SHA256
5573da85d80293d4cc7361a41fbb8750222ceb1b11cf6a641d9c670e9da7dcda

SHA512
79a5f59054e0cc1b6f5724a15f1b0b464bb7b2f2572e25137e329611037805b8bf39b73a5d2cd800c4105ead2ab3cf09e7dc6e196f50890f145e9a8334da96f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58da1f.TMP
Filesize
83KB

MD5
de9c85729ac78c071181077721fbc657

SHA1
fc0dede3c77ad6a283739d4316f01bb16d3b93ca

SHA256
04e9f3c2c4c76c763711b984aa647d17eead8a30396e26b3217ddc77dbbbd653

SHA512
7c61b9eb73a3b78b9cb9ef74f9d5318ce68c182577f83a941369db84cfcaadf9dbd02edb3b4856c33880db3001a36e70ee1772a67bdbbe73cc72aa92284c8028

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html
Filesize
20KB

MD5
08d9ac1e35385587b0c3c8a73ea97234

SHA1
d1db15b5e97152be999339d90630f68ed06a6b78

SHA256
016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

SHA512
8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js
Filesize
27KB

MD5
8a3086f6c6298f986bda09080dd003b1

SHA1
8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

SHA256
0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

SHA512
9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.dll
Filesize
4.2MB

MD5
114498719219c2427758b1ad9a11a991

SHA1
742896c8ec63ddbf15bab5c1011eff512b9af722

SHA256
913059869dca00dfa49bcf2691b384eb9804739d9148e3671cf1d6b89c828c42

SHA512
4f36ea0c5e8af8087ecf92fa49e157dcc94a1cc68563fc97b3fe026b92c0abdbe640bf347c24a666f59b60380367f85daab1a15e2c4902921e63e1b741c01452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\BrowserMetrics-spare.pma
Filesize
1.2MB

MD5
3ea587d4e649dbf22e1a36f4e10b3270

SHA1
27816b6083377e9dbe0780e011fc660064b10bfe

SHA256
2f40ca6eed4996065397d4f9dd26f19070719b4de844408b9f743c2242cd2fd5

SHA512
128a5657632d6f5903907db960f49f69f294d80e8140f7c33378e54c23b85cc2bb3d95a6b9c597255c5ecded44a6da9e2e3a56e6202f5a209e2491e7e6c7dd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.fingerprint
Filesize
66B

MD5
33fc4bf1927352bc1845acdde3a6ba63

SHA1
63ac2f004ac10198e729e9ccf55f6ac4f7f3c622

SHA256
4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113

SHA512
7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\manifest.json
Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
3a94a890c9250623703c8678dc25076c

SHA1
dabaf621b578c285310942bcc8ccee9836bbe31a

SHA256
ecdaf88898be03ad6672bce33f974334fb80a37af77db648442830b4e6432f9c

SHA512
c72b46813fa87ab676d70d82b2985c264293e794610bf971c612ec95e2c2bacb43b50735abf5fda63389042d5611c907f32c06747bd637ea6aa294850583036a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
152B

MD5
2bbba50909a389e64e60758bfbb91f9c

SHA1
4be5ac42b7eb72b50b001475431d67cc77af5fad

SHA256
bb8bf3286e58a6cc0212dd67cea598771c469b7109de7228da3a69e0ec0f09d1

SHA512
24c76e3641980be85c523caa8a468ea075f2be8ba39c2be7f746b90139b692de6ad9482308592aa4d1e78257c685965a61ecfd2cb03143b0238801e79a5a3c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
b204a104d000ec8c525839510d805a54

SHA1
142ad06632aeef4e925d46506bbec47016f9d4d9

SHA256
a8d3bb73121b22fbd84ca2c12e0dd8aee7821a5ced9ee288143c0317a1e39360

SHA512
3c93013a88afd14e3ad1cea0d9ad4436306285acc3780c4949de17b49e36045aac3e747657a0225f271599bfa63fdcfb5965e3cec43743078b343d9c654dba29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Favicons
Filesize
20KB

