Analysis

  • max time kernel
    1483s
  • max time network
    1486s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 02:17

General

  • Target

    SolaraB/Solara/SolaraBootstrapper.exe

  • Size

    13KB

  • MD5

    6557bd5240397f026e675afb78544a26

  • SHA1

    839e683bf68703d373b6eac246f19386bb181713

  • SHA256

    a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239

  • SHA512

    f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97

  • SSDEEP

    192:konexQO0FoAWyEfJkVIaqaLHmr/XKT0ifnTJ1jvVXctNjA:HnexHAWyEfJoIaqayzKAifd1LVEj

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Sets file execution options in registry 2 TTPs 4 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 43 IoCs
  • Loads dropped DLL 46 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • Themida packer 6 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
  • Checks system information in the registry 2 TTPs 24 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of UnmapMainImage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraB\Solara\SolaraBootstrapper.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
      "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3412
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3412.4680.10447675741757656070
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1692
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7fffe17b3cb8,0x7fffe17b3cc8,0x7fffe17b3cd8
          4⤵
            PID:4576
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
            4⤵
              PID:4900
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2224 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4532
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2472 /prefetch:8
              4⤵
                PID:1184
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
                4⤵
                  PID:5044
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4668 /prefetch:8
                  4⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1612
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4108 /prefetch:8
                  4⤵
                    PID:1392
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2672 /prefetch:8
                    4⤵
                      PID:2036
                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4152 /prefetch:2
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4940
                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4744 /prefetch:8
                      4⤵
                        PID:2172
                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4356 /prefetch:8
                        4⤵
                          PID:2500
                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,10414672620643438712,15851526384063247230,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4288 /prefetch:8
                          4⤵
                            PID:2720
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2608
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1520
                        • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                          "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                          1⤵
                          • Suspicious use of SetWindowsHookEx
                          PID:1872
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                          1⤵
                          • Enumerates system info in registry
                          • NTFS ADS
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:4948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffe17b3cb8,0x7fffe17b3cc8,0x7fffe17b3cd8
                            2⤵
                              PID:2112
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
                              2⤵
                                PID:1492
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1956
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
                                2⤵
                                  PID:5024
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                                  2⤵
                                    PID:2604
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                    2⤵
                                      PID:3792
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                                      2⤵
                                        PID:744
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                                        2⤵
                                          PID:3360
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4772
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                                          2⤵
                                            PID:2328
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4964
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                                            2⤵
                                              PID:1632
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                                              2⤵
                                                PID:3976
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                                                2⤵
                                                  PID:2572
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                                                  2⤵
                                                    PID:4412
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                                    2⤵
                                                      PID:2232
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                                                      2⤵
                                                        PID:3772
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6280 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4164
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6336 /prefetch:8
                                                        2⤵
                                                          PID:2944
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6320 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2644
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
                                                          2⤵
                                                            PID:1284
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
                                                            2⤵
                                                              PID:1056
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
                                                              2⤵
                                                                PID:4904
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6884 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1816
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                                                2⤵
                                                                  PID:568
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7264 /prefetch:8
                                                                  2⤵
                                                                    PID:4476
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
                                                                    2⤵
                                                                    • NTFS ADS
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5028
                                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Checks whether UAC is enabled
                                                                    • Drops file in Program Files directory
                                                                    • Enumerates system info in registry
                                                                    • Modifies Internet Explorer settings
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4856
                                                                    • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                      MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Drops file in Program Files directory
                                                                      PID:3096
                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU6267.tmp\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\Temp\EU6267.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                        4⤵
                                                                        • Sets file execution options in registry
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Checks system information in the registry
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:4060
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies registry class
                                                                          PID:2024
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies registry class
                                                                          PID:1240
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                            6⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Registers COM server for autorun
                                                                            • Modifies registry class
                                                                            PID:3716
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                            6⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Registers COM server for autorun
                                                                            • Modifies registry class
                                                                            PID:1188
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                            6⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Registers COM server for autorun
                                                                            • Modifies registry class
                                                                            PID:3024
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNEE3MjVGRC1DRjNBLTRFMUUtOTk3NS02Q0FFNEJEQUI1NDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTIzMzY1NzkyIiBpbnN0YWxsX3RpbWVfbXM9IjU1NiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Checks system information in the registry
                                                                          PID:2468
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{DD628A4B-38FC-46C5-A238-1AFADA1BC07C}" /silent
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          PID:3068
                                                                    • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                      "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                      3⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of UnmapMainImage
                                                                      PID:4092
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                                    2⤵
                                                                      PID:932
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
                                                                      2⤵
                                                                        PID:3424
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                                                                        2⤵
                                                                          PID:2996
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
                                                                          2⤵
                                                                            PID:3776
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
                                                                            2⤵
                                                                              PID:3556
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
                                                                              2⤵
                                                                                PID:4372
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
                                                                                2⤵
                                                                                  PID:2024
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2448
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6880 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4588
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                                                                      2⤵
                                                                                        PID:3144
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
                                                                                        2⤵
                                                                                          PID:1472
                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                          "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:pY1iZzaGvjuw4qL6SyfDU9SsE2Wj9XCLGR7gHLPoDvPx4nsz3gCVnV0hVjMEFd6anETQfgFLi0FT9xyC4FH-uQ50jFsQzVQB9xSM4WzTTvpr3Bv1meAmBy6jIs2FtBXh6fDyjrJV9tyCPqfEaMLd9Kg0VPZbhtHM6KSPtg4yFVskHPk_5mXF0cp6_91b679e9FK7m5Pk4BY2-1t5E16bY-6x8OVE2-RLhAkiMVF_WTo+launchtime:1716517562949+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4288ab4f-dd7f-4408-9ff3-bdf1ec407b57%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                          2⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          • Suspicious use of UnmapMainImage
                                                                                          PID:3548
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
                                                                                          2⤵
                                                                                          • NTFS ADS
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:4488
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4904
                                                                                          • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                            "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:nUkio55CknU9a6SXV8RnJHOWqbM1zIBVF-vvty7xYcEF2tGI8n3EUYrOBJR4T5l32U1WFx9XGe7WNi5xi9mC541o16WO6qAoVprNphBy8aigsrbUPJvZjRy4jVcXLoZvP77owJEawWIHrlWBIaO4SM--h_AumVuRk4ZJ3h5RBKFVP2l4msYtACTMHVZOSs4zh25GcJOMwmlSZYNnqp9_ne5KizZVRgB9d-q6Ewirw4o+launchtime:1716517562949+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4288ab4f-dd7f-4408-9ff3-bdf1ec407b57%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of UnmapMainImage
                                                                                            PID:4792
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                                                                                            2⤵
                                                                                              PID:4600
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,4409438511607496827,14062270768305218018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                                                              2⤵
                                                                                                PID:4476
                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:qAdTktdpMGOf4UqI2C-G3IRHYq1Xg7QYjc0er-ltRXzyVMhEgILtqq8cFIPkvxPNXNuvdgR2wYD0Yjbmkv5_dhKu8y0L-wytD92058ChWH_7IN0O5qm_BisQL_uGghN2KFXBhx1lUP8bX5szf0zwJrq9zzYEk8dZURQD7t-0wKoNRz8u1G7-CW2GtBWn_SMxYNmZX-NkUyUPchddI0y4ucgAvW3h2hluQoY0qkWrIZI+launchtime:1716518416835+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716517467068016%26placeId%3D17427651911%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5f12bc5f-bb52-47c1-a75c-ca4fb4035d22%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716517467068016+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of UnmapMainImage
                                                                                                PID:4776
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:3444
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:4064
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:3136
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:3736
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRjFGMEUzNi01QjE4LTRBMTItQjFERC0xQzEzNzVFRTYwQzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTI3MDI1OTE2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:1524
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3144
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                        3⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Drops file in Program Files directory
                                                                                                        • Drops file in Windows directory
                                                                                                        PID:3376
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{80A6DE88-9CD6-4941-8AE6-10AC03AE2F7E}\EDGEMITMP_420AF.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6c7c04b18,0x7ff6c7c04b24,0x7ff6c7c04b30
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Drops file in Windows directory
                                                                                                          PID:4772
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Drops file in Windows directory
                                                                                                          PID:1260
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7b92a4b18,0x7ff7b92a4b24,0x7ff7b92a4b30
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Drops file in Windows directory
                                                                                                            PID:1948
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ2MjhBNEItMzhGQy00NkM1LUEyMzgtMUFGQURBMUJDMDdDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4QjQyNzVBOS1GNDZFLTQzMkItQUZEQi1BMjkwOTE0QjI5OEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTA3MjE1NjkzODQwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU5ODk1OTAzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1NTk5NzU5NTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1MjQyMzExNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGJlMDU5ZDYtYThhYi00NWQ0LWExMDUtNTExNTA0NWNhOGQwP1AxPTE3MTcxMjI1MDImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bmIxZU5mVmtpOFlKTm50R0RGU1JJSSUyYlUzNjVtUmhFV083MHpXQ1I4OTRidWtVclF2VVNYUjQwbnVpJTJiSWJmbzd6NHdqdjBvUEJXY2dWdjJqcnlGTEZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNjQyMjg4IiB0b3RhbD0iMTczNjQyMjg4IiBkb3dubG9hZF90aW1lX21zPSIyNDMxMzYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1MjczNTQxMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMDY2ODQ0NDcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzUwMDgzNDIzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjIwODYiIGRvd25sb2FkX3RpbWVfbXM9IjI0OTI2OSIgZG93bmxvYWRlZD0iMTczNjQyMjg4IiB0b3RhbD0iMTczNjQyMjg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzM4NCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:992
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:4316
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:2000
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DC6B940A-AAB6-4B11-A28F-27A693E0F222}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DC6B940A-AAB6-4B11-A28F-27A693E0F222}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe" /update /sessionid "{5B49022D-D3FA-4C03-B216-519F129E80FC}"
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:4072
                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EUD19F.tmp\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Temp\EUD19F.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5B49022D-D3FA-4C03-B216-519F129E80FC}"
                                                                                                        3⤵
                                                                                                        • Sets file execution options in registry
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Checks system information in the registry
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:936
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:1904
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:4896
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:4588
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:1084
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:2036
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUI0OTAyMkQtRDNGQS00QzAzLUIyMTYtNTE5RjEyOUU4MEZDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QzcwQ0NGNEYtN0QwNy00MzcxLTk1NkYtMjM5ODRBOEI3RjhFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzciIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTY1MTc2OTciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NzQ3MDExMzQ2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Checks system information in the registry
                                                                                                          PID:2784
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUI0OTAyMkQtRDNGQS00QzAzLUIyMTYtNTE5RjEyOUU4MEZDfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyRjNGQjA5QS04RDBBLTQzM0QtOTQ2Qi1DRTBBQUIzQkI1QTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zNyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDQ3MDg4MzkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDQ3MTk3OTMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFkZjQyMDgzLTE3YTEtNDRiOS05NDVhLTQxNjg3MTE0NjhjMj9QMT0xNzE3MTIyODUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWQlMmI2T1hraVFJTW9RN1d5eDZMSEt4cGRERU50V0QyajVJV3JiaVB6N3VTR1RpNThpaVZXZ2pZRTRiNnZ1VjFTZGtoMzNlUGh6QXBmTXpIbWFSQ3dLaXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMWRmNDIwODMtMTdhMS00NGI5LTk0NWEtNDE2ODcxMTQ2OGMyP1AxPTE3MTcxMjI4NTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZCUyYjZPWGtpUUlNb1E3V3l4NkxIS3hwZERFTnRXRDJqNUlXcmJpUHo3dVNHVGk1OGlpVldnallFNGI2dnVWMVNka2gzM2VQaHpBcGZNekhtYVJDd0tpdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MjIwNzIiIHRvdGFsPSIxNjIyMDcyIiBkb3dubG9hZF90aW1lX21zPSI2NzYwMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyNDIwODAzMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDcyOTQ1MTk1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTEwNTM3MTk4MzUwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTA3MjE1NjkzODQwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InswQzE3ODg2My0wNUUwLTQzMUMtQkE5Qi00QzZCOTFGREJGOTR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:3968
                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                    1⤵
                                                                                                      PID:3444
                                                                                                    • C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe
                                                                                                      "C:\Users\Admin\Downloads\dnSpy-net-win32\dnSpy.exe"
                                                                                                      1⤵
                                                                                                      • Modifies registry class
                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:3712
                                                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                      1⤵
                                                                                                        PID:4708
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:5016
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Checks system information in the registry
                                                                                                        • Modifies data under HKEY_USERS
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                        PID:1976
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU2RTc2ODctRjNEQS00MkQzLUEyMTMtMUQ5NUJGNTg5NDBFfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjA1QzdGQ0QtMjVBNi00NTcyLUI1Q0YtMzBFQzQ4Qjk1NEIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjI3IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxNDQ0OTUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODY0MjQyNzQxOTQ2NjkiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzYwOTkxMTM0Njc2MTA4NyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTA2NzYiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3ODIxNDk1MTk4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                          2⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Checks system information in the registry
                                                                                                          PID:4580
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                          2⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:4396
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                            3⤵
                                                                                                            • Modifies Installed Components in the registry
                                                                                                            • Executes dropped EXE
                                                                                                            • Registers COM server for autorun
                                                                                                            • Installs/modifies Browser Helper Object
                                                                                                            • Drops file in Program Files directory
                                                                                                            • Drops file in Windows directory
                                                                                                            • Modifies Internet Explorer settings
                                                                                                            • Modifies registry class
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            • System policy modification
                                                                                                            PID:5316
                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7aeb04b18,0x7ff7aeb04b24,0x7ff7aeb04b30
                                                                                                              4⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Drops file in Windows directory
                                                                                                              PID:5336
                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                                              4⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Drops file in System32 directory
                                                                                                              • Drops file in Program Files directory
                                                                                                              • Drops file in Windows directory
                                                                                                              • Modifies data under HKEY_USERS
                                                                                                              PID:5504
                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7aeb04b18,0x7ff7aeb04b24,0x7ff7aeb04b30
                                                                                                                5⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Drops file in Windows directory
                                                                                                                PID:5524
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU2RTc2ODctRjNEQS00MkQzLUEyMTMtMUQ5NUJGNTg5NDBFfSIgdXNlcmlkPSJ7NjE0NkQ1NTQtNTMzMy00REFDLTg4NDQtRjc5RkE1REEwODcxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyQkUyRjdBRC01RDBBLTQ5RjctQTUzNS1FQUJGRjM2MDNERDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjM3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC45NyI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjM1MyIgcGluZ19mcmVzaG5lc3M9Ins2NTZFMzQzQy1EREFGLTQ2RTUtQTMwNi1GM0QwM0ZGQzVCMkZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS41MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjA5OTEwNTM3MTk4MzUwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg0OTA1ODQyOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg0OTIxNDE1NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg3NzYzNDg0NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzg5MTQ2NjI2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgyNTA5NTE1MzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNjMxIiBkb3dubG9hZGVkPSIxNzM2NDIyODgiIHRvdGFsPSIxNzM2NDIyODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1OTQ5Ii8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjM1MyIgcmQ9IjYzNTMiIHBpbmdfZnJlc2huZXNzPSJ7RDMxMjFFMDItRUI4OS00QTJBLTg5ODItM0M2OTg2NDU5MzczfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjUuMC4yNTM1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuNjYiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYwOTkwNzIxNTY5Mzg0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzUzIiBwaW5nX2ZyZXNobmVzcz0iezlCNTY0N0MwLTc1RDktNDc4NC05NDlGLTc3RDBEMTBDRjc4NX0iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                          2⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Checks system information in the registry
                                                                                                          PID:5804

