Analysis
-
max time kernel
1483s -
max time network
1486s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
24-05-2024 02:17
Static task
static1
Behavioral task
behavioral1
Sample
SolaraB/Solara/SolaraBootstrapper.exe
Resource
win10v2004-20240426-en
General
-
Target
SolaraB/Solara/SolaraBootstrapper.exe
-
Size
13KB
-
MD5
6557bd5240397f026e675afb78544a26
-
SHA1
839e683bf68703d373b6eac246f19386bb181713
-
SHA256
a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
-
SHA512
f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
SSDEEP
192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
Processes:
setup.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe -
Sets file execution options in registry 2 TTPs 4 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Executes dropped EXE 43 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_125.0.2535.51.exesetup.exesetup.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdateSetup_X86_1.3.187.37.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdge_X64_125.0.2535.51.exesetup.exesetup.exesetup.exesetup.exeMicrosoftEdgeUpdate.exepid process 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4856 RobloxPlayerInstaller.exe 3096 MicrosoftEdgeWebview2Setup.exe 4060 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 1240 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdateComRegisterShell64.exe 1188 MicrosoftEdgeUpdateComRegisterShell64.exe 3024 MicrosoftEdgeUpdateComRegisterShell64.exe 2468 MicrosoftEdgeUpdate.exe 3068 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 1524 MicrosoftEdgeUpdate.exe 3144 MicrosoftEdge_X64_125.0.2535.51.exe 3376 setup.exe 4772 setup.exe 1260 setup.exe 1948 setup.exe 992 MicrosoftEdgeUpdate.exe 4092 RobloxPlayerBeta.exe 4316 MicrosoftEdgeUpdate.exe 2000 MicrosoftEdgeUpdate.exe 3548 RobloxPlayerBeta.exe 4072 MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe 3968 MicrosoftEdgeUpdate.exe 936 MicrosoftEdgeUpdate.exe 4792 RobloxPlayerBeta.exe 1904 MicrosoftEdgeUpdate.exe 4896 MicrosoftEdgeUpdate.exe 4588 MicrosoftEdgeUpdateComRegisterShell64.exe 1084 MicrosoftEdgeUpdateComRegisterShell64.exe 2036 MicrosoftEdgeUpdateComRegisterShell64.exe 2784 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 1976 MicrosoftEdgeUpdate.exe 4580 MicrosoftEdgeUpdate.exe 4776 RobloxPlayerBeta.exe 4396 MicrosoftEdge_X64_125.0.2535.51.exe 5316 setup.exe 5336 setup.exe 5504 setup.exe 5524 setup.exe 5804 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 46 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exepid process 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4060 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 1240 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdateComRegisterShell64.exe 1240 MicrosoftEdgeUpdate.exe 1188 MicrosoftEdgeUpdateComRegisterShell64.exe 1240 MicrosoftEdgeUpdate.exe 3024 MicrosoftEdgeUpdateComRegisterShell64.exe 1240 MicrosoftEdgeUpdate.exe 2468 MicrosoftEdgeUpdate.exe 3068 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 3736 MicrosoftEdgeUpdate.exe 3068 MicrosoftEdgeUpdate.exe 1524 MicrosoftEdgeUpdate.exe 992 MicrosoftEdgeUpdate.exe 4092 RobloxPlayerBeta.exe 4316 MicrosoftEdgeUpdate.exe 2000 MicrosoftEdgeUpdate.exe 2000 MicrosoftEdgeUpdate.exe 4316 MicrosoftEdgeUpdate.exe 3548 RobloxPlayerBeta.exe 3968 MicrosoftEdgeUpdate.exe 936 MicrosoftEdgeUpdate.exe 4792 RobloxPlayerBeta.exe 1904 MicrosoftEdgeUpdate.exe 4896 MicrosoftEdgeUpdate.exe 4588 MicrosoftEdgeUpdateComRegisterShell64.exe 4896 MicrosoftEdgeUpdate.exe 1084 MicrosoftEdgeUpdateComRegisterShell64.exe 4896 MicrosoftEdgeUpdate.exe 2036 MicrosoftEdgeUpdateComRegisterShell64.exe 4896 MicrosoftEdgeUpdate.exe 2784 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 1976 MicrosoftEdgeUpdate.exe 1976 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 4580 MicrosoftEdgeUpdate.exe 4776 RobloxPlayerBeta.exe 5804 MicrosoftEdgeUpdate.exe -
Registers COM server for autorun 1 TTPs 64 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exesetup.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\notification_click_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\EBWebView\\x64\\EmbeddedBrowserWebView.dll" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\notification_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\BHO\\ie_to_edge_bho_64.dll" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\notification_helper.exe" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\PdfPreview\\PdfPreviewHandler.dll" setup.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll themida behavioral2/memory/3412-1493-0x0000000180000000-0x0000000180B28000-memory.dmp themida behavioral2/memory/3412-1495-0x0000000180000000-0x0000000180B28000-memory.dmp themida behavioral2/memory/3412-1494-0x0000000180000000-0x0000000180B28000-memory.dmp themida behavioral2/memory/3412-1496-0x0000000180000000-0x0000000180B28000-memory.dmp themida behavioral2/memory/3412-1618-0x0000000180000000-0x0000000180B28000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
RobloxPlayerInstaller.execd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
setup.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
Processes:
flow ioc 402 raw.githubusercontent.com 408 raw.githubusercontent.com 1 raw.githubusercontent.com 3 raw.githubusercontent.com 29 raw.githubusercontent.com 385 raw.githubusercontent.com 4 raw.githubusercontent.com 86 raw.githubusercontent.com 301 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 24 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 1 IoCs
Processes:
setup.exedescription ioc process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 4092 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4776 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxPlayerInstaller.exesetup.exesetup.exeMicrosoftEdgeWebview2Setup.exesetup.exedescription ioc process File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChatV2\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\show_third_party_software_licenses.bat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.51\Locales\bg.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\particles\explosion01_shockwave_main.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\RoactStudioWidgets\toggle_disable_dark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\apostrophe.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\bs.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\models\WindControl\windhose.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\glow.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\loading\darkLoadingTexture.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\AssetPreview\hierarchy.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\VoiceChat\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\pl.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\msedge_elf.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\he.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ViewSelector\top_hover_zh_cn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar mask-84x84.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\InGameMenu\XboxController.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU6267.tmp\msedgeupdateres_it.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioUIEditor\icon_resize4.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TerrainTools\mt_regions.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\DefaultController\ButtonL2.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\graphic\Auth\wechatlogo.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\Button_Curve_Lightmode.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Gear.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\PlayerList\NewFollowing.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Trust Protection Lists\Mu\LICENSE setup.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\48e9de82-960a-4c98-a44c-90735370753d.tmp setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\AssetConfig\listview.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on [email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\mr.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\chatBubble_green_notify_bkg.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\dialog_blue.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChat\9-slice\error-toast.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Scroll\scroll-top.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\VirtualCursor\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\scrollbuttonDown_ovr.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\InspectMenu\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\LayeredClothingEditor\WorkspaceIcons\Cage Mode.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\VoiceChat\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\VoiceChat\SpeakerDark\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\az.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\fi.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\models\LayeredClothingEditor\mannequin_mock.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ArrowFarCursor.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\AnimationEditor\icon_hierarchy_end_white.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\VR\hamburger.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ms.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\TerrainEditor\mountain.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaChat\icons\ic-search-gray.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.51\Trust Protection Lists\Mu\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.51\Locales\az.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\PivotEditor\SelectedPivot.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\DesignSystem\Thumbstick2Directional.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\textures\ui\NetworkPause\no [email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Locales\ar.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\content\avatar\morpherEditorR6.rbxmx RobloxPlayerInstaller.exe -
Drops file in Windows directory 26 IoCs
Processes:
setup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exedescription ioc process File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 8 IoCs
Processes:
msedgewebview2.exemsedge.exeRobloxPlayerInstaller.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe -
Processes:
RobloxPlayerInstaller.exesetup.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\125.0.2535.51\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exesetup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exednSpy.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 dnSpy.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1 setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\Application setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1D3747B6-FED9-4795-BB56-E077C582FB69}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 MicrosoftEdgeUpdate.exe -
NTFS ADS 3 IoCs
Processes:
msedge.exemsedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\dnSpy-net-win32.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 642753.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
SolaraBootstrapper.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.execd57e4c171d6e8f5ea8b8f824a6a7316.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exemsedge.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exesetup.exeMicrosoftEdgeUpdate.exepid process 2340 SolaraBootstrapper.exe 2340 SolaraBootstrapper.exe 4532 msedgewebview2.exe 4532 msedgewebview2.exe 1612 msedgewebview2.exe 1612 msedgewebview2.exe 4940 msedgewebview2.exe 4940 msedgewebview2.exe 4940 msedgewebview2.exe 4940 msedgewebview2.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1956 msedge.exe 1956 msedge.exe 4948 msedge.exe 4948 msedge.exe 4772 identity_helper.exe 4772 identity_helper.exe 4964 msedge.exe 4964 msedge.exe 4164 msedge.exe 2644 msedge.exe 2644 msedge.exe 1816 msedge.exe 1816 msedge.exe 1816 msedge.exe 1816 msedge.exe 5028 msedge.exe 5028 msedge.exe 4856 RobloxPlayerInstaller.exe 4856 RobloxPlayerInstaller.exe 4060 MicrosoftEdgeUpdate.exe 4060 MicrosoftEdgeUpdate.exe 4060 MicrosoftEdgeUpdate.exe 4060 MicrosoftEdgeUpdate.exe 4060 MicrosoftEdgeUpdate.exe 4060 MicrosoftEdgeUpdate.exe 4092 RobloxPlayerBeta.exe 4092 RobloxPlayerBeta.exe 4316 MicrosoftEdgeUpdate.exe 4316 MicrosoftEdgeUpdate.exe 4316 MicrosoftEdgeUpdate.exe 4316 MicrosoftEdgeUpdate.exe 3548 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 4488 msedge.exe 4488 msedge.exe 2000 MicrosoftEdgeUpdate.exe 2000 MicrosoftEdgeUpdate.exe 936 MicrosoftEdgeUpdate.exe 936 MicrosoftEdgeUpdate.exe 4792 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 5016 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 5016 MicrosoftEdgeUpdate.exe 4776 RobloxPlayerBeta.exe 4776 RobloxPlayerBeta.exe 5316 setup.exe 5316 setup.exe 1976 MicrosoftEdgeUpdate.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
dnSpy.exepid process 3712 dnSpy.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
Processes:
msedgewebview2.exemsedge.exepid process 1692 msedgewebview2.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
Processes:
SolaraBootstrapper.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdate.exedescription pid process Token: SeDebugPrivilege 2340 SolaraBootstrapper.exe Token: SeDebugPrivilege 4060 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4060 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4316 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 2000 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 936 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 5016 MicrosoftEdgeUpdate.exe Token: 33 5316 setup.exe Token: SeIncBasePriorityPrivilege 5316 setup.exe Token: SeDebugPrivilege 5316 setup.exe Token: SeDebugPrivilege 1976 MicrosoftEdgeUpdate.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedgewebview2.exemsedge.exepid process 1692 msedgewebview2.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
msedge.exepid process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
MiniSearchHost.exednSpy.exepid process 1872 MiniSearchHost.exe 3712 dnSpy.exe 3712 dnSpy.exe -
Suspicious use of UnmapMainImage 4 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 4092 RobloxPlayerBeta.exe 3548 RobloxPlayerBeta.exe 4792 RobloxPlayerBeta.exe 4776 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
SolaraBootstrapper.execd57e4c171d6e8f5ea8b8f824a6a7316.exemsedgewebview2.exedescription pid process target process PID 2340 wrote to memory of 3412 2340 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 2340 wrote to memory of 3412 2340 SolaraBootstrapper.exe cd57e4c171d6e8f5ea8b8f824a6a7316.exe PID 3412 wrote to memory of 1692 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe msedgewebview2.exe PID 3412 wrote to memory of 1692 3412 cd57e4c171d6e8f5ea8b8f824a6a7316.exe msedgewebview2.exe PID 1692 wrote to memory of 4576 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4576 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4900 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4532 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 4532 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe PID 1692 wrote to memory of 1184 1692 msedgewebview2.exe msedgewebview2.exe -
System policy modification 1 TTPs 4 IoCs
Processes:
setup.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3412 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3412.4680.104476757417576560703⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffe17b3cb8,0x7fffe17b3cc8,0x7fffe17b3cd84⤵PID:4576
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:24⤵PID:4900
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2224 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4532 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2472 /prefetch:84⤵PID:1184
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:14⤵PID:5044
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4668 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:1612 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4108 /prefetch:84⤵PID:1392
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2672 /prefetch:84⤵PID:2036
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4152 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4744 /prefetch:84⤵PID:2172
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4356 /prefetch:84⤵PID:2500
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4288 /prefetch:84⤵PID:2720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2608
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1520
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:1872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffe17b3cb8,0x7fffe17b3cc8,0x7fffe17b3cd82⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:22⤵PID:1492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:5024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:3792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:3360
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:2328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:3976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:2572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:4412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:2232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:3772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6336 /prefetch:82⤵PID:2944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:12⤵PID:1284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵PID:1056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7264 /prefetch:82⤵PID:4476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5028 -
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:4856 -
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3096 -
C:\Program Files (x86)\Microsoft\Temp\EU6267.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU6267.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4060 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2024 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1240 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3716 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1188 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3024 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNEE3MjVGRC1DRjNBLTRFMUUtOTk3NS02Q0FFNEJEQUI1NDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTIzMzY1NzkyIiBpbnN0YWxsX3RpbWVfbXM9IjU1NiIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2468 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{DD628A4B-38FC-46C5-A238-1AFADA1BC07C}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3068 -
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" -app -isInstallerLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵PID:932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:3424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:2996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:12⤵PID:3776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:12⤵PID:3556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:4372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:12⤵PID:2024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:12⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6880 /prefetch:82⤵PID:4588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:3144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:12⤵PID:1472
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:pY1iZzaGvjuw4qL6SyfDU9SsE2Wj9XCLGR7gHLPoDvPx4nsz3gCVnV0hVjMEFd6anETQfgFLi0FT9xyC4FH-uQ50jFsQzVQB9xSM4WzTTvpr3Bv1meAmBy6jIs2FtBXh6fDyjrJV9tyCPqfEaMLd9Kg0VPZbhtHM6KSPtg4yFVskHPk_5mXF0cp6_91b679e9FK7m5Pk4BY2-1t5E16bY-6x8OVE2-RLhAkiMVF_WTo+launchtime:1716517562949+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4288ab4f-dd7f-4408-9ff3-bdf1ec407b57%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:12⤵PID:4904
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:nUkio55CknU9a6SXV8RnJHOWqbM1zIBVF-vvty7xYcEF2tGI8n3EUYrOBJR4T5l32U1WFx9XGe7WNi5xi9mC541o16WO6qAoVprNphBy8aigsrbUPJvZjRy4jVcXLoZvP77owJEawWIHrlWBIaO4SM--h_AumVuRk4ZJ3h5RBKFVP2l4msYtACTMHVZOSs4zh25GcJOMwmlSZYNnqp9_ne5KizZVRgB9d-q6Ewirw4o+launchtime:1716517562949+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4288ab4f-dd7f-4408-9ff3-bdf1ec407b57%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵PID:4476
-
C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:qAdTktdpMGOf4UqI2C-G3IRHYq1Xg7QYjc0er-ltRXzyVMhEgILtqq8cFIPkvxPNXNuvdgR2wYD0Yjbmkv5_dhKu8y0L-wytD92058ChWH_7IN0O5qm_BisQL_uGghN2KFXBhx1lUP8bX5szf0zwJrq9zzYEk8dZURQD7t-0wKoNRz8u1G7-CW2GtBWn_SMxYNmZX-NkUyUPchddI0y4ucgAvW3h2hluQoY0qkWrIZI+launchtime:1716518416835+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5f12bc5f-bb52-47c1-a75c-ca4fb4035d22%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3136