MD5
f56e431b1d09b7ee9076ac27c118cd1e

SHA1
fd00bdd050f91f04e12091c5786438f7f9b0b28f

SHA256
0db6438854d1086c869c9bda01877547517cd155cc8336dc1838abe3458b4bf6

SHA512
54f7b298f2f7447fa071f58bdb1bb80acbdb1c0de4ea46760d391427649b8f255f040c650ab758700289ad5b35096ef8192eff77c4e3c47d72713148a4ad3714

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\GPUCache\index
Filesize
256KB

MD5
7a7258e041c0082961d81507159150fe

SHA1
f4b0733e693c98e19ead601547476dec87cd2209

SHA256
643179ae569b7dda04b028d57538068780e091419850b787e0f24b6281dd4f32

SHA512
2e4dd47cd06e2eeffcaa7882357062d2b319bde86186f3e02cff85af165c29851d8a189eeb7b4acbb4842b735595676557f98b8236297432dcaf75ed61daa4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\History
Filesize
164KB

MD5
839f896db66463e5421c78159fb9d2c5

SHA1
2e95047afa9298384890bdb6a86f69057d3d8040

SHA256
14d19bd67c4d04e46f65a8411cac9c85e08f54019b1ac96c8b91eab814f723a9

SHA512
f58878ce48e6226fc5e651b404d54c9671f860dde7aac37d5a13495ba6060d7d0f8971447833e0835fd90d5c738df7d1d3348b532a14ef136f23b16f277cc77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG
Filesize
381B

MD5
594c971bc3d099ec65d6c5d24043e260

SHA1
c4ff92432425b86d52d964f710ed88e398a39826

SHA256
f08ce00721ebd67fa7b2e7e3b8a831c70802d52ca8f859fdcad4eee629563167

SHA512
d7ad689834fcb566482e060e5cbf3fd8154b0c6be70e1362ac7e4af50a367a139305122e7b285d020746564d3552ed2cd28535d4c545fff1f133607512555175

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Local Storage\leveldb\LOG.old
Filesize
343B

MD5
968fdec5a3c1cac6b56a8081595dee57

SHA1
2d04804a8051fae94c9eeef0a421b0c386486c9a

SHA256
1664d59c898ae0e89ca11a7486ad7d08780fe6c4e9349b017b2362d472c2f37e

SHA512
8543f97d22ac4efc225a8577dc4ba7caa279d8bb1afa2a1f3a5f35a7c58e910721cad3deb5441116b5c9266915d245e716c9e21cc1d3e523ab78ccd19b77b6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Login Data
Filesize
42KB

MD5
5cdbe5fe7b39e0617a15efa1daca1f6b

SHA1
eace7b5e04c4d3fcb5a48baf00a9f1aa41ff7e13

SHA256
ee6731dd6cdae816e48422f6f77482460ec71446d7450e7d9c363bc4f76a0842

SHA512
8e85f436537d2a15fdbb1199af7f1df7eed3f31a9b8b1c2e299bfd6bb9c511279eace1dac6a3edb62b7be458d68e4c24e82e466dc2095bff5f6cfa8d844e6e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize
935B

MD5
068c0a8b459ce558ecc78f59865bcd26

SHA1
4e6247136c156d45fff61fd492213e3cf56ef85f

SHA256
2e283953ad12e97a9970012dcd7b91ffff718a605fc7e57f06fd877d8e6659b2

SHA512
683d22aad375d024f82e8cae1d045e7f7778dc665f545ab65f4a7a74866b3fe2cc1d6977e23156e90f754667f9a13652e5f2ad5071d8aa00b63ce1a1ef56a37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network Persistent State~RFe588410.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
7KB

MD5
9750eae0482546759642068a56c3d763

SHA1
6e177c1459a6083630ebc2b69cd5551c83cdb31b

SHA256
ffb352c8abadc7a2842527cabb9ae7cdb1f625fcf65988e361294b39eacd14b9

SHA512
e5791f5e99265d42ff0086c77c1641957a8a128dcfb22f9e71e0bb1578fa8a9d81d52054eca35745fe1c90db6e4d09f841032d97cefef98455c0841582b800d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
8KB

MD5
62bd5ff92f7d748f3bfba715764be93a

SHA1
f7685208e10093c100bcd7bcc1744192a3131694

SHA256
09bc48c53b89115169e93f89f62427ee1d71057a03e42e780dbfbd3bdfa48f9a

SHA512
9ad8df89e6551cd1e3a5b4d5cbc7ac33ca06d7428055fc5304081e99b47383193ed9fefe3b509f4ddffae6114df33a6213367a579cffcd5ef3149115939bb511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
5acee47fedc491bb4ce27a9bca3a5114