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Installer\setup.exe

                                                                                                        Filesize

                                                                                                        6.9MB

                                                                                                        MD5

                                                                                                        0e2485bb7949cd48315238d8b4e0b26e

                                                                                                        SHA1

                                                                                                        afa46533ba37cef46189ed676db4bf586e187fb4

                                                                                                        SHA256

                                                                                                        1a3d50530e998787561309b08a797f10fe97833e5a6c1f5b35a26b9068d8c3e8

                                                                                                        SHA512

                                                                                                        e40fcfb989e370606469cb4ca4519ce1b98704d38dbfa044bf1ad4b49dbcaf39e05e76822e7dc34cb1bb8f52e8d556c3cbf3adb4646869aba0181c6212806b96

                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe

                                                                                                        Filesize

                                                                                                        1.5MB

                                                                                                        MD5

                                                                                                        160e6276e0672426a912797869c7ae17

                                                                                                        SHA1

                                                                                                        78ff24e7ba4271f2e00fab0cf6839afcc427f582

                                                                                                        SHA256

                                                                                                        503088d22461fee5d7b6b011609d73ffd5869d3ace1dbb0f00f8f3b9d122c514

                                                                                                        SHA512

                                                                                                        17907c756df5083341f71ec9393a7153f355536306fd991de84f51b3a9cdf510912f150df1cbe981dbf3670bfa99c4cb66d46bc3016755d25da729d01b2e63b4

                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2846917C-52C6-4D79-B4E8-27A3E1827A5B}\EDGEMITMP_A0345.tmp\SETUP.EX_