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:3736 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRjFGMEUzNi01QjE4LTRBMTItQjFERC0xQzEzNzVFRTYwQzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTI3MDI1OTE2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1524 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:3144 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
PID:3376 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6c7c04b18,0x7ff6c7c04b24,0x7ff6c7c04b304⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4772 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1260 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7b92a4b18,0x7ff7b92a4b24,0x7ff7b92a4b305⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1948 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4QjQyNzVBOS1GNDZFLTQzMkItQUZEQi1BMjkwOTE0QjI5OEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTA3MjE1NjkzODQwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU5ODk1OTAzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1NTk5NzU5NTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1MjQyMzExNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGJlMDU5ZDYtYThhYi00NWQ0LWExMDUtNTExNTA0NWNhOGQwP1AxPTE3MTcxMjI1MDImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bmIxZU5mVmtpOFlKTm50R0RGU1JJSSUyYlUzNjVtUmhFV083MHpXQ1I4OTRidWtVclF2VVNYUjQwbnVpJTJiSWJmbzd6NHdqdjBvUEJXY2dWdjJqcnlGTEZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNjQyMjg4IiB0b3RhbD0iMTczNjQyMjg4IiBkb3dubG9hZF90aW1lX21zPSIyNDMxMzYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1MjczNTQxMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMDY2ODQ0NDcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzUwMDgzNDIzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjIwODYiIGRvd25sb2FkX3RpbWVfbXM9IjI0OTI2OSIgZG93bmxvYWRlZD0iMTczNjQyMjg4IiB0b3RhbD0iMTczNjQyMjg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzM4NCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:992
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4316
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2000 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DC6B940A-AAB6-4B11-A28F-27A693E0F222}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DC6B940A-AAB6-4B11-A28F-27A693E0F222}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe" /update /sessionid "{5B49022D-D3FA-4C03-B216-519F129E80FC}"2⤵
- Executes dropped EXE
PID:4072 -
C:\Program Files (x86)\Microsoft\Temp\EUD19F.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUD19F.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5B49022D-D3FA-4C03-B216-519F129E80FC}"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:936 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1904 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4896 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4588 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1084 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2036 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUI0OTAyMkQtRDNGQS00QzAzLUIyMTYtNTE5RjEyOUU4MEZDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QzcwQ0NGNEYtN0QwNy00MzcxLTk1NkYtMjM5ODRBOEI3RjhFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzciIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTY1MTc2OTciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NzQ3MDExMzQ2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2784 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUI0OTAyMkQtRDNGQS00QzAzLUIyMTYtNTE5RjEyOUU4MEZDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyRjNGQjA5QS04RDBBLTQzM0QtOTQ2Qi1DRTBBQUIzQkI1QTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zNyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDQ3MDg4MzkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDQ3MTk3OTMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFkZjQyMDgzLTE3YTEtNDRiOS05NDVhLTQxNjg3MTE0NjhjMj9QMT0xNzE3MTIyODUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWQlMmI2T1hraVFJTW9RN1d5eDZMSEt4cGRERU50V0QyajVJV3JiaVB6N3VTR1RpNThpaVZXZ2pZRTRiNnZ1VjFTZGtoMzNlUGh6QXBmTXpIbWFSQ3dLaXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMWRmNDIwODMtMTdhMS00NGI5LTk0NWEtNDE2ODcxMTQ2OGMyP1AxPTE3MTcxMjI4NTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZCUyYjZPWGtpUUlNb1E3V3l4NkxIS3hwZERFTnRXRDJqNUlXcmJpUHo3dVNHVGk1OGlpVldnallFNGI2dnVWMVNka2gzM2VQaHpBcGZNekhtYVJDd0tpdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MjIwNzIiIHRvdGFsPSIxNjIyMDcyIiBkb3dubG9hZF90aW1lX21zPSI2NzYwMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyOTQ1MTk1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTEwNTM3MTk4MzUwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTA3MjE1NjkzODQwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InswQzE3ODg2My0wNUUwLTQzMUMtQkE5Qi00QzZCOTFGREJGOTR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3968
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3444
-
C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe"C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3712
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:4708
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5016
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1976 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU2RTc2ODctRjNEQS00MkQzLUEyMTMtMUQ5NUJGNTg5NDBFfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjA1QzdGQ0QtMjVBNi00NTcyLUI1Q0YtMzBFQzQ4Qjk1NEIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjI3IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxNDQ0OTUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODY0MjQyNzQxOTQ2NjkiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzYwOTkxMTM0Njc2MTA4NyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTA2NzYiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3ODIxNDk1MTk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4580 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Executes dropped EXE
PID:4396 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:5316 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7aeb04b18,0x7ff7aeb04b24,0x7ff7aeb04b304⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5336 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:5504 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7aeb04b18,0x7ff7aeb04b24,0x7ff7aeb04b305⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5524 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU2RTc2ODctRjNEQS00MkQzLUEyMTMtMUQ5NUJGNTg5NDBFfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyQkUyRjdBRC01RDBBLTQ5RjctQTUzNS1FQUJGRjM2MDNERDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjM3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC45NyI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjM1MyIgcGluZ19mcmVzaG5lc3M9Ins2NTZFMzQzQy1EREFGLTQ2RTUtQTMwNi1GM0QwM0ZGQzVCMkZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS41MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTEwNTM3MTk4MzUwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg0OTA1ODQyOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg0OTIxNDE1NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg3NzYzNDg0NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg5MTQ2NjI2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgyNTA5NTE1MzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNjMxIiBkb3dubG9hZGVkPSIxNzM2NDIyODgiIHRvdGFsPSIxNzM2NDIyODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1OTQ5Ii8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjM1MyIgcmQ9IjYzNTMiIHBpbmdfZnJlc2huZXNzPSJ7RDMxMjFFMDItRUI4OS00QTJBLTg5ODItM0M2OTg2NDU5MzczfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuNjYiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYwOTkwNzIxNTY5Mzg0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzUzIiBwaW5nX2ZyZXNobmVzcz0iezlCNTY0N0MwLTc1RDktNDc4NC05NDlGLTc3RDBEMTBDRjc4NX0iLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5804
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.9MB
MD50e2485bb7949cd48315238d8b4e0b26e
SHA1afa46533ba37cef46189ed676db4bf586e187fb4
SHA2561a3d50530e998787561309b08a797f10fe97833e5a6c1f5b35a26b9068d8c3e8
SHA512e40fcfb989e370606469cb4ca4519ce1b98704d38dbfa044bf1ad4b49dbcaf39e05e76822e7dc34cb1bb8f52e8d556c3cbf3adb4646869aba0181c6212806b96
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
Filesize1.5MB
MD5160e6276e0672426a912797869c7ae17
SHA178ff24e7ba4271f2e00fab0cf6839afcc427f582
SHA256503088d22461fee5d7b6b011609d73ffd5869d3ace1dbb0f00f8f3b9d122c514
SHA51217907c756df5083341f71ec9393a7153f355536306fd991de84f51b3a9cdf510912f150df1cbe981dbf3670bfa99c4cb66d46bc3016755d25da729d01b2e63b4
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\SETUP.EX_
Filesize2.8MB
MD5faedccf679a8d88c91909018d1b30a6d
SHA1d50c43ae0441a8526e52d6bb04cce233e54d3a86
SHA25617a00157a757420a5cbeef48ffc3585bc7794823cd607c640256d67079a982f5
SHA512f3dfff27cb7883302486e1ce65d495612b43f61bb9dad985c6149a97f25b5fcd090d8b4ec4e14aad246ff223a70072534338f3bbe647ac2b0f2825428d2ad44d
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
5.3MB
MD50469bb703f1233c733ba4e8cb45afda2
SHA1a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f
SHA25600314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0
SHA512342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67
-
Filesize
14KB
MD577d8b7785d808345952f8afff6fe37c0
SHA18a0c9bed4d0919594196950f5228cd7b9092b35b
SHA2569060fc4052bdbd0cee2930dcf8280a303e2efa75aac9d7a4f2fc2c32c3d59461
SHA512cea8c8135cee0a9d57c9a5b8df7b34689566a3aa11f818a8a4212a5f797766a35108308ae2592be79d73de78aa00543640796a80d867b12194193270cc522cc6
-
Filesize
152B
MD534d22039bc7833a3a27231b8eb834f70
SHA179c4290a2894b0e973d3c4b297fad74ef45607bb
SHA256402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6
SHA512c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7
-
Filesize
152B
MD5046d49efac191159051a8b2dea884f79
SHA1d0cf8dc3bc6a23bf2395940cefcaad1565234a3a
SHA25600dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7
SHA51246961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ea16e3e-568b-4983-b3fb-9aff2640adca.tmp
Filesize4KB
MD5e564524433f431d1505db62ec549121b
SHA11ab034015ba57234ddce4839df6af2ddbbba2ea3
SHA256ee818231c087572cdd63f8cc60ed7671a37ae1aa7a4977e454520058611f6a91
SHA512d6582160b3d7dfbd94fa5275ec592ea600b5b1f6e2fe3bd759e07861f1038a90d4e4b82e604612c9a313ce0dfa96a7862d877f2a121a156e227d50782e23ff5d
-
Filesize
86KB
MD53f0ee90044790a34bddae90437105ce4
SHA148840ed9ec62342966b95d48cb209f460829defe
SHA256b6009659920315de9133b093221289f848c3775bd92ca85e0feb38c8f2983a46