SHA1
330af470fd342e369b11610455740beebdf224aa

SHA256
701ea0da2428f1b4398ae03341a1f2f84d46cb01153df3cd9dfb8a7513a0c3d9

SHA512
7d2e62f06442ad1fceba1d8c103d1006eb4b0c6061fdf03f096eba27c2d2d3e7b3473f18e55882a412fa13731609a25d741420413f0ad2958d2ad667a97fea9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
4510f0a25d3e76e92f52e80df8bb7f14

SHA1
a510b897972121359d091e0e6ad16d74394028a6

SHA256
3f3a9d8e1821693dfc89a30b64d83164f643a6ca4c516c1a8002c1dae8d18f90

SHA512
8214eb24cef88517d4b72017b764d2d9d0a75cc264fba87495022d5073da48f2ef0efad41e9fbf258a8e51ab8218105b060f7073d3ddb354e8dc5981967d761f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG
Filesize
400B

MD5
de97293873787743b952e2a339b41268

SHA1
edbd2d35a7cf84b24518892ba3adcbeaa427255d

SHA256
a315443b073f5bc7484ca4ba612de9a4b4243b14e20ac33058143cec3016bda5

SHA512
4add13d0ea5efa7eb4c5724656dfa81714bbd28b32bead16e74dfc2464a4a77e680a65b46f047d594d3a52cdd9c5c7ee4d3c7f9b1a83e5b05ed1bc44cbc2329f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Site Characteristics Database\LOG.old
Filesize
359B

MD5
477a0b0590dc7a632935543405533317

SHA1
7490cf78dc0733e382df61948a1a51f648e024b4

SHA256
3db6ec9362c109c7bde17c580ff20e9ebe8bb9b3da87fea88b460d88bf57f7b8

SHA512
3eef260fd3d6b1b6f8dc6691e8c8ebbe710dd463d24a399eb950307e0702fde566f59eb025d6e7cd6ca501946a036e9fba087399a9e6c91a626b934bbeb837dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000003.log
Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG
Filesize
376B

MD5
edab9de6a31417d8e220c35f6f7d55ef

SHA1
cc481322fa8352538bfc646461dc49be03b6c7dd

SHA256
60138b9870208b6f743973b0608112a48b1f13216359d42421cbe77988c3e2c7

SHA512
a01d6fc253190d85c2392a055887d4c1f50261083d950ce33ec9b9ae77ee3e3c020633d9a09f9e4e17a4fc5e7edaecbcd9201d137730db593a2698b60e915458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\LOG.old
Filesize
335B

MD5
e5917b68dc2900bb307ddb54d4b515c6

SHA1
63eb21e162bdbdb46d6da7bd1f5207f28dc793b7

SHA256
ff703be1250cfb7825f1df4fab4877f757cce971dec797dc870d9b7c924297dd

SHA512
5f7aec774914aedb5fdf028a98c56ff22397bc7f4b5ab7e44b69f3566a7f67c854fbfc064b9e8fd216ac41cc7951e2ef860c7a0988ae6a31c0fb5f3c4a9d09fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Top Sites
Filesize
20KB

MD5
3e18f6a36b53ca0b2567e692a305fd71

SHA1
c745c041f98e49bf3b738cbe55bfb461811ae1a6

SHA256
9484455a6af32c6b038c17221666c00e3dd0ddce4ba3bdcd93d3b8618af0e9f0

SHA512
6006fc6d36c50be687970165b5c3967a5682ca140f76db8d12c87e6c624b1ab294cfb42cc0238f17670ae70d50bc83212828b23d75d722465760d801c957bb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Visited Links
Filesize
128KB

MD5
7cde308e5674cf63befb362fa3c259c7

SHA1
eba8e24b26f2c79ddc661bbfe8d76f03e35a55cf

SHA256
f37346293637f0637d4974d7dbfc746c648073f92ec185b65bd5c429bdb2b34e

SHA512
6fbb089ce8145276beebf86258066dfa02ce0d52a1c87303d05fddd6683f72133fd0285ddd6d40a519d4659aa76bc4677a713783dbfd0f244fd3052985be6b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Web Data
Filesize
218KB