                                                                                                        Filesize

                                                                                                        2.8MB

                                                                                                        MD5

                                                                                                        faedccf679a8d88c91909018d1b30a6d

                                                                                                        SHA1

                                                                                                        d50c43ae0441a8526e52d6bb04cce233e54d3a86

                                                                                                        SHA256

                                                                                                        17a00157a757420a5cbeef48ffc3585bc7794823cd607c640256d67079a982f5

                                                                                                        SHA512

                                                                                                        f3dfff27cb7883302486e1ce65d495612b43f61bb9dad985c6149a97f25b5fcd090d8b4ec4e14aad246ff223a70072534338f3bbe647ac2b0f2825428d2ad44d

                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                        Filesize

                                                                                                        201KB

                                                                                                        MD5

                                                                                                        4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                        SHA1

                                                                                                        494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                        SHA256

                                                                                                        87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                        SHA512

                                                                                                        320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                      • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                        Filesize

                                                                                                        5.3MB

                                                                                                        MD5

                                                                                                        0469bb703f1233c733ba4e8cb45afda2

                                                                                                        SHA1

                                                                                                        a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f

                                                                                                        SHA256

                                                                                                        00314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0

                                                                                                        SHA512

                                                                                                        342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67

                                                                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                        Filesize

                                                                                                        14KB

                                                                                                        MD5

                                                                                                        77d8b7785d808345952f8afff6fe37c0

                                                                                                        SHA1

                                                                                                        8a0c9bed4d0919594196950f5228cd7b9092b35b

                                                                                                        SHA256

                                                                                                        9060fc4052bdbd0cee2930dcf8280a303e2efa75aac9d7a4f2fc2c32c3d59461

                                                                                                        SHA512

                                                                                                        cea8c8135cee0a9d57c9a5b8df7b34689566a3aa11f818a8a4212a5f797766a35108308ae2592be79d73de78aa00543640796a80d867b12194193270cc522cc6

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        34d22039bc7833a3a27231b8eb834f70

                                                                                                        SHA1

                                                                                                        79c4290a2894b0e973d3c4b297fad74ef45607bb

                                                                                                        SHA256

                                                                                                        402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

                                                                                                        SHA512

                                                                                                        c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        046d49efac191159051a8b2dea884f79

                                                                                                        SHA1

                                                                                                        d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

                                                                                                        SHA256

                                                                                                        00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

                                                                                                        SHA512

                                                                                                        46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ea16e3e-568b-4983-b3fb-9aff2640adca.tmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        e564524433f431d1505db62ec549121b

                                                                                                        SHA1

                                                                                                        1ab034015ba57234ddce4839df6af2ddbbba2ea3

                                                                                                        SHA256

                                                                                                        ee818231c087572cdd63f8cc60ed7671a37ae1aa7a4977e454520058611f6a91

                                                                                                        SHA512

                                                                                                        d6582160b3d7dfbd94fa5275ec592ea600b5b1f6e2fe3bd759e07861f1038a90d4e4b82e604612c9a313ce0dfa96a7862d877f2a121a156e227d50782e23ff5d

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                                        Filesize

                                                                                                        86KB

                                                                                                        MD5

                                                                                                        3f0ee90044790a34bddae90437105ce4

                                                                                                        SHA1

                                                                                                        48840ed9ec62342966b95d48cb209f460829defe

                                                                                                        SHA256

                                                                                                        b6009659920315de9133b093221289f848c3775bd92ca85e0feb38c8f2983a46

                                                                                                        SHA512

                                                                                                        6fd856db8f3848fa22af133365e75a8ee08b2c466d44f2231d3809fa8478862b8d628dc7df7740efd0146de7be231a9bcff353352096834e54b66ef07c13d0a2

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

                                                                                                        Filesize

                                                                                                        51KB

                                                                                                        MD5

                                                                                                        588ee33c26fe83cb97ca65e3c66b2e87

                                                                                                        SHA1

                                                                                                        842429b803132c3e7827af42fe4dc7a66e736b37

                                                                                                        SHA256

                                                                                                        bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                                                                                        SHA512

                                                                                                        6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

                                                                                                        Filesize

                                                                                                        20KB

                                                                                                        MD5

                                                                                                        0f3de113dc536643a187f641efae47f4

                                                                                                        SHA1

                                                                                                        729e48891d13fb7581697f5fee8175f60519615e

                                                                                                        SHA256

                                                                                                        9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

                                                                                                        SHA512

                                                                                                        8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7

                                                                                                        Filesize

                                                                                                        576KB

                                                                                                        MD5

                                                                                                        4f1df8f06c6930d2cb2bbc86652847f2

                                                                                                        SHA1

                                                                                                        1126dc94a5a89ef056444eecc944d92d2299cc77

                                                                                                        SHA256

                                                                                                        e25e72992189558118a6cc44e8063b5369eb0a2d9c4f3fbdd67c04dcc56b7ec4

                                                                                                        SHA512

                                                                                                        ab4b6381befce657dc5d3df7924d929d70f4c8cb4dadc831c1bc73e09576a3b90cb78586902ac6ae697f06c34b84199e60d05a67cf46ed89c938a9a836f45230

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        7cb5d60b5c0148637dbaf75f41853762

                                                                                                        SHA1

                                                                                                        0cadb1576b9bcc94d05fec0a7ff9178620cbbbd8

                                                                                                        SHA256

                                                                                                        2adabee4387b12dac3051bad9a6e5850037674cad64683e62a7e1ca639af6499

                                                                                                        SHA512

                                                                                                        6ee846bf848274063fcd7d7a5e69b1a4747ffa2ea98c746f623a0b23fcb940c41904bbf1ac4cdeafdb7bbb4b83e61b2e4ecaae0fca5f00cc4f40778e32b3d50e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        e5fc078634065b4de61fd69a47148d5b

                                                                                                        SHA1

                                                                                                        04e1f0389d8526320c19694b7db9e3deb3e1399a

                                                                                                        SHA256

                                                                                                        3d3d0040a1e1f43ff6518de08763277a74c73c6374598d993812f113cfc7f107

                                                                                                        SHA512

                                                                                                        8dd6e8cb9d43abaae9ee28bf8864c49ef7790e948c66cd131bcdbbc230756a2a8b8abcfa0d0c15f888d86bec3a5c20cbb60b1510de8c505b49ae9939d2678113

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        19840b089a165c2898443e20acb47152

                                                                                                        SHA1

                                                                                                        5666fbfe4be23db3e4ea33b867068d30f50eb5d1

                                                                                                        SHA256

                                                                                                        a30cc963497ae8602f3cab161cb56bba6c8899caa7f984364e96f87a7f50b997

                                                                                                        SHA512

                                                                                                        47f0a4abcce17d06f3d9d3cc2b190c58c7802a32d702579e737b0870f9dd2e14bb6725b1056665270cadcc82936dfad3052b08319c48d235a38cba29b26735d3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        a31333724af633aba881e75b2a9be41f

                                                                                                        SHA1

                                                                                                        ec59ea1d6526eceb0289437a8bbfcbde8c6631cc

                                                                                                        SHA256

                                                                                                        4b0cdf9c3b7b542d68a93989d97652c7ae9078edaf362876ce562556cde4d0cd

                                                                                                        SHA512

                                                                                                        1de4d1f14af71f50dea4fa82647493773a53745d6b6de1b034c639b9806224f77e26b1360cfda193eaf9678b55a6db9f0222233ea826a229f3697d220827db09

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        37a185e5ee4d18a9427c038de9ab5f7d

                                                                                                        SHA1

                                                                                                        27fe27db91238ad375e695090c37e390ebb7b5b4

                                                                                                        SHA256

                                                                                                        326e99745f91ac3c31af9cf7e4523390caa377064939b8d1422773cf2dcabb10

                                                                                                        SHA512

                                                                                                        bb348030419cef9d7c4f60d1f54f6c8f142125e369729c6c6e4cb0baba73f782a6bad5bf4fc8a24c616c98b9c3bea84df9f1ba5ff663c12c15dfcca27262472a

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        fa74286c172403caaa9754fda32db650

                                                                                                        SHA1

                                                                                                        00c4d0a2e323d6f6c628d7cf12921b0983aec1a2

                                                                                                        SHA256

                                                                                                        df7831465f980d46d5ff6d9f911a9d953bb0956f803c9a9ef7bc8d99925d0332

                                                                                                        SHA512

                                                                                                        e04e86f42317e5324a3206932ad06c42e196b771b168413620355514cdae38e3201ab5150ce384cd9a296ebc17d21b3e490d21dd660184843071717db48f420d