SHA5126fd856db8f3848fa22af133365e75a8ee08b2c466d44f2231d3809fa8478862b8d628dc7df7740efd0146de7be231a9bcff353352096834e54b66ef07c13d0a2
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
Filesize
20KB
MD50f3de113dc536643a187f641efae47f4
SHA1729e48891d13fb7581697f5fee8175f60519615e
SHA2569bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA5128332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f
-
Filesize
576KB
MD54f1df8f06c6930d2cb2bbc86652847f2
SHA11126dc94a5a89ef056444eecc944d92d2299cc77
SHA256e25e72992189558118a6cc44e8063b5369eb0a2d9c4f3fbdd67c04dcc56b7ec4
SHA512ab4b6381befce657dc5d3df7924d929d70f4c8cb4dadc831c1bc73e09576a3b90cb78586902ac6ae697f06c34b84199e60d05a67cf46ed89c938a9a836f45230
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD57cb5d60b5c0148637dbaf75f41853762
SHA10cadb1576b9bcc94d05fec0a7ff9178620cbbbd8
SHA2562adabee4387b12dac3051bad9a6e5850037674cad64683e62a7e1ca639af6499
SHA5126ee846bf848274063fcd7d7a5e69b1a4747ffa2ea98c746f623a0b23fcb940c41904bbf1ac4cdeafdb7bbb4b83e61b2e4ecaae0fca5f00cc4f40778e32b3d50e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5e5fc078634065b4de61fd69a47148d5b
SHA104e1f0389d8526320c19694b7db9e3deb3e1399a
SHA2563d3d0040a1e1f43ff6518de08763277a74c73c6374598d993812f113cfc7f107
SHA5128dd6e8cb9d43abaae9ee28bf8864c49ef7790e948c66cd131bcdbbc230756a2a8b8abcfa0d0c15f888d86bec3a5c20cbb60b1510de8c505b49ae9939d2678113
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize8KB
MD519840b089a165c2898443e20acb47152
SHA15666fbfe4be23db3e4ea33b867068d30f50eb5d1
SHA256a30cc963497ae8602f3cab161cb56bba6c8899caa7f984364e96f87a7f50b997
SHA51247f0a4abcce17d06f3d9d3cc2b190c58c7802a32d702579e737b0870f9dd2e14bb6725b1056665270cadcc82936dfad3052b08319c48d235a38cba29b26735d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5a31333724af633aba881e75b2a9be41f
SHA1ec59ea1d6526eceb0289437a8bbfcbde8c6631cc
SHA2564b0cdf9c3b7b542d68a93989d97652c7ae9078edaf362876ce562556cde4d0cd
SHA5121de4d1f14af71f50dea4fa82647493773a53745d6b6de1b034c639b9806224f77e26b1360cfda193eaf9678b55a6db9f0222233ea826a229f3697d220827db09
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD537a185e5ee4d18a9427c038de9ab5f7d
SHA127fe27db91238ad375e695090c37e390ebb7b5b4
SHA256326e99745f91ac3c31af9cf7e4523390caa377064939b8d1422773cf2dcabb10
SHA512bb348030419cef9d7c4f60d1f54f6c8f142125e369729c6c6e4cb0baba73f782a6bad5bf4fc8a24c616c98b9c3bea84df9f1ba5ff663c12c15dfcca27262472a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5fa74286c172403caaa9754fda32db650
SHA100c4d0a2e323d6f6c628d7cf12921b0983aec1a2
SHA256df7831465f980d46d5ff6d9f911a9d953bb0956f803c9a9ef7bc8d99925d0332
SHA512e04e86f42317e5324a3206932ad06c42e196b771b168413620355514cdae38e3201ab5150ce384cd9a296ebc17d21b3e490d21dd660184843071717db48f420d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize743B
MD58ff88853a6f7bf3da7c1f4c68149e664
SHA1a5abbdcc969a967573a5cd857f4ce52e510fed8f
SHA25614edff480c10c7afd66dccd7718b807c58b91ba2fcd6f716039d8911f7ecb250
SHA512e20d24301a3ffbf04cc0bee3b604cdebde130f90f4aef806971dc6772f8fb54fba29997d896cd5670f680172722a47477c6f43a99e9c13eb9c5f2d0d0265ed85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e4535.TMP
Filesize609B
MD5612718295f4703e38a5595ab895405d2
SHA19a027f93da76255728e8508b1e95d463f2929388
SHA256c8bd15f3df027cdb60006399f1c34d0501b630c061109eba1ec9a92976349ae6
SHA512027dff6b72dc22398fd3d3c6024a56a64879346bbfe9e6bcb4cf7c249cffc047545b3707dbc57f7e83476ced6ed987c67ab2ef84f6aa126ed663454b24e790a0
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD5e994b663fdb6cdd900948f50e53efdd3
SHA136baa36ef71ec8a26e5776c0325f285d898e3ca9
SHA2561b855d51124748c6acfbaead9d39052d5947eafd93814d4e548e07a9312460c0
SHA5120c7fd804c3c828807511674c3594b41aeff03d4621715ac67b56dd95c0d1e878a8027dddeeed1dd525accd5047d3b2c5d3abf3960cdd355ed7d17e67673a01d4
-
Filesize
2KB
MD547d77ea372b2408ebac58e919e74cdef
SHA13342b6b476461add5646886d663563b89816c9b8
SHA256b9a528dfe7cb7e92d83fa0e17fb1f2b04564cd6a4bb576122dc5da811bf80d86
SHA5124a13679806c71cf6bd5626b582082dd5f45621bd7cc16faf083d10aeeab135d5bc0c333863416a11b23174338756f6e1b2b6ac709982b3eba1d9953ca2149c1b
-
Filesize
8KB
MD5d4e4cb2ad4f0cfdc4b7f63bd2de57f76
SHA1922364e206c940680ea79054f52ed6de73180985
SHA256a5ac7889fe252fe1ad8998794e4b273f4e900c87e9b9c55d00944ba68fcc02d5
SHA512fdfd9647455b5ca8d8638a6c393f0fbc429500d5f6d4b4812094a97acd94367c0895b2b935d41e232f6bcd3525c7d4cd86ed459541c04924354c2ce0a20f654c
-
Filesize
8KB
MD543ecb729bbbdd61cf374883ba0693d76
SHA1bca0e79a13dad8b36c8936c2f7370992daabfcfc
SHA256b0050adcb72c0bdd4e3f35663380ce86aa4a48793c247aa2f972d67e07c97090
SHA5120a4ae4aaeeff5e21aa88f19af3215220fd9afeb926af7cd48dbbff7a387c42fb02f53de451a98be03ada927b33dbb0a81cecbc53bdc0c655daa8b3013b46cdff
-
Filesize
6KB
MD51922f6943f3c42b13d34acb1d8d0abea
SHA1febfec4353da537a10f8989e350349c3491c2ace
SHA2567396fad302c9cbaac6f2fca5297647a399b3ee874bce4516c70535ca4ceca936
SHA5127626da5374b1baa29620012297d8a7fa1283e636c7b58f46314550d37a96e12e5e29b753bc2cbd6e34c712e58a3f8f24de26e41870c9765c51f0d36085cfc69e
-
Filesize
6KB
MD54ea2674692d91548e0c4015a0380fff4
SHA1556910b853ee71e625ee1f6bc8a8798b2b5a69b3
SHA2562adddb1c0d05d5b951d6ce42e7cb025cfaedb2d99f2ccfc8a1e7b3050157c4e0
SHA512aa1ef9d561f4e3e08063d36e40203d1c34dec111a524fd5936f9a9731bc6ecdbee39b5fb6458af5fb8d1e639ce6e01ace20ab46d9ad78d11b0789f7e7fab1fbb
-
Filesize
6KB
MD5954b1719b47a814b01889d2e6604a84d
SHA1fdae2532077b45577b225580e3118fa6c7f90b78
SHA256415e4f87bdd89b635883a208e178b71a3e22ae6d55a9b2272349ecf3c5cccd77
SHA512849c86360d93ad8f0168b36b78a0f977c29a9e7e5491ca8b4fc595e8d29616c00240cbf37faac2132498c4e75ebfef7dd6dfea9155f2e457ed351476751e5ea7
-
Filesize
6KB
MD56e54c5e30d402774ea380e022ca46798
SHA1896211fbde80e3bf0cee3b6189dd3043b3672283
SHA256c9d2139d29a8b265da687eb7b6b5175fde213bee2f46d4bd40fd666f2bbf0942
SHA5129cb500581dcbd199223c2457ef799f0fb997270a76c69be36f5f351a5b0291649593a6d816d4c086d99faf498435376ec564126725e7592ced766f0894b6d2cf
-
Filesize
5KB
MD5bfe55a8a7129c7e0763b88b7420f7281
SHA12adaccdd0fe4626f64206184288e91d6c50b3786
SHA256f1db18877e0e797b3df2c36d02b790210f86ffc986ad40b7af34ef97324ecb5a
SHA51215e2d59f184ea65b2dbed021fb0a6c22a1ae8d37e726d0cad8f686b4d125c6579ee7bcd8852aa493f847947d372ae649950c0208e993a6a186ee61d3dcf7ccd9
-
Filesize
6KB
MD543543ba4a4ffe15c2b38ae7111e416fb
SHA1af9fcefcf8fa9dac18676671bef439fcd3f05fe1
SHA25649bd1282688c0dc8f653664e41f1f18c764b2735210b56cb0edaffb5c7f417c0
SHA51286d7ffd78de1188d2033b6facbcce26dc841180bc951cbd7ba39971900d07cd4b28a7fd85b8482af1a1c7e356c22e4dc1b72b777e37e317cca0aa27ad0edbff4
-
Filesize
6KB
MD52787ab0ca5cc1fbbb148028c739492bd
SHA13204c1878e51a314b65e9322bf9de041236ab340
SHA256bea234e25ff988a600512ac63396da1d479bbe6e9518e91f881701a563a2e2e5
SHA512ccbf9eb3e81562124c046f273cfe1a01a0bc8dccf8f3612dc76d708f4c8bdab6b9ae3b18f8f69fedd5ff3b3c37b55a0a4057afec1783cd9a7dde2591366191da
-
Filesize
5KB
MD56168d16ef3a9ee5c2917116a17b0ca9c
SHA115b9413315286680e0b9cbad7124d54d45ce2e90
SHA25616707380aa9e43af4465a06f49f108b7c101816f5068b5bd4dace6f0e2f43cc5
SHA51253186715fa8cfe7eb6e47743b599b952bf956e6e090dc4e3c3e5f3610b3655f5eaea836d0c2b38e38e7148be493d6d6f26563bdcd61ef99f61fd4065451ec9c3
-
Filesize
6KB
MD5e2e9e53e59e1de7862a60b81698a1063
SHA1e18f7e11604d8fc79b1dbd3aa69c684a8a635972
SHA2566c25c39239e7073e8a2a384255317f772e87575a49963b9d02ff8cc6e687f7ee
SHA5124afa82d7767fd139a0a94a9f8200a6be9653eea53c89fe2262d3b4b92a0e1a0c5253cdd9ee84ac473476c5c4957e62895494af700a7187fc068c29569fe48bcf
-
Filesize
6KB
MD50ba121646e909a6109fed4f2cf13cd1c
SHA192a3def3b73776a74c10aecc2fe04f15580a8eea
SHA256fafb5d412b0d4e0844d6a515b39eed82dbc1ae1d4f06416b05e708318d5aa9c4
SHA512851b781231b47d4f85a40e57f5237bac4a6fa26ab32d2c2e5cb1edf071e3d1d8deea0a07764a264ff47c069b8691b79a20e39870fe6cf1c57ce15f3719e5ea19
-
Filesize
6KB
MD5d602e72b06d66cfac938f2cd027c4ef7
SHA1cbf59b391d117cafaa520823ce523161737be313
SHA25654fc6ded89cf420b77d8e4f1fded7176f15b96bb368ce251ac55a7f56c517186
SHA5122f26d621c9554ca27fbdab8c62477bb77c12c297f470be7eb0506d8b55d064519a2113185036d2390245549988ff18508fd81a45ea0dad0ae16c279f8c3c53a2
-
Filesize
7KB
MD5dbda2fec2c1901e80081c5951d651805
SHA1eee73397a7936038221cbaee2973a903d0a48d06
SHA256235761ac8df3c3c7307cd2ae50bd165cc2406272d31b466fd8df53fe3cdbf06e
SHA512047c4dc930f75fca528c941135fdea9922fa464f46f96c198d60a6453d79901acc819952cbc2e8518ed50ddc6811d23cceb45261251e69e105d8e10de307b4ca
-
Filesize
6KB
MD53d4f139b2e69636e32019e07cc3aca75
SHA1a8a33a6a3375bb9e45d6f439a5da28f6777b9744
SHA25617ce853576cfca5a3fb2c4742f14ebf2b948e2df623319832b36c06302fdc11e
SHA512cfb36e4cde7f0b70593c88ee8a0d7a606baf547e67ff1659c4ca06243519cd74e3b239e29d641726a1bff8b28c4ff812810ed3e847a536e69a1fae2a0c5e91e0
-
Filesize
7KB
MD5475e3f078edd199e297385df69e4c97e
SHA158472a1804ccb2f69adca0610e420d513d3c1522
SHA256678bd5ead5f89ef3fabd1dc8e6430660aa1b8f5c450bc3bf320179cbc4b4c71d
SHA51255a709e00a884dfd29bc81c38c420f03022d33a9a2f74ab1f5a37445edaf54f2afe24da4992aa9d579eba4bc99fbe5a5a66b43d3dc5e293e227d643b38f99ce3
-
Filesize
6KB
MD5d15a10694e970323737bdbeedea233c2
SHA13b13ccebfcc5d3d720594786a66c27405cb2679e
SHA256eab0cdb2c54491792eb5b6f86b09be4e01ec95cdd7dc9ec0cfd791d8efc92ffc
SHA512deb4739615e9c3181b2e527589685c1d11f576f41588f81f17a6f3dc6c65cfb820cd36a65ebb9cd3bc93edd7a9c448af00357cc0587cbd7c93fe674577616424
-
Filesize
6KB
MD58d731fcfa45a76d1eb9836ac93ac3f71
SHA1abc110d557a166cafc37bf195bf060a7b7db1412
SHA25644d982435331fc99cf5c9a7c8fa71a7f2846a1e4dc7e25b56e2921d57834962e
SHA512bb1cf57627fffadab876cf92a4738a0ed1cbbe4f7ee7637d36f37a3417d4d0d14d3f794b5441be407387651be340986bf75c3ea29892a8334b7bb456119c0ff6
-
Filesize
7KB
MD511ac6d6b3aaa063fc54653fad9678adb
SHA123750d71580c0ba895ba57532a2a521f65686d48
SHA2561170e84d3acf772dcb43d0278c141413d628b27fd16d114060a5093ad0a08f96
SHA51202e26caaf2737f31ba01f3951203b177437f60f51eb3ac696f67b4af5c988cfbc756636004fe9255e5b02028e2dce409ef472c915d0fa843dda58817a5932976
-
Filesize
7KB
MD5bb99679c5c8af0ae197f5c3f16f9a66d
SHA1658ad380c0a5c44b04a9b37754f67a5ab98afa32
SHA2567a4720ca42199fe8da097ad873af912667e590529c6f7e1a7f24683c85a43f80
SHA51279b2f345f737fa5bdade85277acebdbc4e9a366edcb8fdcf17de0d71c84c6d8279d48258f4632b30352c7fb6241eaf6f2e8997fdfc863a1ab56697285c62a2b8
-
Filesize
1KB
MD543aae9b991d17bd8696e61e84a4d2a62
SHA1a45c183c0c3d41c1b713975adc07187bf82c1e6b
SHA2569e8d2da76186221c21ff5f61a194fac0f1eb5af69c7df201e93fe51784c8ffdf
SHA512b22b2fe71629f0764d83596d712be5640358b3bf2d922983d0c096d5334eff964483630b3bda62aa67e23305444393a78ea3f98102a23f4bdbaa379d7f4cea91
-
Filesize
1KB
MD59005c1b516de3f9a47a003936aef853e
SHA17b62e1a416f435234143bdbe2e881d4f154af259