MD5
b25e478bf9c16b2aeff527cdc5a8118b

SHA1
71cfca2372d51273795f8a15251caf1091731b80

SHA256
49e7938adf25e8a6c1d0f5050744baa58597bdb895bd7d3d8eefa52e5eab4a72

SHA512
0c96c4189002e841d11acd42e998c70d9229df0aa4897f9bc1f62f42e67762b100fdfc3f8c29df318248bfa35a48d8a9b394bd6ae9da1479876098d55601b09d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\old_Cache_000\Cache_Data\data_0
Filesize
44KB

MD5
c345b1c9e2619dc5ee069e69a143173a

SHA1
517728010d8419b3975022920abb1c92c7d56b7b

SHA256
2aeb13567d7f0394cfdafa966f4b9cc04a71486f9d88baea03b4d6963a68fd12

SHA512
c616289353988cdb07687c5e6d9bd3b5abf64231f31e2f51419c8acf34fdb1a59a63df0aa2de90a96b7021911e44d55d1f6ce05f2f727dd97a44540cb68e5f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\old_Cache_000\Cache_Data\data_1
Filesize
264KB

MD5
a8bb6777e1df5599a2b0235d5f942bce

SHA1
652a90e969e5b574b8a6ef6cfdf8104c703e6bf4

SHA256
8f63caeeaa8cf99fdcf9065d24408bdf4cecc1d5a018da5e772f2aae5e5b3ccf

SHA512
387dd3c02ba985ebf580c07d53fd104f933e2fbe9e07188e92136b9f4d6295311037a06bec5ebeef25f2dc15028a0f41467a97fe28d599625624a09063bc1be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
17bd7672040db656308d76d6e66a3095

SHA1
8ed1945d141244a8807a94d78f9150f4a311a31f

SHA256
73c89191d5808f65ddf660bff7827dd0aaa68747418749c5f2835bb824a0e665

SHA512
c3c8fdb9212f7187715454a64f4888f8cbe4805b8d0f754875fc11d623df27976c62eb58c64f35399d6e63d3094262ab9169c0255653d177feced62d8d6aa0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
19KB

MD5
b14435a06a3006f7ff0f4065288b8daa

SHA1
f69dc497da1da8fab25c90401b45b8732380bd7e

SHA256
107744a3f703dbe52b177ff03437d6b5a8f19b876e1a4c6e70a22d270be217c1

SHA512
a712063c930972fd7612749e714a321c5add4af1d41e2385eb2d5dbc95fcb9d1d04cdb9ffd79200cb4b946f414371a2c7f5c4f12e7d843bce65f411aadc1a75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
23KB

MD5
5612af3fce1b33e31bc49a185bc676f9

SHA1
772a13a1e16a2176fe2feb0bd12bdc59899d400f

SHA256
1c6ecc5ae04f1c7b716744e5131742730d704242bc9bd29999e7f9186548ccb5

SHA512
7a8e55414121657339f60d40569a1264d7d40b5b578e2feb89c3ef366d7142229a5e8193c38a4d9708747e90b36c2ad7b95573fd822ac713794d1b34fefc3930

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
22KB

MD5
80d16b38381d141dabbfc991299c1e3b

SHA1
443dc8eeb4ccd5b55253196e54417b2bd724e8cd

SHA256
5348bc9ef4ec4f8c7b851a0057a413bf68b85ae72cd17b02aac9d90252071456

SHA512
70337811214bd6bcd895dfbc2b09d2d711825d4ae221ab6e8609ac70e888ddb65c7173736905f07858cfc61e7dd6b01faf8e8c874c9074dc9ed7d55148dedc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.fingerprint
Filesize
66B

MD5
7ce55ac0d7683657fd051e573ad06e30

SHA1
3bc51fbc6155c4e9d1439587e1c739995054cc52

SHA256
138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

SHA512
f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\OriginTrials\0.0.1.4\manifest.json
Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\Microsoft.CognitiveServices.Speech.core.dll
Filesize
2.6MB