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

                                                                                                        Filesize

                                                                                                        743B

                                                                                                        MD5

                                                                                                        8ff88853a6f7bf3da7c1f4c68149e664

                                                                                                        SHA1

                                                                                                        a5abbdcc969a967573a5cd857f4ce52e510fed8f

                                                                                                        SHA256

                                                                                                        14edff480c10c7afd66dccd7718b807c58b91ba2fcd6f716039d8911f7ecb250

                                                                                                        SHA512

                                                                                                        e20d24301a3ffbf04cc0bee3b604cdebde130f90f4aef806971dc6772f8fb54fba29997d896cd5670f680172722a47477c6f43a99e9c13eb9c5f2d0d0265ed85

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e4535.TMP

                                                                                                        Filesize

                                                                                                        609B

                                                                                                        MD5

                                                                                                        612718295f4703e38a5595ab895405d2

                                                                                                        SHA1

                                                                                                        9a027f93da76255728e8508b1e95d463f2929388

                                                                                                        SHA256

                                                                                                        c8bd15f3df027cdb60006399f1c34d0501b630c061109eba1ec9a92976349ae6

                                                                                                        SHA512

                                                                                                        027dff6b72dc22398fd3d3c6024a56a64879346bbfe9e6bcb4cf7c249cffc047545b3707dbc57f7e83476ced6ed987c67ab2ef84f6aa126ed663454b24e790a0

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        111B

                                                                                                        MD5

                                                                                                        807419ca9a4734feaf8d8563a003b048

                                                                                                        SHA1

                                                                                                        a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                        SHA256

                                                                                                        aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                        SHA512

                                                                                                        f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        e994b663fdb6cdd900948f50e53efdd3

                                                                                                        SHA1

                                                                                                        36baa36ef71ec8a26e5776c0325f285d898e3ca9

                                                                                                        SHA256

                                                                                                        1b855d51124748c6acfbaead9d39052d5947eafd93814d4e548e07a9312460c0

                                                                                                        SHA512

                                                                                                        0c7fd804c3c828807511674c3594b41aeff03d4621715ac67b56dd95c0d1e878a8027dddeeed1dd525accd5047d3b2c5d3abf3960cdd355ed7d17e67673a01d4

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        47d77ea372b2408ebac58e919e74cdef

                                                                                                        SHA1

                                                                                                        3342b6b476461add5646886d663563b89816c9b8

                                                                                                        SHA256

                                                                                                        b9a528dfe7cb7e92d83fa0e17fb1f2b04564cd6a4bb576122dc5da811bf80d86

                                                                                                        SHA512

                                                                                                        4a13679806c71cf6bd5626b582082dd5f45621bd7cc16faf083d10aeeab135d5bc0c333863416a11b23174338756f6e1b2b6ac709982b3eba1d9953ca2149c1b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        d4e4cb2ad4f0cfdc4b7f63bd2de57f76

                                                                                                        SHA1

                                                                                                        922364e206c940680ea79054f52ed6de73180985

                                                                                                        SHA256

                                                                                                        a5ac7889fe252fe1ad8998794e4b273f4e900c87e9b9c55d00944ba68fcc02d5

                                                                                                        SHA512

                                                                                                        fdfd9647455b5ca8d8638a6c393f0fbc429500d5f6d4b4812094a97acd94367c0895b2b935d41e232f6bcd3525c7d4cd86ed459541c04924354c2ce0a20f654c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        43ecb729bbbdd61cf374883ba0693d76

                                                                                                        SHA1

                                                                                                        bca0e79a13dad8b36c8936c2f7370992daabfcfc

                                                                                                        SHA256

                                                                                                        b0050adcb72c0bdd4e3f35663380ce86aa4a48793c247aa2f972d67e07c97090

                                                                                                        SHA512

                                                                                                        0a4ae4aaeeff5e21aa88f19af3215220fd9afeb926af7cd48dbbff7a387c42fb02f53de451a98be03ada927b33dbb0a81cecbc53bdc0c655daa8b3013b46cdff

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        1922f6943f3c42b13d34acb1d8d0abea

                                                                                                        SHA1

                                                                                                        febfec4353da537a10f8989e350349c3491c2ace

                                                                                                        SHA256

                                                                                                        7396fad302c9cbaac6f2fca5297647a399b3ee874bce4516c70535ca4ceca936

                                                                                                        SHA512

                                                                                                        7626da5374b1baa29620012297d8a7fa1283e636c7b58f46314550d37a96e12e5e29b753bc2cbd6e34c712e58a3f8f24de26e41870c9765c51f0d36085cfc69e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        4ea2674692d91548e0c4015a0380fff4

                                                                                                        SHA1

                                                                                                        556910b853ee71e625ee1f6bc8a8798b2b5a69b3

                                                                                                        SHA256

                                                                                                        2adddb1c0d05d5b951d6ce42e7cb025cfaedb2d99f2ccfc8a1e7b3050157c4e0

                                                                                                        SHA512

                                                                                                        aa1ef9d561f4e3e08063d36e40203d1c34dec111a524fd5936f9a9731bc6ecdbee39b5fb6458af5fb8d1e639ce6e01ace20ab46d9ad78d11b0789f7e7fab1fbb

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        954b1719b47a814b01889d2e6604a84d

                                                                                                        SHA1

                                                                                                        fdae2532077b45577b225580e3118fa6c7f90b78

                                                                                                        SHA256

                                                                                                        415e4f87bdd89b635883a208e178b71a3e22ae6d55a9b2272349ecf3c5cccd77

                                                                                                        SHA512

                                                                                                        849c86360d93ad8f0168b36b78a0f977c29a9e7e5491ca8b4fc595e8d29616c00240cbf37faac2132498c4e75ebfef7dd6dfea9155f2e457ed351476751e5ea7

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        6e54c5e30d402774ea380e022ca46798

                                                                                                        SHA1

                                                                                                        896211fbde80e3bf0cee3b6189dd3043b3672283

                                                                                                        SHA256

                                                                                                        c9d2139d29a8b265da687eb7b6b5175fde213bee2f46d4bd40fd666f2bbf0942

                                                                                                        SHA512

                                                                                                        9cb500581dcbd199223c2457ef799f0fb997270a76c69be36f5f351a5b0291649593a6d816d4c086d99faf498435376ec564126725e7592ced766f0894b6d2cf

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        bfe55a8a7129c7e0763b88b7420f7281

                                                                                                        SHA1

                                                                                                        2adaccdd0fe4626f64206184288e91d6c50b3786

                                                                                                        SHA256

                                                                                                        f1db18877e0e797b3df2c36d02b790210f86ffc986ad40b7af34ef97324ecb5a

                                                                                                        SHA512

                                                                                                        15e2d59f184ea65b2dbed021fb0a6c22a1ae8d37e726d0cad8f686b4d125c6579ee7bcd8852aa493f847947d372ae649950c0208e993a6a186ee61d3dcf7ccd9

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        43543ba4a4ffe15c2b38ae7111e416fb

                                                                                                        SHA1

                                                                                                        af9fcefcf8fa9dac18676671bef439fcd3f05fe1

                                                                                                        SHA256

                                                                                                        49bd1282688c0dc8f653664e41f1f18c764b2735210b56cb0edaffb5c7f417c0

                                                                                                        SHA512

                                                                                                        86d7ffd78de1188d2033b6facbcce26dc841180bc951cbd7ba39971900d07cd4b28a7fd85b8482af1a1c7e356c22e4dc1b72b777e37e317cca0aa27ad0edbff4

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        2787ab0ca5cc1fbbb148028c739492bd

                                                                                                        SHA1

                                                                                                        3204c1878e51a314b65e9322bf9de041236ab340

                                                                                                        SHA256

                                                                                                        bea234e25ff988a600512ac63396da1d479bbe6e9518e91f881701a563a2e2e5

                                                                                                        SHA512

                                                                                                        ccbf9eb3e81562124c046f273cfe1a01a0bc8dccf8f3612dc76d708f4c8bdab6b9ae3b18f8f69fedd5ff3b3c37b55a0a4057afec1783cd9a7dde2591366191da

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        6168d16ef3a9ee5c2917116a17b0ca9c

                                                                                                        SHA1

                                                                                                        15b9413315286680e0b9cbad7124d54d45ce2e90

                                                                                                        SHA256

                                                                                                        16707380aa9e43af4465a06f49f108b7c101816f5068b5bd4dace6f0e2f43cc5

                                                                                                        SHA512

                                                                                                        53186715fa8cfe7eb6e47743b599b952bf956e6e090dc4e3c3e5f3610b3655f5eaea836d0c2b38e38e7148be493d6d6f26563bdcd61ef99f61fd4065451ec9c3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        e2e9e53e59e1de7862a60b81698a1063