SHA256296450852fb3ca08913a2295d06513c31bf3867d84a509a1106ff4e22ee87cd0
SHA5122712439821a87d75c25c0d1ebc4d785860a40999970ff6cd97fcc7fafa79c56daf0d9a37f0f467d635077f717fb6a0a656a603c4f34318e682d0cec5c3187ba5
-
Filesize
1KB
MD520ffe618f17b3eee180b92e227dbdf15
SHA1d58b6f7ffc22f08b0d27dce72b8e786d9afe7ed4
SHA256a9a5ad9cf104a1dff7f43153fa3647cbd27a57a4963a04d69988f4bc905ba673
SHA512d5ea4cc7fcbd30f4e109d36725943ace7572b4d91fe430b3540be813ef9ec0ce0b029bd1a76385048e113faab6c222a87e2957b8965e9faab01585f17f6a08aa
-
Filesize
1KB
MD598393ec7c79ec8fcb5603dda3d5e5368
SHA16c9e91ada60f7b942fb51bea69c7cfed3b5218f3
SHA256c486ab961a2130e726b03072931bdec1f1e1de4f7d388151b4a0e03c4a73336b
SHA5125b713d1283753e1a03e1dd5bc2a3f57b6d711b3c94df99a4581bb045b2310c4f1f917084892e80d00f4c5ed069c5d6cb9182ead96aeca3163391022be0127f45
-
Filesize
3KB
MD5b6d2a192d84ff0bc896e6b1609a0e477
SHA12eb0b3c28b4fcc08059d155e702a2ace8d638ca5
SHA256c3f65cd70adaf3cd038087a6297e1d49f3180132f8acb8126f12dbbf0bf4141e
SHA512f1bebec18dd0c39cc9ba14ad4e84538ed8e255d660c7a1a56496dd12acff50d103330bfb88cb4f3658384875215a263b7e1ca57aa0211b2acd18a9b1967ce64e
-
Filesize
4KB
MD561385f3c60b73cc2734461958565e46a
SHA1f5187109009f362b582a616099fcc26789062a0c
SHA256efe0a090c4d009c500691db9ea9c625a86aab9c3ca7d3491a334dcff35274966
SHA51276ae73e308ed10d93e6a30451674b835fecd75a5cc005f81cd80c3799b636623bf9421dbd979a6277a9b5b792ad6372ab28edcabb14245a392604da7f7ad04eb
-
Filesize
4KB
MD5991968764eaee3d88879f6f6bd26f1df
SHA1ac59d9f995913b97d858634ce47ae9cf53192b5b
SHA256a8860a844b214b1c1b1a08874e549cfe1152f69740b48436e48a96c7fa44adac
SHA5128405ee7c853f4007989fde0257a674ebc526efd36a1a0a4c26eb8b5a650bcdc84056795a08a7c9b1bfdbf7702a5eb42c79810e39481d6d426ed0998f049e40c1
-
Filesize
4KB
MD5189a819bf3b3371a0378a507f1097112
SHA17009168f8f1ae469a9733947150fc3926b1ade72
SHA2568020a1548bac8f427cd18281c08b2d388668234c8cdfaaf167181006ec7754e9
SHA51263fe9837c5c583241e813ecf473822a47ec3be7135df8efdd7ceaa4d916e7485c85531a9d828307beb36957498ccb4c90630fd972824f7bb4b1b3be3b25e0fbf
-
Filesize
4KB
MD57737715c6704f3b06ec7d1f0541ae57f
SHA1717f67e25263502451fe53cc8a3cf19ea3607e24
SHA256b342faf35fd07b5bf9ddb7de8dbdaa1621e2b780d7f6a79310e9ca761fd925c7
SHA5125f86f0b7203b5fdeeb4b2fdfca492268a3fa2ebde2a77aa8d6b2d14f3eec9c300773f50d65ac8db50c3d87c41b6206cdf3f91c74a13f88bf46c760c983981fc3
-
Filesize
4KB
MD5d829f83a7bce438c47e463c9a9fdcb05
SHA1750bfce046854fb3ce195225d4115eb19188f608
SHA256f9e196d206b498873d6bbde7d7b90cecbaeb5b5a6e131f31ecef818d5f53f99f
SHA512726236c72af8bc439f61f66603ff1f7d11549d458932d503cb405102a6c9baa5735f36282590dce3603fe0c2c773ca252ee20559620b3535ba287b087d46f9b2
-
Filesize
4KB
MD5f155162dab895efab85181b8dd180463
SHA1fb9e204a3099f8b2ae8b311a7a843f55d9f3b473
SHA256e790a6c1460b8a7f3a15f1f0be0d7682472d92004e60d6f593ee12bdeb88aa9d
SHA512de244f4d7427a8ca4445cc4f68d6938508b302d8f01578f045b49deb139203c158304c84a1f62116520456546315c87edb01b5b35174735d9284aea28b17621e
-
Filesize
4KB
MD558c6606236172ac5c3e989450e457222
SHA101529b30896cdeeef3f5622a4d5779f178027721
SHA2565c0bbae73acf38fa3ac256b55d89470ef7621cdd13d36ae165edabb62c37ac32
SHA512a51bbc052f95b3933e0ee582ae1b11e18255dbef7b524f90d73f9d9262e599a7a3ec66f87629c2208cb0841c0f815c190ed795a3bde8d1c23991c8582320966b
-
Filesize
4KB
MD58e542ad1e7e33577a6fdfc3cae1b26bb
SHA1174b0291ed0317d77d77b2a78683eecefd58f079
SHA256483adf77d8de602e437ad15ef52e98576d6100e98e7d26508a99da2fba4ed29f
SHA512049b9fc67350e36b3015fa604b4e90a292ba82ca486dd292f7bcf652dac978734de2c53943cb685cf01117d92a37c983a1c4af1f1e49c884978ab06c20073b44
-
Filesize
4KB
MD5d8c6695b05ac98a4c2bf44029ebc9545
SHA1960757677e1c7bfc5cd813f42223bc1a359fba49
SHA25668317460fb72842ec6fb79128d2c055905acc00aa729bf6c638877db570f11a4
SHA512250bd4d0090b84a611490a5ed292bf86a4a39294273625895864ae29814a298aaa9d20ba3c6861fd28b2d46b8849bf3b974a17193376621aed52d6d37ddac9c0
-
Filesize
4KB
MD581896e2d5fdeec290d2143385026d018
SHA1b733905eb1e73319ecddfb63f51897b8e61ef638
SHA256e42f5b02341f540034dbdf8965c128dad09a0f0d2f6153a4059f2d4a570a7e72
SHA512d5d3a4757263b7d3410b1fd5c587f1f19ab0cb66ddf893d5ec936815ccecd85c54282afd27afd0eb74ae6723667639d669ceacd86b5f2502f95dcf80b99ba59c
-
Filesize
5KB
MD570c4be310a87cef228b3a350474b539f
SHA1b695985f8ea5dc1ca586c564af892364e02de42a
SHA2569e2fde6a28c4396bc5adcd9322179f9ecc1365d8120c24ceac834b752e90df71
SHA51264ac9003e7b7842cca7bea0c6ae1d394a3ab78e6071b1533831008a8227feb9d31c3d8292e70e2c23c97c0034acbcbed10c3af5535f22e595540a2683c345987
-
Filesize
5KB
MD5a3303538d99f1d77ebd3e79e014c946d
SHA1015c1d0f981ad8717462a5a3420074b989f5b672
SHA2566a9a83bb504ccbd7f7dbe4f41f21f62802327df8ee5cba9996dbf6703de79403
SHA512cee0f950641b92553ae901be2480dc4185e7ce462332a59fc839c721e37c43cf05112eb96e15c399103bffcb14f36c4e8a729098609b519773e97ae9673f3ca7
-
Filesize
6KB
MD52d7c17fb3a6867c32ec173e01cf52c65
SHA1b71b60042701574d9587abf0b15acf5359dbfa84
SHA25682ebc4f35bef044d5617b9b323509112d5949c841c7d43d7319c508266c62f43
SHA512a3c25150a50f9ed537c3ac726222edb11d9d7a78a5e3cbbd75b84c5721fe3a5c77fb55b35842f7002784ab8d1101e708f7ced5daac7199c991756cd66b973d56
-
Filesize
6KB
MD50124b3bb2520a95fd0615af6872f8708
SHA1b2c0daf2be4fce26be19ad74f7379059efb8910c
SHA2561c2b0fa0d7cb9b14c0c987cf6f193f0e7a58b1a9d9f878bcee28e09fecece95f
SHA5125eb7935e491ebc193129b8f0031b5bb9fc991896227d5bfd49d91b697970e15b4475c9b9042648a822ee52a60ea9d1cc2c69b6f1c9f0724b7e833b110c07da0c
-
Filesize
6KB
MD50a8423e5f7048e62c9e7dd712a59b74e
SHA18d6598c52c83ed119296e8f66195a9c525b53069
SHA2562f3059c3cb7e0aef7056a2d64eed91dbaf91e38a6e375d28adfd773e6de69032
SHA512b0651f14670d927508fb0e0f9eaded752e7bc796eed9c3d73e12fcef54b71518d750dd7e65f2886b9ae388249d785aafc5d10efbd13d085352163c9c6b840d81
-
Filesize
6KB
MD5cc1ace0b3e19cde5d6354b2726dcadbd
SHA13ee4915ae7bf89989328ef261e19eec7af38984d
SHA2569583007f4ed5d1dd480727a77defdebb557551abd1bb94749cefe739d437a639
SHA512c525a503d9f159c2ef98797cf95d54e22b2ca41e8c59febcb9830d063455675ce3f52158b1fe5d83359882f537f26ca124518bd476a90467f0b30c7a609e05ba
-
Filesize
6KB
MD57de3cf5d0139f70a486c9ba3e1b937d2
SHA1b6139d04573fb37fb9e8fea31052afdff4ee7ccf
SHA25668c138ef1f4a38d8c59f240f5a447dc560ed5a73244f10ec95104656385fe447
SHA5120218ecf105f18189174cdde38a294997c0768179f28f398a8163b0e1c55efc6d8bcb23e78fbadd13a0b9d112cef79388c62a45388e87a9851b43cae86b9173aa
-
Filesize
6KB
MD53fac4265c1bb92a61b31950b0bb466d9
SHA11ff47e32f34f2d75d2795591d5528db630c53beb
SHA256b45f51a3b3e48d39fe617c6d07d5f9774c148a9144e4025ddf7ddaec9d5c719b
SHA5120468a2fb938622be62e53ec51dfb345aa1f8dfa7e5f4057eabac02c86f1e4e8eaa0f09558f98997df69c9394707e893514546b97ec27e1abd29f2e87e6d8eb2e
-
Filesize
1KB
MD515f3d70d0b16beaa0658f0a8688f9146
SHA14b54fa7820b4a39b3789c1956f8ee947a964420b
SHA256d1b2db92d705fd69fc2c40bc46961499dfee866691fdd97c2a6e1485f21419f1
SHA51247374bc2ea6ad68412f59f4c178345ab199d543f192ff6f4c0c3abe1771c0494ea81b829279dd60bee6987eb613b741fd7563de66b92f016f7f3cc8b0a368af1
-
Filesize
4KB
MD59720482714d195b8ee096a799a6e8326
SHA1f0d4be5a7a41b3bbf522ada19753dc866dbda78d
SHA256afa8e39246c66e27eaa047a9ed51ae9396125bd1dde9a1e1edb78c1c21487f53
SHA512b33abaf189ba27370294f3937f0801009be1934e748688252012c1c26468619ca7e63e9e890845cb9c7f521891ed001ff64cd3974af7fa33e2fc776255eb3528
-
Filesize
4KB
MD5bbde10f6fdab54a3f6bc81ced6b2b4b0
SHA1596090828ab9f374500cd631678740d72e99b48a
SHA256212f57fc0fd433b2f8bbe69440622d2bb3a472a7928619c90da7c7de493c59af
SHA5121c5ddecb27f1e940c28b3fafae35717ad123c60275f9774881838708f7688a24b6f92e0ae74142492285a496f785a3243ead7bff70d8be040688a2506f12700c
-
Filesize
4KB
MD5b93e74d56950fda3028768f8e23f1153
SHA1031ab9a0021e6aeb27f9317ed31a20f1ff093ebd
SHA25665986dc7d3feb2a0ea4b950fff05f5a47f50b10229bfca421b20f92679689cf9
SHA512236f06617b9320c9ee795ff4006f7c6f1312a8430cf27c333da0639c431a4a59601da81cdf0ffbb36845d7dd24889723373c40b972165bcebb97fa9753db9968
-
Filesize
4KB
MD522987d7a8e3c2708037f995eab7ce51e
SHA1920c43cb6a9ddb164b19f8b9c809e9ea77f50fca
SHA256bcc4ecbff85533e544298bef4804131ebbdb80520d5094f9ebe1a2a8ffe29705
SHA512c37c031b286967e6a7b09941888c9a6a1fda57c3f79e9966df488edf9b0886577452f8a69eff7a912bff8f4a971d28a33ce8c43737971057ee1c3cbc62dd9796
-
Filesize
4KB
MD51eae1251ef68fc23d57e45fb7b0c7cb6
SHA16efb35e9a6b3677540c73b1742ab99986e08b4c8
SHA2565ed3c6a3c00a559003af99e0519bf2962be68a3fe958a448d28af3072b5212c7
SHA5122b7e22774a82f8103230fb08884eed244b9769d5d4ff1ce06fc50210d4732cb9f96feef1869cbaab032d24c3b22d1fdd51db4fd135661c7765fce3ccd2b89e2f
-
Filesize
4KB
MD53b86e69f89df1beed7c3f01180fc7d2e
SHA16a1860d9a89b0044f7ee0062d9213fc9b24a2a8b
SHA2562d1aad6fd9407322eb12640530a6f59f7f0b607e2742ff78ca4c9dab57ec4858
SHA5121d942b5478e45292d548e4ed48acb8fd76a206068e4fd48747e630da29e3a13f33b736587aa02d10025f5e17c4910d478da145c5c801e1887be0c9aa21d834de
-
Filesize
5KB
MD5cbd7263e8b1f442cc55b770ca328aea0
SHA16af88f2ce3cd1c691bbb28d8f010d0f4c9a0969d
SHA256fe816ae5d4729748d46e0353d98aae8735e5ba21c5cdafb1451715867f50d7f6
SHA512970067eec22e13982a0a722edf38885b2ba5d353cebc89dd2e5711fd1d759dbbb2091b3770692103a6df1ffb8458d5e8e737413b188a0c87bec0fea19c34ead4
-
Filesize
6KB
MD52e957add88ddf18c90c214fe15e8b22e
SHA170356567c51e8f3636546faef82d84fb6d972c2a
SHA2561774705e7b523e52ac2cf92c65e5adb36b84f99474ddc75561a1498c8e7dcea5
SHA5129ede673d22a508472838e05e8b17b547f24fd13888585b4189d5edfa02a0ce4fa9d3edc913a326b71176074cf95ea47954be07271d79949b6a854c8d064182ac
-
Filesize
6KB
MD56f71a6a8f8e65a0e1d5878b41cd47721
SHA1097b9d6238017cdbf9231ac0db9b9a23976b82b4
SHA256ccbcb966d69115e219816733e58689609fa7ba2a24ee7c1581223d38435ed962
SHA512f02237095bb2b8dd2a8bde86e3310513e3a742baf9b317a105eb0c45812f00dd2307fe425410993a7b3304541dc9329ca5e057957a1273d9f4637f1e8bc991d0
-
Filesize
6KB
MD549671b4d333aba424130cd9283a75f4c
SHA1b2160eb07d9c7e9d01387cb6712ba51f0609c232
SHA256b2e702f30e88428f592c644e71236d3d1fa45008c9bf7353b6b63721510e0101
SHA512d93e83cd00fc58ecc9f858706de29dc0db5a48809adb3702d71e313f78874a5e9df2aeca0063c1519c8b34231124100a4d7cad80750ee29374566b2845197200
-
Filesize
6KB
MD5bc31f45c1ec7d63f395fea68739c1b35
SHA1e80588fd8ade967063a7dd1379c96cc8a2eef70c
SHA2568e78b088d1ba12cc1465c76a04121c4585fbfeed7afa744df3982a22c7643f87
SHA512ad9f42f46989cf063d85c0869ee28bcf0601ada0aae4349c3af417dcdffb0a3bc4b543e83e987716578de0010ed5b4bd682bf6793f06dc356a2d412a3489ed7d
-
Filesize
6KB
MD5c459bed2696fb26bf70e2b9202392279
SHA1304e2472aef7c7edb39f4b9b8e1d7d2561752a9f
SHA256132a934f986599a1c3ab420029f5fa9c0beeeadf261a5e0f6208fffe45c5f856
SHA512cb65b2b1ddbff972fce3c06ed3cfc2cf54ccfe30e02a574975157fbbb2f544ae77a1e379f8a5eeee067071f778aeea01a28778bfad7f110c2a7f933cf8fa6ad8
-