MD5
0ee2b50c85a110689352fccfa77b5b18

SHA1
d9ecc4b12d2d50e3cbce40e75edad804c9988b25

SHA256
62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e

SHA512
a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.fingerprint
Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.json
Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir2264_2001136080\LICENSE
Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.fingerprint
Filesize
66B

MD5
88ee70021dc7963e80800e95e2d84685

SHA1
faf1a82055b22ff87579413bf88ae61ff908f815

SHA256
4fddeb8ba4bd8533e08121c1fe7c6c976332f2d0d3b9347cdd636e4cf6520580

SHA512
83c9079f58b46fa0806ea1d26988adf410f76853609109ce936a6a4f734a808e42186da8e909c04928899f5b75ff1e5d0fb477ebf1aa5c06b191ff8589047efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\manifest.json
Filesize
116B

MD5
178174a0125d4ff3ed5211426f1ea113

SHA1
26f72c5a2f65c767c4edb04d8da62bdadc02e809

SHA256
64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f

SHA512
c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 885998.crdownload
Filesize
5.4MB

MD5
1f1ae0eb12231c472e7ab91a6df69b75

SHA1
3c0b44b3b18df2b9be602b551828b27604ef51fe

SHA256
4f62cee70845d868afed5b5ad66d7fdc582e6f9b6b69e6d5e9c52a1e24105b60

SHA512
470162197814bcefa52a24e1e88264827e4a6aaa0a110a41f35cd9c392bdcf6bd7deb25bf5c9ccbb994ba01b8a7851d7f5025ed5b9ad9f4ba94eabcf7f103abd

Download Submit
\??\pipe\LOCAL\crashpad_2264_PVKIASTEOSZGZIFE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/948-5-0x0000000005DB0000-0x0000000005DC2000-memory.dmp

Filesize
72KB

Download
memory/948-3-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/948-2-0x00000000052A0000-0x00000000052AA000-memory.dmp

Filesize
40KB

Download
memory/948-1-0x0000000000A10000-0x0000000000A1A000-memory.dmp

Filesize
40KB

Download
memory/948-1888-0x0000000074A80000-0x0000000075231000-memory.dmp

Filesize
7.7MB

Download
memory/948-0-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

Filesize
4KB

Download
memory/2280-1938-0x00007FFE0FDA0000-0x00007FFE0FDA1000-memory.dmp

Filesize
4KB

Download
memory/4772-1915-0x0000019AF21C0000-0x0000019AF21CE000-memory.dmp

Filesize
56KB

Download
memory/4772-1912-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1908-0x00007FFDEEDE0000-0x00007FFDEF8A2000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1910-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1897-0x0000019AD5A20000-0x0000019AD5A2E000-memory.dmp

Filesize
56KB

Download
memory/4772-1895-0x0000019AEE640000-0x0000019AEE6BE000-memory.dmp

Filesize
504KB

Download
memory/4772-1893-0x0000019AEE580000-0x0000019AEE63A000-memory.dmp

Filesize
744KB

Download
memory/4772-1891-0x00007FFDEEDE0000-0x00007FFDEF8A2000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1892-0x0000019AEE910000-0x0000019AEEE4C000-memory.dmp

Filesize
5.2MB

Download
memory/4772-1909-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1889-0x0000019AD3D60000-0x0000019AD3D7A000-memory.dmp

Filesize
104KB

Download
memory/4772-1887-0x00007FFDEEDE3000-0x00007FFDEEDE5000-memory.dmp

Filesize
8KB

Download
memory/4772-1913-0x0000019AEE8D0000-0x0000019AEE8D8000-memory.dmp

Filesize
32KB

Download
memory/4772-2444-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1911-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-1914-0x0000019AF2200000-0x0000019AF2238000-memory.dmp

Filesize
224KB

Download
memory/4772-2109-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-2097-0x00007FFDEEDE0000-0x00007FFDEF8A2000-memory.dmp

Filesize
10.8MB

Download
memory/4772-2094-0x00007FFDEEDE3000-0x00007FFDEEDE5000-memory.dmp

Filesize
8KB

Download
memory/4772-2051-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-3678-0x0000000180000000-0x0000000180ACA000-memory.dmp

Filesize
10.8MB

Download
memory/4772-2052-0x00007FFE01B50000-0x00007FFE01B74000-memory.dmp

Filesize
144KB

Download