                                                                                                        SHA1

                                                                                                        e18f7e11604d8fc79b1dbd3aa69c684a8a635972

                                                                                                        SHA256

                                                                                                        6c25c39239e7073e8a2a384255317f772e87575a49963b9d02ff8cc6e687f7ee

                                                                                                        SHA512

                                                                                                        4afa82d7767fd139a0a94a9f8200a6be9653eea53c89fe2262d3b4b92a0e1a0c5253cdd9ee84ac473476c5c4957e62895494af700a7187fc068c29569fe48bcf

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0ba121646e909a6109fed4f2cf13cd1c

                                                                                                        SHA1

                                                                                                        92a3def3b73776a74c10aecc2fe04f15580a8eea

                                                                                                        SHA256

                                                                                                        fafb5d412b0d4e0844d6a515b39eed82dbc1ae1d4f06416b05e708318d5aa9c4

                                                                                                        SHA512

                                                                                                        851b781231b47d4f85a40e57f5237bac4a6fa26ab32d2c2e5cb1edf071e3d1d8deea0a07764a264ff47c069b8691b79a20e39870fe6cf1c57ce15f3719e5ea19

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        d602e72b06d66cfac938f2cd027c4ef7

                                                                                                        SHA1

                                                                                                        cbf59b391d117cafaa520823ce523161737be313

                                                                                                        SHA256

                                                                                                        54fc6ded89cf420b77d8e4f1fded7176f15b96bb368ce251ac55a7f56c517186

                                                                                                        SHA512

                                                                                                        2f26d621c9554ca27fbdab8c62477bb77c12c297f470be7eb0506d8b55d064519a2113185036d2390245549988ff18508fd81a45ea0dad0ae16c279f8c3c53a2

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        dbda2fec2c1901e80081c5951d651805

                                                                                                        SHA1

                                                                                                        eee73397a7936038221cbaee2973a903d0a48d06

                                                                                                        SHA256

                                                                                                        235761ac8df3c3c7307cd2ae50bd165cc2406272d31b466fd8df53fe3cdbf06e

                                                                                                        SHA512

                                                                                                        047c4dc930f75fca528c941135fdea9922fa464f46f96c198d60a6453d79901acc819952cbc2e8518ed50ddc6811d23cceb45261251e69e105d8e10de307b4ca

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        3d4f139b2e69636e32019e07cc3aca75

                                                                                                        SHA1

                                                                                                        a8a33a6a3375bb9e45d6f439a5da28f6777b9744

                                                                                                        SHA256

                                                                                                        17ce853576cfca5a3fb2c4742f14ebf2b948e2df623319832b36c06302fdc11e

                                                                                                        SHA512

                                                                                                        cfb36e4cde7f0b70593c88ee8a0d7a606baf547e67ff1659c4ca06243519cd74e3b239e29d641726a1bff8b28c4ff812810ed3e847a536e69a1fae2a0c5e91e0

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        475e3f078edd199e297385df69e4c97e

                                                                                                        SHA1

                                                                                                        58472a1804ccb2f69adca0610e420d513d3c1522

                                                                                                        SHA256

                                                                                                        678bd5ead5f89ef3fabd1dc8e6430660aa1b8f5c450bc3bf320179cbc4b4c71d

                                                                                                        SHA512

                                                                                                        55a709e00a884dfd29bc81c38c420f03022d33a9a2f74ab1f5a37445edaf54f2afe24da4992aa9d579eba4bc99fbe5a5a66b43d3dc5e293e227d643b38f99ce3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        d15a10694e970323737bdbeedea233c2

                                                                                                        SHA1

                                                                                                        3b13ccebfcc5d3d720594786a66c27405cb2679e

                                                                                                        SHA256

                                                                                                        eab0cdb2c54491792eb5b6f86b09be4e01ec95cdd7dc9ec0cfd791d8efc92ffc

                                                                                                        SHA512

                                                                                                        deb4739615e9c3181b2e527589685c1d11f576f41588f81f17a6f3dc6c65cfb820cd36a65ebb9cd3bc93edd7a9c448af00357cc0587cbd7c93fe674577616424

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        8d731fcfa45a76d1eb9836ac93ac3f71

                                                                                                        SHA1

                                                                                                        abc110d557a166cafc37bf195bf060a7b7db1412

                                                                                                        SHA256

                                                                                                        44d982435331fc99cf5c9a7c8fa71a7f2846a1e4dc7e25b56e2921d57834962e

                                                                                                        SHA512

                                                                                                        bb1cf57627fffadab876cf92a4738a0ed1cbbe4f7ee7637d36f37a3417d4d0d14d3f794b5441be407387651be340986bf75c3ea29892a8334b7bb456119c0ff6

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        11ac6d6b3aaa063fc54653fad9678adb

                                                                                                        SHA1

                                                                                                        23750d71580c0ba895ba57532a2a521f65686d48

                                                                                                        SHA256

                                                                                                        1170e84d3acf772dcb43d0278c141413d628b27fd16d114060a5093ad0a08f96

                                                                                                        SHA512

                                                                                                        02e26caaf2737f31ba01f3951203b177437f60f51eb3ac696f67b4af5c988cfbc756636004fe9255e5b02028e2dce409ef472c915d0fa843dda58817a5932976

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        bb99679c5c8af0ae197f5c3f16f9a66d

                                                                                                        SHA1

                                                                                                        658ad380c0a5c44b04a9b37754f67a5ab98afa32

                                                                                                        SHA256

                                                                                                        7a4720ca42199fe8da097ad873af912667e590529c6f7e1a7f24683c85a43f80

                                                                                                        SHA512

                                                                                                        79b2f345f737fa5bdade85277acebdbc4e9a366edcb8fdcf17de0d71c84c6d8279d48258f4632b30352c7fb6241eaf6f2e8997fdfc863a1ab56697285c62a2b8

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        43aae9b991d17bd8696e61e84a4d2a62

                                                                                                        SHA1

                                                                                                        a45c183c0c3d41c1b713975adc07187bf82c1e6b

                                                                                                        SHA256

                                                                                                        9e8d2da76186221c21ff5f61a194fac0f1eb5af69c7df201e93fe51784c8ffdf

                                                                                                        SHA512

                                                                                                        b22b2fe71629f0764d83596d712be5640358b3bf2d922983d0c096d5334eff964483630b3bda62aa67e23305444393a78ea3f98102a23f4bdbaa379d7f4cea91

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        9005c1b516de3f9a47a003936aef853e

                                                                                                        SHA1

                                                                                                        7b62e1a416f435234143bdbe2e881d4f154af259

                                                                                                        SHA256

                                                                                                        296450852fb3ca08913a2295d06513c31bf3867d84a509a1106ff4e22ee87cd0

                                                                                                        SHA512

                                                                                                        2712439821a87d75c25c0d1ebc4d785860a40999970ff6cd97fcc7fafa79c56daf0d9a37f0f467d635077f717fb6a0a656a603c4f34318e682d0cec5c3187ba5

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        20ffe618f17b3eee180b92e227dbdf15

                                                                                                        SHA1

                                                                                                        d58b6f7ffc22f08b0d27dce72b8e786d9afe7ed4

                                                                                                        SHA256

                                                                                                        a9a5ad9cf104a1dff7f43153fa3647cbd27a57a4963a04d69988f4bc905ba673

                                                                                                        SHA512

                                                                                                        d5ea4cc7fcbd30f4e109d36725943ace7572b4d91fe430b3540be813ef9ec0ce0b029bd1a76385048e113faab6c222a87e2957b8965e9faab01585f17f6a08aa

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        98393ec7c79ec8fcb5603dda3d5e5368

                                                                                                        SHA1

                                                                                                        6c9e91ada60f7b942fb51bea69c7cfed3b5218f3

                                                                                                        SHA256

                                                                                                        c486ab961a2130e726b03072931bdec1f1e1de4f7d388151b4a0e03c4a73336b

                                                                                                        SHA512

                                                                                                        5b713d1283753e1a03e1dd5bc2a3f57b6d711b3c94df99a4581bb045b2310c4f1f917084892e80d00f4c5ed069c5d6cb9182ead96aeca3163391022be0127f45

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        b6d2a192d84ff0bc896e6b1609a0e477

                                                                                                        SHA1

                                                                                                        2eb0b3c28b4fcc08059d155e702a2ace8d638ca5

                                                                                                        SHA256

                                                                                                        c3f65cd70adaf3cd038087a6297e1d49f3180132f8acb8126f12dbbf0bf4141e

                                                                                                        SHA512

                                                                                                        f1bebec18dd0c39cc9ba14ad4e84538ed8e255d660c7a1a56496dd12acff50d103330bfb88cb4f3658384875215a263b7e1ca57aa0211b2acd18a9b1967ce64e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        61385f3c60b73cc2734461958565e46a