Filesize
6KB
MD5d88db8d535cafc94d868fbca751b9a67
SHA126c6d159d2a5d0e2ad6e9d2869a5aaf53615f500
SHA256124f265c8e49be71f4b7029b72cb03f0c31199b76785322ef6e49b9686b0ff78
SHA512f560e7508e164b224d550dfa7ef8c7ffe0c93314e3b64acde9ceca5c08ffad95d0260007bb69f231be8ee4a598fe668b9ae636406757893586315bca21a389b9
-
Filesize
6KB
MD5e71cea02a6594e8068ab0efd775a42c0
SHA1dc7395bc21c11775009ade9551dbc8f9f4ed9ab2
SHA2566cb6f6c2de2a9aec04fbb4aec8f7c4589d1a99f21b41065356ba53037b6855d2
SHA512657416bdfcc5f051b866dd67f5427a940f3914ed026596d2548709ff64430ddcf5e705d3c3702889a7eb6cec7de9577bc56c8f45264b3be8a635958a40d3aa0a
-
Filesize
6KB
MD57178cbb1347c43175239e84d20aa0da7
SHA192acd6d05be033d3b1280545fa16c5fad88c53ae
SHA2562d195a4991b99f51892485adf0308f893aa2bf6a9a4de2e07f28e0256dc8144b
SHA512e7c023910b6b446b031536b0e77ac8abce82974effca87a390cb5e1b1969a412b262acd599c055f5b245ae32a44dc064e36b793ea5f91ed9b75994bd6d97c6d5
-
Filesize
6KB
MD53ee02a8b7bf38f46cbc7eb6f7dce487b
SHA19dc3ae7093990af3651e02ad0dcdeeb4e25fa6e6
SHA256f99ddbd77f1c127e9bed4b4de801396327e3187c6ee3de3cf054f6901f3f713f
SHA51222a84d99a660b37475c2de32e349db5c73fe7417d0b3cf2b88396b3810b8f73b790d6176636eb16a1d518d2765120cc135b97cae1527f3971d40eee6a57e1529
-
Filesize
6KB
MD5eac1e14de4c93c9c2ccaece62e0e18f8
SHA19fbc3bc8569124da4cbb986f540b5410637c98d4
SHA2561d8655f725bf3ec4af925594decce828aa8d0cbd0a123f101d626af86673074a
SHA5128db307ac192f45d3786b06e8a07d8bdd75d05618af14f2ba6c87b5030506143764e102c1ba8fb8e8053bc43e0559dce4486e7561b28101e937b1baf2b95b58d1
-
Filesize
6KB
MD5f6fb449bf98bfff7d0338c5ebc7fa301
SHA1476aca1aff37e8cc57ddaaf3e638e409333f14ea
SHA256e537773eaf2dd6a5d9fbc65da7b7eefa69efdeff5e565ef8c7ce82a16092a072
SHA512de41d2fc2ae7ec6af640c6d5827928faa058da3ea75d5bd86e99a1d7026178d56c09a91a1adafee2a7cbd2f3cdaaee252c5dff6e9ca40e700e6ac26bd5061ccd
-
Filesize
6KB
MD5504acbbf93d5bf7a1ce07588ef621084
SHA1af0dd749e254d7db3f73c9f98dc12fe4ebfa7ef2
SHA256e35b818c4d4c7b35198fb5d0481cab32da760e2835570ea7016cf25fb5581edb
SHA512cf6955dd9250146506e98dea29a6653ba9808acbe75e16f782be64d7b0d31c2a469f4036c2726c041cf55687b7bdf479485421ddeb0f271e9b3dc626ac945150
-
Filesize
6KB
MD51dda86de6e06f17d8c46ace3ec227046
SHA143e6cdc91b89144461875b0e875511faa9e97702
SHA2569f28f3fdf18d984c45f3ac79f95e253cdaa37f0468395a39d2bdbcb06bc7fa2f
SHA51239cce3f59706075a3dfd335c29816cc0d2cc70559ea63aef0ef8f7f42cfa12472b0cfce90b9b0d462a42384c374112c5c175c345e4f6beaff33fc14f7e1d2eff
-
Filesize
6KB
MD558596b4f2e6a3cd2eb34ee0dff5d4b20
SHA11b7f3df533a3ec07b8e7c615d457a8d35537bd6f
SHA256327adb216625354e329f90bfad07c8794900c710ee9fa11a4de11c48231bb6fd
SHA5128bf0f349603b26e664651181a96411d0ecc2b8b83ca751faa9f52096bf6082c228c4f94053e302e8f1857760b0a9c847dcae6a97624ebed024276daa68dd92ee
-
Filesize
4KB
MD550360878b79516306b82ebde70e6c40c
SHA114a6991399e2ea7596a5cbea3c0cf29b31eaf7a1
SHA25699fe9cf289a4d2673e1de1a105292fb727163d917f8123e8a5877a2d3ebd46c2
SHA5129788a2a8a59a12532eb8b69296faa953fde6e7258cd9a97a030993f7f22a71f7d3a43faaa46e14ab2b97ada736581fea29f97072512eb0ce9522e7223d9affdf
-
Filesize
4KB
MD58159cc8c48596e7ded80aca863c3e87d
SHA135788bded16f5d2d784b350a0885cfe14007c570
SHA2563017cce6071572b9f340b298da4a7a3e23a8e88638b6ce24eb7a63ef43ad2c98
SHA51239ea5e3a38c846f31f887d7321ab66e45d9bc4ecf0049de33e0ab45f44a6a1b8b9c238f4d342b73bed8f8102ca091ad30b83a90082630b825d42a58131f6098d
-
Filesize
6KB
MD564abdc72cc81d20412a1cd733c9393c9
SHA126d659059703febee303a3c71e8361dfcef87e01
SHA256f800b7e65b4f15bcf4cb0eeade608488544918d1c6c6aa0dde3e8cea8e79bad0
SHA5128184d2eda98111e8054ff0c889957176daebbfda513d06637829cd16c1adf7db36c1121bbaf113c13a28ad615529a984409c06da3e2cfc98f12d692d5d34a6d3
-
Filesize
6KB
MD5d0dfdf59a5d1a9d20d41811710cb20ce
SHA1b6014516d7faeadafd74ed5157e9fa53731879f8
SHA2569e148031edde32de8a78bd1539dd88b0418aa323f9efe3cce359ec93533e4d61
SHA512a26b225ce48772b819f0354a0039f67c3e336e2e5e170429b2c3ad5664ac055fa330d554aabe09c3f92181b0cb70f0f0c3e738a603f78764a7ef84adc1bf29f8
-
Filesize
6KB
MD5f55ff1efff0fc929fe41e34dc5b3301b
SHA13245a8c047ce7024da7551d5f8c4b19b07aac3cf
SHA25617ab4a2f59b0e4cdc4911864d33be5ce0f12eac8c3a254994bb0520735aede45
SHA5124b8dfd0ed61c8826d3124485e189d1025348e0b5e3d3282d65cdcd8fb8a5e568ae1ce837d158a3e7fe86d3cfa023c600aab5a9c612bbab54a51b9e8905468c39
-
Filesize
6KB
MD5a350f9af9230a03de19953bfdf7b1bea
SHA117917e4bce2cf236bade4fb3d9ed62778487666f
SHA256164707dbb63115466ecde678372130175ea4026437780d801f9ff4031cea4d7b
SHA512731bacd26d378f5d5a6b099a51b4add74811a835562fa8db4a5c26eca7b7a02c38515301441a704f9db6b27e26d29606422d936e248f537d0337464031a91bda
-
Filesize
6KB
MD5473113ba88dd853eec8a650676f76c26
SHA10d68891f846488c953a6223c84fad04a027993c3
SHA256ade2393086788e9d68be8992286815b33f926f432c03a3dda9ac5ae6d63d7ae5
SHA512ffdfa8eaf9e29d855e9f85974e3f9439e9d0d4d8e2455da8ded78d11ee8bdf11090db40f9eccca45bce7343861b3341c67df2faed0a907229b2ad6c93c7e311f
-
Filesize
6KB
MD52a16ac0f0e6ab51396e13f01bd91f455
SHA11baec771191f8faafb13d0c2f44f1aaacd2e4749
SHA256dbdfae3e017f077fc9c1016b42d67be95adc7e50b052b055f216549d2a0184fd
SHA5124d889e6fe4f0afea00891c1d842ac3c7cac1e03b64470c1b7bc6cc5377d278988d3b6fb94128cd7dbb0841d6e04a4e18f8c05ac9ad4e1d34a1e370ac9b505ef0
-
Filesize
6KB
MD57d271d6b8c9f2fd5c8870152d7144475
SHA1dc7de0243e8beea5e47a4c75a334c2ea33370576
SHA256d4f63853bf03c6dac931d5d6238d7abfcf47d229cdfd190f0ae0537f0ba7b714
SHA512e3a2b1bc5d344791e0f23fb7802a32843cefa32f2d4ead16b43ce289c2499aecdd2fcd00fa33fc319455721152e91433f6891f5430c6672527177acb5a5b3229
-
Filesize
6KB
MD559d668abf3ef0914c8c5bb53d3df8b1d
SHA12fcb84b825365b3b6f73600949b5f744f0851f25
SHA2563c7a52b33ec243caad3726e1c153f0ec708d223b5be0250a89d38425c1085a33
SHA5128aae74fccf72bc4aa3ca41ce08730876891c925e6d40986add87ef8d7c4278207b1ddf095e964339814dd19dae3fd23847ea9f11116076275b7dc388b3bad2ed
-
Filesize
6KB
MD51d05a9c3bb89772e5d16ff07081eee89
SHA14af54ffd664b54fef098ced6b04734983e38540d
SHA256a7b0cd154b4d858bffcce8843aea11b9b090a2d392f12310c139285318d3fabd
SHA51218ad14ffc29cb502bc2b1b6a0eb8c9510a904ede1868c4ba397ed2752c302fd280fa5eda24a5daed22cdcc9328a22e929b68b88ade0d66732ac5cda393ba4032
-
Filesize
6KB
MD56eb147792d3b9c39f54382c6bc5753bd
SHA1287bc00ec4f0e85fde6124e8113ec051fa0f67ba
SHA2567000e5469837812dfc094bd1b514cdfdb652ea46d098599e6dbd14d9a6838bcf
SHA51282e10988986599de58ef8d63ee459dc71a056e95d158ddbd1ca91012a7a519e33731386e7cd4d1601ed76419564e8ac79c2f1a3119c0b82cb08dee1e917627fe
-
Filesize
6KB
MD5cc5f8355541cc6e2f9acd0880633564c
SHA18af68706388bc59037135bcd24d45f90326e9030
SHA2566e47cb87e235ade55668b64a322464df68dac1db427383ac9cf1971b31f487c6
SHA5126b1fb260727dc00a88d527f6d7423337d4580f1c0dc7e698ad81b8a3aec43a2e29b4ef3fe9b621ea67ec0374be40ccbb0a32b7d18a630b3fb5f96b740a3398c3
-
Filesize
6KB
MD585d50ff3cf28fa8636e3483b142d4e69
SHA12245d4ebc148f2840d9b303657dc1f10c7106b1d
SHA2569bdf259e52cf1ca2ba9c1d0bd8eb48821778a7c9484e7d67d6b098239df8b8f9
SHA51220794b37f337db538bb3e0f5c8df9fe09b8a86feffed45fe0b734d946ebc2de6d0dfbbe1ec3af9cc0898f3f1f1a3f932a164bf6cacc35da2e9ff3ed1cd46c5ce
-
Filesize
4KB
MD57a65b2e43f9492f38f56e0a6d53365ea
SHA102ede477afb8bbb0a1814ea1e4bc418a5de2e699
SHA256dc55eea3810f3fd4e8ee95d364d18c08f895cb0a569aa0b4c35128a259e6e6f2
SHA5120f13fe928ef8344d71bad88f69925d38286cc9460db50f5e2216b28b98d9fbacaaffa0ef7915bc0195a40c29ccf64e7e9d8b06935b8ea6918d5aefedffdcdd58
-
Filesize
6KB
MD533a2975366b4ae2b52f2b0b067ddda37
SHA1bf1dd85c0cdc8bbe6120043cd4880c871810162b
SHA256a1f8841450ec7eece887ad8b25de26ae3f33191651aede86f594af1ca6b137b9
SHA5125846f7c9df201b96ad28bcf753fb9fdc4a98cacd3da62f116c0ded1905594f7c7833f20e27b75bb0bae1480951e22f71dd1917910494c16cb64d9fbc293620b9
-
Filesize
6KB
MD520f7fe98385111bd837082e8a861adfd
SHA1f555e4ba6bf478622d473cb67f83111b5bf8ccd3
SHA25647856883ce0f5754ef6b3c7403bfaa52afccc21a245d669bcdad5b799d79c0bb
SHA512aec7ddb382fea9578cd4ce33a86d2afab7a3dede394a5d4eda4ecdc3e34a975dacc14af2c76484b6fc9f3c6a8f1f45e6e7ae26be131c8a3d9b9323a7dad9acd3
-
Filesize
6KB
MD5a52c6f529ccef1d6e7b5a0881499ea78
SHA16c65001178007b394f84dfff41d9baab9e95c055
SHA256c36776a4d0bb788ac85f349c010a7abe6fab3a102a1c1c44b7a16dd7f530e01e
SHA512013569c0b611b99e33de949a9b89e27579a884af7a9dabda2db0714c59d5ed04ced770545888d95bf7d77008ade8a38dabe52f5c8babf7aa472e15b750f9e93b
-
Filesize
6KB
MD5f8554aa746d5d0590d061d74c5afd671
SHA1006fe7ea0da9735a3cd1077bb15eb0e963b074b7
SHA2564fbabfa64552444db45a54ffe4b15a2974ab4cf4753574cb893e660a05a34a2c
SHA5122ab86f89ac26fb12dc7c62f9911519c75b195c4edf6ad59fb707b1c7f6cc2b9d9b478e5b11597485a70e7ff9d49ac814bc4446fa4be3f59ff2010efe8c72814c
-
Filesize
6KB
MD5c09711380736e63627c6c70ae0f1360c
SHA176e7f76d652f43f3a4d9689da4c8dfa44d3a16c6
SHA2563004f5180e80acf5beb6fd5121e0570172f47bd2d825c814809b2423a35936cf
SHA512bb7b3f750320d74c605435744aa3a358271f7a7fb82a002dbc78d1facb98c3df67a450f25eb4ba66b05942042b395766c75f68930b87412037e02ffc3b5fc1c7
-
Filesize
6KB
MD5c0769fec9b8da169d7b289a0ab2e2ef5
SHA1052bbb72f020cc3174b0e9ab69086934dd532dd3
SHA256296f4f68ab17e8aba6c6ff339d4c382d770e5d6bc4795c0618a2fedaa6fd50b5
SHA5124581fd55b0e8bbe99b09318c72169154f4fbe12d7e8ec7014ffcc752bdf5ba7c4f6d193941cef92d09f443960523fb650c0763dac7457c8ef9c141a89f779ed3
-
Filesize
6KB
MD51a4409a45eae07788e388facab51ca88
SHA1fe258ccb27ccc4b094ec0fe3ce721d32e9a10e93
SHA256d477691d15a81a2e26399323c4bf589d0faebcca4ebc15965970611455eb28b7
SHA51207427be6662f73dc13509b0e123ea966435017fa4d20fb0708e39ea42ae8caa5d538ad4b11d919badf95afc3bb01427474053b385621033f6ee7e568807ebf73
-
Filesize
6KB
MD5203971242d0a782978b4f353db453566
SHA108e3b1a77b7f94a6ab055ea8e33133722fcf882c
SHA256305630fa1aee1e598490907ade9af5b2e6cf7124a29b79bf47e19ca532dc3ea9
SHA512a40060d03e78aee0b6b6cf1218ffb0b08f8774ce50b79207c551ec3664d34dc28e66c12f8722a6ecdb14ca541f6e79223a3afe9a7f591f456cb562cc5aae823b
-
Filesize
6KB
MD5084f8aff8bc6162a21c66eac06200a6d
SHA103111b066f1706cdb154a5ae18361fddeb7f5910
SHA25665b365690bbf8437ce4e0179a50c6a0bae5e306353c30fedd2477ceccba03302
SHA5121de07dcd564d29c8bf4a0fe3926981454c22722f74e1a65970701ce60cf36b03cfc98c899bf3a5879a04c6ec5d9196833a26a67c05b8710fb30c9c1f7ebe7e74
-
Filesize
6KB
MD5f28d309bea4400afde835e59197fb404
SHA189a1c450712221e9afea46a63dc408c0bbe40123
SHA256f5de0319a67f8107e6341cd49a77a7658a82d018a5bc90d837681dc827c4e970
SHA51258ab97cbb0727a7e82f80f498fad11ada8bfaf39789ae5f68fb774491b5f1b9eead1613d82a9159c0b96a33c94ecdd019f7ae6434f1006b9a943a3efe9c726f3
-
Filesize
6KB
MD5c100630262d9583a7bc55b0d40e11e89
SHA12350bcb8a6ed82ea72f67f721f727a87ba6b9b97
SHA256e07e16b15fdf644e5818fc78d9ed19252ef1c51b0c8ab7de47dac9479ded5f01