                                                                                                        SHA1

                                                                                                        f5187109009f362b582a616099fcc26789062a0c

                                                                                                        SHA256

                                                                                                        efe0a090c4d009c500691db9ea9c625a86aab9c3ca7d3491a334dcff35274966

                                                                                                        SHA512

                                                                                                        76ae73e308ed10d93e6a30451674b835fecd75a5cc005f81cd80c3799b636623bf9421dbd979a6277a9b5b792ad6372ab28edcabb14245a392604da7f7ad04eb

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        991968764eaee3d88879f6f6bd26f1df

                                                                                                        SHA1

                                                                                                        ac59d9f995913b97d858634ce47ae9cf53192b5b

                                                                                                        SHA256

                                                                                                        a8860a844b214b1c1b1a08874e549cfe1152f69740b48436e48a96c7fa44adac

                                                                                                        SHA512

                                                                                                        8405ee7c853f4007989fde0257a674ebc526efd36a1a0a4c26eb8b5a650bcdc84056795a08a7c9b1bfdbf7702a5eb42c79810e39481d6d426ed0998f049e40c1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        189a819bf3b3371a0378a507f1097112

                                                                                                        SHA1

                                                                                                        7009168f8f1ae469a9733947150fc3926b1ade72

                                                                                                        SHA256

                                                                                                        8020a1548bac8f427cd18281c08b2d388668234c8cdfaaf167181006ec7754e9

                                                                                                        SHA512

                                                                                                        63fe9837c5c583241e813ecf473822a47ec3be7135df8efdd7ceaa4d916e7485c85531a9d828307beb36957498ccb4c90630fd972824f7bb4b1b3be3b25e0fbf

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        7737715c6704f3b06ec7d1f0541ae57f

                                                                                                        SHA1

                                                                                                        717f67e25263502451fe53cc8a3cf19ea3607e24

                                                                                                        SHA256

                                                                                                        b342faf35fd07b5bf9ddb7de8dbdaa1621e2b780d7f6a79310e9ca761fd925c7

                                                                                                        SHA512

                                                                                                        5f86f0b7203b5fdeeb4b2fdfca492268a3fa2ebde2a77aa8d6b2d14f3eec9c300773f50d65ac8db50c3d87c41b6206cdf3f91c74a13f88bf46c760c983981fc3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        d829f83a7bce438c47e463c9a9fdcb05

                                                                                                        SHA1

                                                                                                        750bfce046854fb3ce195225d4115eb19188f608

                                                                                                        SHA256

                                                                                                        f9e196d206b498873d6bbde7d7b90cecbaeb5b5a6e131f31ecef818d5f53f99f

                                                                                                        SHA512

                                                                                                        726236c72af8bc439f61f66603ff1f7d11549d458932d503cb405102a6c9baa5735f36282590dce3603fe0c2c773ca252ee20559620b3535ba287b087d46f9b2

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        f155162dab895efab85181b8dd180463

                                                                                                        SHA1

                                                                                                        fb9e204a3099f8b2ae8b311a7a843f55d9f3b473

                                                                                                        SHA256

                                                                                                        e790a6c1460b8a7f3a15f1f0be0d7682472d92004e60d6f593ee12bdeb88aa9d

                                                                                                        SHA512

                                                                                                        de244f4d7427a8ca4445cc4f68d6938508b302d8f01578f045b49deb139203c158304c84a1f62116520456546315c87edb01b5b35174735d9284aea28b17621e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        58c6606236172ac5c3e989450e457222

                                                                                                        SHA1

                                                                                                        01529b30896cdeeef3f5622a4d5779f178027721

                                                                                                        SHA256

                                                                                                        5c0bbae73acf38fa3ac256b55d89470ef7621cdd13d36ae165edabb62c37ac32

                                                                                                        SHA512

                                                                                                        a51bbc052f95b3933e0ee582ae1b11e18255dbef7b524f90d73f9d9262e599a7a3ec66f87629c2208cb0841c0f815c190ed795a3bde8d1c23991c8582320966b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        8e542ad1e7e33577a6fdfc3cae1b26bb

                                                                                                        SHA1

                                                                                                        174b0291ed0317d77d77b2a78683eecefd58f079

                                                                                                        SHA256

                                                                                                        483adf77d8de602e437ad15ef52e98576d6100e98e7d26508a99da2fba4ed29f

                                                                                                        SHA512

                                                                                                        049b9fc67350e36b3015fa604b4e90a292ba82ca486dd292f7bcf652dac978734de2c53943cb685cf01117d92a37c983a1c4af1f1e49c884978ab06c20073b44

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        d8c6695b05ac98a4c2bf44029ebc9545

                                                                                                        SHA1

                                                                                                        960757677e1c7bfc5cd813f42223bc1a359fba49

                                                                                                        SHA256

                                                                                                        68317460fb72842ec6fb79128d2c055905acc00aa729bf6c638877db570f11a4

                                                                                                        SHA512

                                                                                                        250bd4d0090b84a611490a5ed292bf86a4a39294273625895864ae29814a298aaa9d20ba3c6861fd28b2d46b8849bf3b974a17193376621aed52d6d37ddac9c0

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        81896e2d5fdeec290d2143385026d018

                                                                                                        SHA1

                                                                                                        b733905eb1e73319ecddfb63f51897b8e61ef638

                                                                                                        SHA256

                                                                                                        e42f5b02341f540034dbdf8965c128dad09a0f0d2f6153a4059f2d4a570a7e72

                                                                                                        SHA512

                                                                                                        d5d3a4757263b7d3410b1fd5c587f1f19ab0cb66ddf893d5ec936815ccecd85c54282afd27afd0eb74ae6723667639d669ceacd86b5f2502f95dcf80b99ba59c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        70c4be310a87cef228b3a350474b539f

                                                                                                        SHA1

                                                                                                        b695985f8ea5dc1ca586c564af892364e02de42a

                                                                                                        SHA256

                                                                                                        9e2fde6a28c4396bc5adcd9322179f9ecc1365d8120c24ceac834b752e90df71

                                                                                                        SHA512

                                                                                                        64ac9003e7b7842cca7bea0c6ae1d394a3ab78e6071b1533831008a8227feb9d31c3d8292e70e2c23c97c0034acbcbed10c3af5535f22e595540a2683c345987

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        a3303538d99f1d77ebd3e79e014c946d

                                                                                                        SHA1

                                                                                                        015c1d0f981ad8717462a5a3420074b989f5b672

                                                                                                        SHA256

                                                                                                        6a9a83bb504ccbd7f7dbe4f41f21f62802327df8ee5cba9996dbf6703de79403

                                                                                                        SHA512

                                                                                                        cee0f950641b92553ae901be2480dc4185e7ce462332a59fc839c721e37c43cf05112eb96e15c399103bffcb14f36c4e8a729098609b519773e97ae9673f3ca7

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        2d7c17fb3a6867c32ec173e01cf52c65

                                                                                                        SHA1

                                                                                                        b71b60042701574d9587abf0b15acf5359dbfa84

                                                                                                        SHA256

                                                                                                        82ebc4f35bef044d5617b9b323509112d5949c841c7d43d7319c508266c62f43

                                                                                                        SHA512

                                                                                                        a3c25150a50f9ed537c3ac726222edb11d9d7a78a5e3cbbd75b84c5721fe3a5c77fb55b35842f7002784ab8d1101e708f7ced5daac7199c991756cd66b973d56

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0124b3bb2520a95fd0615af6872f8708

                                                                                                        SHA1

                                                                                                        b2c0daf2be4fce26be19ad74f7379059efb8910c

                                                                                                        SHA256

                                                                                                        1c2b0fa0d7cb9b14c0c987cf6f193f0e7a58b1a9d9f878bcee28e09fecece95f

                                                                                                        SHA512

                                                                                                        5eb7935e491ebc193129b8f0031b5bb9fc991896227d5bfd49d91b697970e15b4475c9b9042648a822ee52a60ea9d1cc2c69b6f1c9f0724b7e833b110c07da0c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0a8423e5f7048e62c9e7dd712a59b74e

                                                                                                        SHA1

                                                                                                        8d6598c52c83ed119296e8f66195a9c525b53069

                                                                                                        SHA256

                                                                                                        2f3059c3cb7e0aef7056a2d64eed91dbaf91e38a6e375d28adfd773e6de69032

                                                                                                        SHA512

                                                                                                        b0651f14670d927508fb0e0f9eaded752e7bc796eed9c3d73e12fcef54b71518d750dd7e65f2886b9ae388249d785aafc5d10efbd13d085352163c9c6b840d81

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        cc1ace0b3e19cde5d6354b2726dcadbd

                                                                                                        SHA1

                                                                                                        3ee4915ae7bf89989328ef261e19eec7af38984d

                                                                                                        SHA256

                                                                                                        9583007f4ed5d1dd480727a77defdebb557551abd1bb94749cefe739d437a639

                                                                                                        SHA512

                                                                                                        c525a503d9f159c2ef98797cf95d54e22b2ca41e8c59febcb9830d063455675ce3f52158b1fe5d83359882f537f26ca124518bd476a90467f0b30c7a609e05ba

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        7de3cf5d0139f70a486c9ba3e1b937d2

                                                                                                        SHA1

                                                                                                        b6139d04573fb37fb9e8fea31052afdff4ee7ccf

                                                                                                        SHA256

                                                                                                        68c138ef1f4a38d8c59f240f5a447dc560ed5a73244f10ec95104656385fe447

                                                                                                        SHA512

                                                                                                        0218ecf105f18189174cdde38a294997c0768179f28f398a8163b0e1c55efc6d8bcb23e78fbadd13a0b9d112cef79388c62a45388e87a9851b43cae86b9173aa

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        3fac4265c1bb92a61b31950b0bb466d9

                                                                                                        SHA1

                                                                                                        1ff47e32f34f2d75d2795591d5528db630c53beb

                                                                                                        SHA256

                                                                                                        b45f51a3b3e48d39fe617c6d07d5f9774c148a9144e4025ddf7ddaec9d5c719b

                                                                                                        SHA512

                                                                                                        0468a2fb938622be62e53ec51dfb345aa1f8dfa7e5f4057eabac02c86f1e4e8eaa0f09558f98997df69c9394707e893514546b97ec27e1abd29f2e87e6d8eb2e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        15f3d70d0b16beaa0658f0a8688f9146

                                                                                                        SHA1

                                                                                                        4b54fa7820b4a39b3789c1956f8ee947a964420b

                                                                                                        SHA256

                                                                                                        d1b2db92d705fd69fc2c40bc46961499dfee866691fdd97c2a6e1485f21419f1

                                                                                                        SHA512

                                                                                                        47374bc2ea6ad68412f59f4c178345ab199d543f192ff6f4c0c3abe1771c0494ea81b829279dd60bee6987eb613b741fd7563de66b92f016f7f3cc8b0a368af1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        9720482714d195b8ee096a799a6e8326

                                                                                                        SHA1

                                                                                                        f0d4be5a7a41b3bbf522ada19753dc866dbda78d

                                                                                                        SHA256

                                                                                                        afa8e39246c66e27eaa047a9ed51ae9396125bd1dde9a1e1edb78c1c21487f53

                                                                                                        SHA512

                                                                                                        b33abaf189ba27370294f3937f0801009be1934e748688252012c1c26468619ca7e63e9e890845cb9c7f521891ed001ff64cd3974af7fa33e2fc776255eb3528

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        bbde10f6fdab54a3f6bc81ced6b2b4b0

                                                                                                        SHA1

                                                                                                        596090828ab9f374500cd631678740d72e99b48a

                                                                                                        SHA256

                                                                                                        212f57fc0fd433b2f8bbe69440622d2bb3a472a7928619c90da7c7de493c59af

                                                                                                        SHA512

                                                                                                        1c5ddecb27f1e940c28b3fafae35717ad123c60275f9774881838708f7688a24b6f92e0ae74142492285a496f785a3243ead7bff70d8be040688a2506f12700c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        b93e74d56950fda3028768f8e23f1153

                                                                                                        SHA1

                                                                                                        031ab9a0021e6aeb27f9317ed31a20f1ff093ebd

                                                                                                        SHA256

                                                                                                        65986dc7d3feb2a0ea4b950fff05f5a47f50b10229bfca421b20f92679689cf9

                                                                                                        SHA512

                                                                                                        236f06617b9320c9ee795ff4006f7c6f1312a8430cf27c333da0639c431a4a59601da81cdf0ffbb36845d7dd24889723373c40b972165bcebb97fa9753db9968

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        22987d7a8e3c2708037f995eab7ce51e

                                                                                                        SHA1

                                                                                                        920c43cb6a9ddb164b19f8b9c809e9ea77f50fca

                                                                                                        SHA256

                                                                                                        bcc4ecbff85533e544298bef4804131ebbdb80520d5094f9ebe1a2a8ffe29705

                                                                                                        SHA512

                                                                                                        c37c031b286967e6a7b09941888c9a6a1fda57c3f79e9966df488edf9b0886577452f8a69eff7a912bff8f4a971d28a33ce8c43737971057ee1c3cbc62dd9796

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        1eae1251ef68fc23d57e45fb7b0c7cb6

                                                                                                        SHA1

                                                                                                        6efb35e9a6b3677540c73b1742ab99986e08b4c8

                                                                                                        SHA256

                                                                                                        5ed3c6a3c00a559003af99e0519bf2962be68a3fe958a448d28af3072b5212c7

                                                                                                        SHA512

                                                                                                        2b7e22774a82f8103230fb08884eed244b9769d5d4ff1ce06fc50210d4732cb9f96feef1869cbaab032d24c3b22d1fdd51db4fd135661c7765fce3ccd2b89e2f

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        3b86e69f89df1beed7c3f01180fc7d2e

                                                                                                        SHA1

                                                                                                        6a1860d9a89b0044f7ee0062d9213fc9b24a2a8b

                                                                                                        SHA256

                                                                                                        2d1aad6fd9407322eb12640530a6f59f7f0b607e2742ff78ca4c9dab57ec4858

                                                                                                        SHA512

                                                                                                        1d942b5478e45292d548e4ed48acb8fd76a206068e4fd48747e630da29e3a13f33b736587aa02d10025f5e17c4910d478da145c5c801e1887be0c9aa21d834de

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        cbd7263e8b1f442cc55b770ca328aea0

                                                                                                        SHA1

                                                                                                        6af88f2ce3cd1c691bbb28d8f010d0f4c9a0969d

                                                                                                        SHA256

                                                                                                        fe816ae5d4729748d46e0353d98aae8735e5ba21c5cdafb1451715867f50d7f6

                                                                                                        SHA512

                                                                                                        970067eec22e13982a0a722edf38885b2ba5d353cebc89dd2e5711fd1d759dbbb2091b3770692103a6df1ffb8458d5e8e737413b188a0c87bec0fea19c34ead4

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        2e957add88ddf18c90c214fe15e8b22e

                                                                                                        SHA1

                                                                                                        70356567c51e8f3636546faef82d84fb6d972c2a

                                                                                                        SHA256

                                                                                                        1774705e7b523e52ac2cf92c65e5adb36b84f99474ddc75561a1498c8e7dcea5

                                                                                                        SHA512

                                                                                                        9ede673d22a508472838e05e8b17b547f24fd13888585b4189d5edfa02a0ce4fa9d3edc913a326b71176074cf95ea47954be07271d79949b6a854c8d064182ac

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        6f71a6a8f8e65a0e1d5878b41cd47721

                                                                                                        SHA1

                                                                                                        097b9d6238017cdbf9231ac0db9b9a23976b82b4

                                                                                                        SHA256

                                                                                                        ccbcb966d69115e219816733e58689609fa7ba2a24ee7c1581223d38435ed962

                                                                                                        SHA512

                                                                                                        f02237095bb2b8dd2a8bde86e3310513e3a742baf9b317a105eb0c45812f00dd2307fe425410993a7b3304541dc9329ca5e057957a1273d9f4637f1e8bc991d0

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        49671b4d333aba424130cd9283a75f4c

                                                                                                        SHA1

                                                                                                        b2160eb07d9c7e9d01387cb6712ba51f0609c232

                                                                                                        SHA256

                                                                                                        b2e702f30e88428f592c644e71236d3d1fa45008c9bf7353b6b63721510e0101

                                                                                                        SHA512

                                                                                                        d93e83cd00fc58ecc9f858706de29dc0db5a48809adb3702d71e313f78874a5e9df2aeca0063c1519c8b34231124100a4d7cad80750ee29374566b2845197200

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        bc31f45c1ec7d63f395fea68739c1b35

                                                                                                        SHA1

                                                                                                        e80588fd8ade967063a7dd1379c96cc8a2eef70c

                                                                                                        SHA256

                                                                                                        8e78b088d1ba12cc1465c76a04121c4585fbfeed7afa744df3982a22c7643f87

                                                                                                        SHA512

                                                                                                        ad9f42f46989cf063d85c0869ee28bcf0601ada0aae4349c3af417dcdffb0a3bc4b543e83e987716578de0010ed5b4bd682bf6793f06dc356a2d412a3489ed7d