SHA51200c4e0014b8bae914c75771b290ed40a91b803efe4e8b024cc243183494e8ade44e477ab16f9782dd70feebcdcd2843542682f7bfc87a813e1fe64c240a531bd
-
Filesize
6KB
MD56bbb4ce3ea0cb9323c84fe0837a0e37d
SHA1c6a745fa24f1d7634b48e272b52c92e816a72a9c
SHA2569eb2e0e36b93e3e9c8b00fa9e06ec60b68a88a63cd95aad8ac34cf738d999540
SHA512669ff76d7bf2f87f58f576717fd918d20f6392c9585cc323dd7169dd7b0757b0d90180c749eb8f0570072ebb9940c00edba7bce29346aaf044f07366c4de4fcf
-
Filesize
6KB
MD501722e0a7b7891f4b0c4a299cb169eda
SHA1fac61550f11100147c48e4ff8c030ad5faa70e84
SHA256f0190a0945c36c127a91ea188f0e6e3f3422f8d095be064e9c6be4416d5fe02f
SHA512bf698216383c3deba5b4a0726ea2753139bece31a7ef9b60b95e50d859b856eeb1be717c4175a0c3572386939536b30c9203ba9a24c15abee720c695bd04d68c
-
Filesize
6KB
MD5b2ce095277d00790b4480b301a18fc6e
SHA1285fc1b72b5d20a9cdd995ddf4d2ad81a83ed13f
SHA256360e24c716913322832719bd7c4aad084aa29739496156a10616bf40963e1bf4
SHA51293db458bb86e07e5a242bd66215993d5800148da110843927595632dd810b6d5097864c617a41e24f4b822e9d3b21260d5398b0f62b60a5278e35b50ed719222
-
Filesize
6KB
MD58bc3d8bd1e50efc4beb82d51262b05fa
SHA1ae9cf3b6a27bff19e4b0529abadef572f3e7e812
SHA25603b433c3e5bdd59c4130ebac7e558dc68b43d99c018c9c6cc6f28974281f7637
SHA512f7b1b8f589eea9b79c7f5cd3e655a8386af96611dd174ed01bacf1b658bdd233dcb63a528f446e5e700532286148242025c7f0cc7cdf552dbe9f7096eb59a37e
-
Filesize
6KB
MD50819e8cd1b72830ef63383ea60209e2e
SHA141521485bffb2b908a11cb43e57544c33033cf67
SHA256f7de35ae79f83e815bd88bdbdb2362ba5433488315faa2003dae5150ee37eac9
SHA5120134a32885f8ced1ba21ecd81ce6de9729150c3532a8ffc45ebe8e088d45834b60a3955b68aa2e446419bdbbcbd5d8bc40fa1d817f77d14d009940ae48f81fa9
-
Filesize
6KB
MD5c047c8a19420b622e160c6a2ed3bf01b
SHA1f7b42e8270ca8e0d77aa65b2c595602360271fbc
SHA256e798088cfd5a7dc9d00e402e9183bc73af9fd9957f8cfd6be8411a244c3c9efa
SHA5121b35691cb720082b55cceaec564d124c7d604789ab7fc389027b23575c55eebfe73f73678fde2187f6d1e24307f9a65c3ddd357420e85baaffa87de228f19ad3
-
Filesize
6KB
MD52269a1f00b022ab36538f3de9eb0b5e1
SHA1f33cceb11be6e1e5fec06f40ab94f52c35a368cc
SHA2566b40aa901b66a242d68b82ac10dd27e019cc73a0565fa8c22bb94c0786564342
SHA512d118f405bc4d231b48a79e6ffc34f18a342c7558f9fd5da826fc0c8977617fc7f178269a10120d2df1d9af6ebfb5bb82b0063535e2b5d0e6b065fd97825edf6d
-
Filesize
6KB
MD585f884ebeafc9d8817f1760be70e747c
SHA1be454811c44e5eeb6da85203f55d07e23fb5b09b
SHA256143e3ba94c1874cc92aab4e33510683b13d1150cb41ef1946fb53eefbcafff75
SHA512e7c538a0ac4a77b6e714865a24e408abc06c37d7cd5d3d81757a622f5b785820ac671e463d472a46da096aa4c271203d73106a302cb81d86174ffa47abb4a03b
-
Filesize
6KB
MD50eae3a9681ddea846e3a9f7bb8f231f1
SHA1330c400baadfc75dbcccf8456fe07fe670b0fedb
SHA256a3de933f39d84775dd4a4e4fb4a184c1ac7b1b87ccfbd0a2c2d1c549c90531e8
SHA51277340cd4505e9eb1434d97d797cba271f0071ba27cff04cb0dc8ae7ca8d5e449f83636b1e865a83e17fe6b7aebab38ca28194570482c7176f20d4fd2859bd0d1
-
Filesize
6KB
MD57531b48167f6353d5d8c4895d7d02d19
SHA1ac311e3ae69aba30cf1eb457acf63ac517b185ff
SHA2560b92dfbc4736f77bfddd378104ad946816894b67f45c28cbe18e23c2d79509ed
SHA512b1b69111526986456f8e8d20bff4cdcc0b39dc04bde9a7531856381147d1f92176f74af67181892b1dc4c1e80482979458dd937ac6c5b7e3a03b2dc7bccc56c4
-
Filesize
6KB
MD5f9b534cbbab32b338e7b216367afc6f6
SHA1a3acd9c70c8e75b198261520223d1df5528cca72
SHA25679ece04653b0a57aab2599ab88be352a7dad6051b7b321653393a4efbc3ad907
SHA51281caaaf1d67564e7d79fad540e2a3bd98c09e2121d4e7168cbf24874be6c7a72f2b17d3c91017a34fc776e551288964ec8a5bc324cb312eb04a4bc70efbd50f7
-
Filesize
4KB
MD52709e8efd47400502978d1bedc9d3c9c
SHA1c18bc09634919e0c38a935fb9575e749a151de20
SHA2562804969a1d8ebbfa8795e4c35967f6d017c3416a5fac1d7637684b304a5fe163
SHA512cd3e0062a99b8985fa7fd8401f99a8e8f52e03a4f32ee79160afcd2afca6c81d5b919866e642f299c6743a2b563eedc271654d190106da41a1317e098a96804c
-
Filesize
6KB
MD524233ecdb56588ef95c5b0e79d9bc074
SHA1e716deb6915de084cecbfb6e49f03aa3c1bf51e6
SHA256c06a09ef68a90c38ee5792abc439ff428f1789f22c2495f602215304430db794
SHA512b5f6c297d53c01aa55e5b76de2ea1222ecc92b673274219339a61a7b1d4aad9568c45bec68cfeef4c4631f8c52301cb2d759c5706600e2f6cd48424d47bd4f3a
-
Filesize
6KB
MD5f4357f76c2dbfe4d0f3aa14bafa40507
SHA115012113b884f2089c0154d5313798bf181ef349
SHA2568e6c0e696100b46a8c7c11a51e9862d8aa480552515449af5f34400afda68c71
SHA5122f6cb5419feed2b046da8262b73da2e73f5358a5b50e87e84c92acc3f1b65d82ddd55d57452e62c7e5ef918df523842a84590c2d70af68164b11136ad0d7a26b
-
Filesize
6KB
MD57f7b05ad18dc1f3201c8f2b42aba3e92
SHA1f551fd25f6de390e761d5541491ce294f59988db
SHA256719fa78b1af38923a3b5b5440a79b64d64eb07c95e0ab1fd1f61dd8039957f21
SHA512caf1be235755535ff4d1e80726417e20551ba1602a5b198f6c1aa0d9ef3bbbeb08a4383ef87340f174efddd21e49a4aa8e11198683256afd28f5343a385841e1
-
Filesize
6KB
MD50e2c8d08d241bccf9f0ed116fcdc925e
SHA10080a21bbb6132171bf7c5563e47fecb881162e8
SHA2562b81b41b2ccab87e14c77e04649c930b93d364f221904f4934d8625f969ed943
SHA512c1b8ab725a4a113223b5107ac8d06363235df85438e948355398298864a745820f276f82846603617cd728e908b1b3763b72f3760e8107abefa6dc3a7e922fbe
-
Filesize
6KB
MD5589cdc4f20cdc238c20b2528d417c6be
SHA1213111999b5b043d9c3ca5f2ef3db2d306ab77eb
SHA256091c97685c03b4d7a4a3264e53c640ec279fdb0c93338405bc9d5285a0f3b72e
SHA51265824edf12856f6a52637baecfe639362cb18ba22c0e51dd947ec71c0e6a66b8012ab582b137b4c99b6c16022049824b01ddf360d5307e03be7b153724ca4402
-
Filesize
6KB
MD58d2ae7fa9332721d374daef55a6cbcf3
SHA147d40e7362d61827b89c19da5d2dbc02a2740946
SHA25641ef2bca1c4e507b5371f664f6ae56e4f1b4789abef12b0fb9554ec3285e7fe8
SHA51277e2e9717b312e8b7af197b0920e65165a8adcf2df703e757525a84fc36ad4eef2380671ae3289c16c6cb09e06e9cb0442eb2ffd655c6855d8e3a1b325fb0f2c
-
Filesize
6KB
MD5103cf7b0213f77684b7848ede282eac6
SHA1733b06129181ecb8b1156b9ef2c72dbbfbeaff34
SHA256649e1f1f5a111d12661d2ba3b0ca414fbfa46138112678e1d0340c2919d13576
SHA5126879f393c2fdbc6ae17c5c34c745481eebafb7f28a9365078c74ba3d790f03354074b3b2ccfdf3b85459ab42dd167f37f4ab19ead6c9f6ff72dc76514c65e2e9
-
Filesize
6KB
MD5a0ca0aefe4e03612dc289eb297997aef
SHA1f762c849c00737985b2cd42b9f466b8844dff817
SHA256578ee2293fcbf7954c9ec69fa8a19f0d52d80e25087468681cb83e3f7cb62f16
SHA512dfaf26e697b5f550667dc1f0d2ba4fb504d89d4fd6c581b9be18c7f898d79bfbcbd3377baf7e8e3d966440cdf93bd327df970765e4e655cf54b3cbae84f8f64a
-
Filesize
6KB
MD5b70bf22b2fbc3a5cb804bf39daed151b
SHA1443867cee898b7ab162d679c1d549ce9da0b4d03
SHA256b6a3aad68a1a3300ce9bab1d4c506b2b7666b987be61a81add7695114f650fad
SHA5128f16e9408a1e82cf2e793e4f9102d5b413e05dfa936afd2cae40c85bc15665f3d2aeed00cec09ff879c3eb68cd9aaa35656c4678f795d58644700ea43376a938
-
Filesize
1KB
MD5da75ad12bd5b3f95cb1399775596962d
SHA1b3b497fb007f7f5a474661b9e83c11b0286fb3cd
SHA256b21055dfbc9421034cc3092a5deb26d3fb5f3e57a7691a55aeef17715c6c84fa
SHA51231565f80a1c555c569e2f6b0ab05cfbca673695db4076e550279a1c48c0ffd7f56074d89946bde36a8ad8d4cf276b1d61a845e66d0a64ff584f373d5e3eef93e
-
Filesize
11KB
MD54d410cb50b384912fcb6df7e817f740c
SHA1f0477e4148fd7209193d4a96242a4c9364d9d523
SHA256a235934a841956240f88e5c9018553311782ee96220d42d8cd6c3ff82a48a60e
SHA512e5c2604065733f68e716ac867dff205b7c131cbca2069ebee1c9afd3b99585365309475750064e41eb5aa711fe453dbbbdaf703ab67cff0378ffdc2f450e7db1
-
Filesize
12KB
MD576c3e3f5b189d66dcecdcf911dc456ed
SHA1f310fd992eb8e8df899db99cbaa0a69338fad640
SHA256c8d50a147975ffeebbb94f3dc26216654560d99ebfcca362da835179e84eb513
SHA512fc41197e0cd58e2cb533ada8a998561cd5399d04d73664db2adc02fb5b9368630bfb70de83238e65a59c72ce4b12e3afe004ea4cee3a963ab326d4c50706b9da
-
Filesize
12KB
MD5560186fe0fb6a7dcc1e288f3d7a3716b
SHA11d55a40db68c0274b57131386accb88eed9feb9f
SHA25608371907d08404033c7fa0dbdac35713589beada7412874b8a3768d9978c0412
SHA512a64e0964641c47be513ee4082b487c5e738ac01be5b297008a3ac16f75e18450ac2af031460d5a7ed949df21876811b76c2e7e706f0acb09ec25027e0db9ee30
-
Filesize
12KB
MD55915da7189d9fc106eebc0c9e97cf7c0
SHA1b325025c103de924a042f7dc90cfcc1ddfc67c20
SHA256e33ae84b4ccd65a569b6875707c278a8714eaead7bd53aad45521a642facb451
SHA512f68cda05f203051ad0e9e35018ba1d4c4c8a2e19011ec326eae8eb834bfb2e157743b388c459e089117f33fab4aee35518a67e0e01fe76722ac84ef4982c24df
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD56e2dd918b2c22ec9d38424b34577d88b
SHA1ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9
SHA256037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f
SHA512fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca
-
Filesize
5.7MB
MD5938199ca646378b696716037afc964ba
SHA12d865bfeccf3badef2f64e5d6453e6ab71d5f5a7
SHA2562acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e
SHA5121a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322
-
Filesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
Filesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
Filesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
Filesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
Filesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
Filesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
Filesize
20KB
MD508d9ac1e35385587b0c3c8a73ea97234
SHA1d1db15b5e97152be999339d90630f68ed06a6b78
SHA256016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741
SHA5128061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6
-
Filesize
5KB
MD58706d861294e09a1f2f7e63d19e5fcb7
SHA1fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23
SHA256fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
SHA5121f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f
-
Filesize
171KB
MD5233217455a3ef3604bf4942024b94f98
SHA195cd3ce46f4ca65708ec25d59dddbfa3fc44e143
SHA2562ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
SHA5126f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455
-
Filesize
2.0MB
MD59399a8eaa741d04b0ae6566a5ebb8106
SHA15646a9d35b773d784ad914417ed861c5cba45e31
SHA25693d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
SHA512d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
-
Filesize
31KB
MD574dd2381ddbb5af80ce28aefed3068fc
SHA10996dc91842ab20387e08a46f3807a3f77958902
SHA256fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
SHA5128841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e
-
Filesize
27KB
MD58a3086f6c6298f986bda09080dd003b1
SHA18c7d41c586bfa015fb5cc50a2fdc547711b57c3c
SHA2560512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
SHA5129e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
Filesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
4.3MB
MD548521b6f8acefe8cd61b4ffc80b1d28d
SHA1f553cca3439424585eefe2ecebeaeaa6b447950d
SHA25669415bde05f368f24b38418244c6038c405cc0d3ff52d87a089e37c0100bc922
SHA5124b7e87140370e5f0134da35734e18d7f8f60265241cbf7050c202474da8bd98505923113bcf51951d7e73ce79bddf14c8f1b6e4a9296cca140b7b326d2c90415
-
Filesize
85KB
MD5f8f4522d11178a26e97e2046f249dfa7
SHA18b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA2563c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA51252ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize152B
MD5f428ea0697dc6d9ab2a83e929592977d
SHA12f5973e08fed9e18c097e71d9f3c49116ca2d509
SHA256fe70a92a0da043c5977f253ccf6fdf136f8b5855301dbc047f1a733bcaf0b0e3
SHA512e2388f9cd7ccc4139436cd9981381abb483b4355e9c7e11a27fc63114553931cbf54686e246148318a7ca9c696c4a0825c0d1477c66772a11ad88ab749ae8997
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize152B
MD58cfbf97d1bf196b222ac0e5d80cf8b57
SHA1d1c292f3e8041ee55a1ff02f62084b7b8854727b
SHA256e14525e179f57105444bd54f9d50879a1768e26c03235d44927ef6b40c3421f6
SHA512a2afa14df4decfe9a9ff1a3b5f96ae7699ccec395a075c23a311050ee6d7d5e7eb91e0a4f63c9223a590dd821b2716e9c006633f520fb173ecc870eefd2153bb
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize152B
MD52e4d97d3771a8d8224fef5f8924e3679
SHA13024dbead32c6f093dab1b09ad7b01c07049beb0
SHA256cbc17c81525a9772bd25745cf195f05a3cdf8bd15045dcb0410cfc4855bda877
SHA5121efbd6dd27310753cbb0cb52c42e0a70f1dc4e84da13b75df84aa016aa1f2abeb09d6ebafef28140ea90b53f45586e752f6ccc9a3be0ff03afd884d397f13126
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State
Filesize935B
MD59939f561d05b3634e1b4044f407faea3
SHA195b7387dd9c554486b740552ab1ff83b2f4456dd
SHA2560e226d5ca982f0a53c818760af879f0546944feaf383625e919061afe9083963
SHA51243e3b7c263036647676736b2515fc781c342169eae871236d42220f66b9b998754f0f782bc1b8ca7ae5f88994b756efd644013d7a833c87586b272e4ebac8478
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58b7f1.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize3KB
MD543019b22a04f28ff036be875655e4d1f
SHA118b761646c1e80c4fc4a914b430d23cb2fb304db
SHA2566048dc932fbd7b9469f533c13f68d5fff52148ed221d7af71f04551d86166a74
SHA512f1948b8bd49174e539aa0a2c4d3c2c38e3214e170a9ef63f714a08041ecb0daccecc63766904ffca9aac183cd5aaad670b6c66f10acb90b10ff9e56b0c191a36
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize3KB
MD5220af775020bd37e46fa020aa623e7ab
SHA18e9b121503551e4eb83d31eea453de02b846dd99
SHA2560d6339f873bfa8873036b61c84757a71c6276dbc124ffad95809961d230a4bab
SHA512f92d8c47e06ae6bf7256aa00242e7f40e723b2f7e813182bef78f47e6f2ffb705a22070969ec9a408b6231d803f68c2caf13aa7dcea8c7167f3180bc9c1871fb
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize3KB
MD5fe946f325a17db98565be053772ad9ff
SHA1974e62831a1d8b1c2cfea6da6e4d31defab8054a
SHA256541d1b0a21a9a492d9b61786058bd67886c17d9f50d5c5632420c1dc3c0cc1b0
SHA5127c6d641c1d21e2c199b3b9a975277cc399ae258a51f4d493fb8a1ac41e2bb504a59ff613590ce3cfa6f331afb04a987e247403a776c8b880acc608a58ce0f201
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe580c8e.TMP
Filesize3KB
MD5a00da0a0d211e3a016f14b534bfbdc2f
SHA1be8c710f9f64897eca78dae81a425f6e8fb7480d
SHA25663541145fb21f57fe343c651fcd511d9db2b3b54f1667bd2c9eb86a658132e15
SHA512a6161db11de3564155b2d62998c44af84c85d22ae5218b1df3d99523ea4525982e50dbcd8b8edf794b69a9795cc37ba62b719ee11a19a82fc71b65ee9a96039d
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize8KB
MD59e8fac9ad7c2486b4b82e0b25efe1a00
SHA1c2b3ee9a2de24e13930f0f2b4079f2d7a9b8614e
SHA256a5809b7645ffec583eeebbd84bca080f4b200c8e04760ca313affd5aee16455c
SHA512dc0864999c30ddc8c7f93b60ce2308192061ee645f67ddab585ee9d63593f8b70307ac4dc2c39fa6824fbb70bcd89fdb53859d08ae7a3234cb4ee31bbd2c2317
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize9KB
MD5dd594c1598ae13dd188f5e1fd6f4038e
SHA1c282f5fcb864562e395e8343649db2ae83312107
SHA2565490dd6a72c6ff4e4e1e692329696731856ded7f40b91fe09f20853e15ca310d
SHA5128ed4324752711d12788ad57c31476b2d381dd004a57fd614f64685a005ae92c2a1a40e4dbe8c78a2d927fdba4675f526a86d834776758b81fc0d7e2bfdceba69
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize9KB
MD59941d2f2fa39a3b299b5a40adbdc832a
SHA1ba7299fc465dc53f3d03b3b6429a30ae93fd55ab
SHA2562ec1d186dff5e4c1529180b1df15841a8179b2b32dc7f88a3e8a1f31913ff484
SHA512c4f9c7251f465dc950b029a46177af97d3136793033eeb073d7f5ece356117e95496cb5482e3bd5d627f8cf816d770d740b65c19457eec60fda8682f677b2d5b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe57e772.TMP
Filesize8KB
MD5077bd779ee3b26b4c36f608e42b27195
SHA1e8d67355caf131706e0960ddaa107c98181ead36
SHA256c26a389ac8d7cd9e9b9d0f78ac177c798300944a2b0b56369052bdffae267f78
SHA5123dd9d16f1cdd776f489d6b9f252e4f358bf15d8719488bc6cd66e4ec3f07dfe0d5e22372eff8cc9b614bf9d7cb45e0f2f4720a842184731a332c31f4a0b88070
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Advertising
Filesize24KB
MD51cc67aa27d683e35f6e2d52e27794fed
SHA16061d27882d9afb4bb885ed3be65b0bd44341e4b
SHA2563c2451d0820eb623c7e95da72017071fce5c5091c168f1b18b3010e914ef84d5
SHA51234776fb3abd952aece898051293773ac220391e6b114445317c9b51757a858cded9596e84c32e3019b7d9d660dfa880456b5b6c0ee6e10a64fe3431340132deb
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Analytics
Filesize4KB
MD5da298eacf42b8fd3bf54b5030976159b
SHA1a976f4f5e2d81f80dc0e8a10595190f35e9d324b
SHA2563abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec
SHA5125bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\CompatExceptions
Filesize689B
MD5108de320dc5348d3b6af1f06a4374407
SHA190aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b
SHA2565b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53
SHA51270f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Content
Filesize6KB
MD5de67adf873370835f12a4962fa4b3a85
SHA199831e0a001b8604b5b431d09307273872d5f07e
SHA25676975bf9dc15a979cfbf917496c385767357e1ce7ff30ac94dcc901cbc74607b
SHA512f1ea69a38500afd96903d60f9bb2308ea1c368e28e970669467e8d7c637268774374dffe92fbe02a6d043ff0fb763913790ba617b5251cb46ee000423b591cc7
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Cryptomining
Filesize1KB
MD516779f9f388a6dbefdcaa33c25db08f6
SHA1d0bfd4788f04251f4f2ac42be198fb717e0046ae
SHA25675ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639
SHA512abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Entities
Filesize68KB
MD5571c13809cc4efaff6e0b650858b9744
SHA183e82a841f1565ad3c395cbc83cb5b0a1e83e132
SHA256ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b
SHA51293ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Fingerprinting
Filesize1KB
MD5b46196ad79c9ef6ddacc36b790350ca9
SHA13df9069231c232fe8571a4772eb832fbbe376c23
SHA256a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3
SHA51261d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Other
Filesize34B
MD5cd0395742b85e2b669eaec1d5f15b65b
SHA143c81d1c62fc7ff94f9364639c9a46a0747d122e
SHA2562b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707
SHA5124df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Social
Filesize355B
MD54c817c4cb035841975c6738aa05742d9
SHA11d89da38b339cd9a1aadfc824ed8667018817d4e
SHA2564358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6
SHA512fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Advertising
Filesize997B
MD5d81750ec7af7709a55e2d1c830d123e6
SHA1c2f118b9c96d8b793ea751ff17fe4e2b945bd8a5
SHA25628ca4a595aea39469c715d2a64d026cde5a5fba021d8471b7183fdd019df2081
SHA512a6b4c4c97fb47a158fe5eb2125cb42b7ea1d37df90c652ce31396a29b224f94834a4ea36d1ffc61bf6da4316e8fec5f139054be15466193cf6080621286effd9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Analytics
Filesize126B
MD5c4acde1c5f5561bdddbc9846e9f3d2f2
SHA1520973b512aa1a374e18518f85dc801b3fc1767e
SHA2569fa640bc46d85197048b78253c2745aca7c7d48d023d55269c11e9b8d66ea703
SHA512d938ae798f11b348bf2c57995fd3731c4ee24d03fb59fc2708bd15fdbdacae21ada1123e3ef08b328ed140366f590d4afc4799ba77a97cf7fe186f815d107a73
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Content
Filesize36B
MD57f077f40c2d1ce8e95faa8fdb23ed8b4
SHA12c329e3e20ea559974ddcaabc2c7c22de81e7ad2
SHA256bda08f8b53c121bbc03da1f5c870c016b06fa620a2c02375988555dd12889cdf
SHA512c1fb5d40491ae22a155a9bd115c32cbe9dbcba615545af2f1a252475f9d59844763cd7c177f08277d8ef59e873b7d885fda17f2a504d9ec2c181d0f793cb542b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Cryptomining
Filesize32B
MD54ec1eda0e8a06238ff5bf88569964d59
SHA1a2e78944fcac34d89385487ccbbfa4d8f078d612
SHA256696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5
SHA512c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Entities
Filesize16KB
MD5011dd90f861d72166efe3a81634e69aa
SHA17219b5188a6bc52f22864a8afec7906b3225b40f
SHA25646c606fa05ccd710c8212f816b3db43ed5a2102e2239ac508b6797a2d83d5c45
SHA5124d41d4a97fa741da3f7a9530f6e5d02010efe57f2c15d4d91130c06931b896fa116294fa441399f2d7eb16cde6a7d11ca7d5781db3e3e18f31704528abcedb5a
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Fingerprinting
Filesize172B
MD53852430540e0356d1ba68f31be011533
SHA1d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff
SHA256f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054
SHA5127a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Other
Filesize75B
MD5c6c7f3ee1e17acbff6ac22aa89b02e4e
SHA1bdbd0220e54b80b3d2ffbbddadc89bfbb8e64a8b
SHA256a2f9f27d6938a74979d34484bced535412969c2533dc694bfa667fe81d66d7d4
SHA51286ed28ffdd00b4a397a20968792fcd30dd4a891a187a7789c00c88b64689b334a11fa087eb54ccee813c181cf891b43184dde7af9a6f33caed2a71e2c445a7b4
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Social
Filesize3KB
MD5ae92ac226ba04a34a6e8f1140f04bbbf
SHA1db368322491478a19ca31244b2af1e3988d8645d
SHA25619031c7f1b4ef0c92222723114164ed772c7811205f646821ddc41e4901480a0
SHA5121b6b5144cd87d4e06fe240aedc6e46cd4019457903ec267be5b450690cb56c88430bd43bad086afe13c122d93e2b1aac50c129033a9a4197ec3e6ebdb161e038
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Staging
Filesize5KB
MD561dddcad6e2e3bd2b440facc1f56c7a7
SHA1be7750704fa3b007e20c7366e364b3194e4d5587
SHA25635a7a93fe66261463bdafeddc46bf9ddcc79f0ef81244066b9332f71da23aff6
SHA51240d87f54c00825ddd5cf96d5fc4760835520d008d884fb2d35c28a1397946e491a156423cf28bf29bdfa1cb669694833786ca273bba91176b8586ad092bd7927
-
Filesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
Filesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
5.3MB
MD5f8abc05327115c321307efaf662498bb
SHA14d848adb9b0a5b278f97f75fa125145dcbffd572
SHA256c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f
SHA512a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4
-
Filesize
280B
MD50d15dfd24214caf3caf3529b152582f1
SHA1acb5db4b2e01fe195be4e2abb719b81969ea5a13
SHA2563873dcd00813603530927f18ee295fe0688d07ae775ebf09f90a89e7ef697ea8
SHA5122593244d48f1bb70da1f21de21ff23d991232be42bbfee034d67708a7574754d2d6c97c9911b631ceac684d233ecba4a93c2a33ef093bc5641cb56bffab7a7d8
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e