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        c459bed2696fb26bf70e2b9202392279

                                                                                                        SHA1

                                                                                                        304e2472aef7c7edb39f4b9b8e1d7d2561752a9f

                                                                                                        SHA256

                                                                                                        132a934f986599a1c3ab420029f5fa9c0beeeadf261a5e0f6208fffe45c5f856

                                                                                                        SHA512

                                                                                                        cb65b2b1ddbff972fce3c06ed3cfc2cf54ccfe30e02a574975157fbbb2f544ae77a1e379f8a5eeee067071f778aeea01a28778bfad7f110c2a7f933cf8fa6ad8

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        d88db8d535cafc94d868fbca751b9a67

                                                                                                        SHA1

                                                                                                        26c6d159d2a5d0e2ad6e9d2869a5aaf53615f500

                                                                                                        SHA256

                                                                                                        124f265c8e49be71f4b7029b72cb03f0c31199b76785322ef6e49b9686b0ff78

                                                                                                        SHA512

                                                                                                        f560e7508e164b224d550dfa7ef8c7ffe0c93314e3b64acde9ceca5c08ffad95d0260007bb69f231be8ee4a598fe668b9ae636406757893586315bca21a389b9

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        e71cea02a6594e8068ab0efd775a42c0

                                                                                                        SHA1

                                                                                                        dc7395bc21c11775009ade9551dbc8f9f4ed9ab2

                                                                                                        SHA256

                                                                                                        6cb6f6c2de2a9aec04fbb4aec8f7c4589d1a99f21b41065356ba53037b6855d2

                                                                                                        SHA512

                                                                                                        657416bdfcc5f051b866dd67f5427a940f3914ed026596d2548709ff64430ddcf5e705d3c3702889a7eb6cec7de9577bc56c8f45264b3be8a635958a40d3aa0a

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        7178cbb1347c43175239e84d20aa0da7

                                                                                                        SHA1

                                                                                                        92acd6d05be033d3b1280545fa16c5fad88c53ae

                                                                                                        SHA256

                                                                                                        2d195a4991b99f51892485adf0308f893aa2bf6a9a4de2e07f28e0256dc8144b

                                                                                                        SHA512

                                                                                                        e7c023910b6b446b031536b0e77ac8abce82974effca87a390cb5e1b1969a412b262acd599c055f5b245ae32a44dc064e36b793ea5f91ed9b75994bd6d97c6d5

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        3ee02a8b7bf38f46cbc7eb6f7dce487b

                                                                                                        SHA1

                                                                                                        9dc3ae7093990af3651e02ad0dcdeeb4e25fa6e6

                                                                                                        SHA256

                                                                                                        f99ddbd77f1c127e9bed4b4de801396327e3187c6ee3de3cf054f6901f3f713f

                                                                                                        SHA512

                                                                                                        22a84d99a660b37475c2de32e349db5c73fe7417d0b3cf2b88396b3810b8f73b790d6176636eb16a1d518d2765120cc135b97cae1527f3971d40eee6a57e1529

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        eac1e14de4c93c9c2ccaece62e0e18f8

                                                                                                        SHA1

                                                                                                        9fbc3bc8569124da4cbb986f540b5410637c98d4

                                                                                                        SHA256

                                                                                                        1d8655f725bf3ec4af925594decce828aa8d0cbd0a123f101d626af86673074a

                                                                                                        SHA512

                                                                                                        8db307ac192f45d3786b06e8a07d8bdd75d05618af14f2ba6c87b5030506143764e102c1ba8fb8e8053bc43e0559dce4486e7561b28101e937b1baf2b95b58d1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f6fb449bf98bfff7d0338c5ebc7fa301

                                                                                                        SHA1

                                                                                                        476aca1aff37e8cc57ddaaf3e638e409333f14ea

                                                                                                        SHA256

                                                                                                        e537773eaf2dd6a5d9fbc65da7b7eefa69efdeff5e565ef8c7ce82a16092a072

                                                                                                        SHA512

                                                                                                        de41d2fc2ae7ec6af640c6d5827928faa058da3ea75d5bd86e99a1d7026178d56c09a91a1adafee2a7cbd2f3cdaaee252c5dff6e9ca40e700e6ac26bd5061ccd

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        504acbbf93d5bf7a1ce07588ef621084

                                                                                                        SHA1

                                                                                                        af0dd749e254d7db3f73c9f98dc12fe4ebfa7ef2

                                                                                                        SHA256

                                                                                                        e35b818c4d4c7b35198fb5d0481cab32da760e2835570ea7016cf25fb5581edb

                                                                                                        SHA512

                                                                                                        cf6955dd9250146506e98dea29a6653ba9808acbe75e16f782be64d7b0d31c2a469f4036c2726c041cf55687b7bdf479485421ddeb0f271e9b3dc626ac945150

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        1dda86de6e06f17d8c46ace3ec227046

                                                                                                        SHA1

                                                                                                        43e6cdc91b89144461875b0e875511faa9e97702

                                                                                                        SHA256

                                                                                                        9f28f3fdf18d984c45f3ac79f95e253cdaa37f0468395a39d2bdbcb06bc7fa2f

                                                                                                        SHA512

                                                                                                        39cce3f59706075a3dfd335c29816cc0d2cc70559ea63aef0ef8f7f42cfa12472b0cfce90b9b0d462a42384c374112c5c175c345e4f6beaff33fc14f7e1d2eff

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        58596b4f2e6a3cd2eb34ee0dff5d4b20

                                                                                                        SHA1

                                                                                                        1b7f3df533a3ec07b8e7c615d457a8d35537bd6f

                                                                                                        SHA256

                                                                                                        327adb216625354e329f90bfad07c8794900c710ee9fa11a4de11c48231bb6fd

                                                                                                        SHA512

                                                                                                        8bf0f349603b26e664651181a96411d0ecc2b8b83ca751faa9f52096bf6082c228c4f94053e302e8f1857760b0a9c847dcae6a97624ebed024276daa68dd92ee

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        50360878b79516306b82ebde70e6c40c

                                                                                                        SHA1

                                                                                                        14a6991399e2ea7596a5cbea3c0cf29b31eaf7a1

                                                                                                        SHA256

                                                                                                        99fe9cf289a4d2673e1de1a105292fb727163d917f8123e8a5877a2d3ebd46c2

                                                                                                        SHA512

                                                                                                        9788a2a8a59a12532eb8b69296faa953fde6e7258cd9a97a030993f7f22a71f7d3a43faaa46e14ab2b97ada736581fea29f97072512eb0ce9522e7223d9affdf

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        8159cc8c48596e7ded80aca863c3e87d

                                                                                                        SHA1

                                                                                                        35788bded16f5d2d784b350a0885cfe14007c570

                                                                                                        SHA256

                                                                                                        3017cce6071572b9f340b298da4a7a3e23a8e88638b6ce24eb7a63ef43ad2c98

                                                                                                        SHA512

                                                                                                        39ea5e3a38c846f31f887d7321ab66e45d9bc4ecf0049de33e0ab45f44a6a1b8b9c238f4d342b73bed8f8102ca091ad30b83a90082630b825d42a58131f6098d

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        64abdc72cc81d20412a1cd733c9393c9

                                                                                                        SHA1

                                                                                                        26d659059703febee303a3c71e8361dfcef87e01

                                                                                                        SHA256

                                                                                                        f800b7e65b4f15bcf4cb0eeade608488544918d1c6c6aa0dde3e8cea8e79bad0

                                                                                                        SHA512

                                                                                                        8184d2eda98111e8054ff0c889957176daebbfda513d06637829cd16c1adf7db36c1121bbaf113c13a28ad615529a984409c06da3e2cfc98f12d692d5d34a6d3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        d0dfdf59a5d1a9d20d41811710cb20ce

                                                                                                        SHA1

                                                                                                        b6014516d7faeadafd74ed5157e9fa53731879f8

                                                                                                        SHA256

                                                                                                        9e148031edde32de8a78bd1539dd88b0418aa323f9efe3cce359ec93533e4d61

                                                                                                        SHA512

                                                                                                        a26b225ce48772b819f0354a0039f67c3e336e2e5e170429b2c3ad5664ac055fa330d554aabe09c3f92181b0cb70f0f0c3e738a603f78764a7ef84adc1bf29f8

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f55ff1efff0fc929fe41e34dc5b3301b

                                                                                                        SHA1

                                                                                                        3245a8c047ce7024da7551d5f8c4b19b07aac3cf

                                                                                                        SHA256

                                                                                                        17ab4a2f59b0e4cdc4911864d33be5ce0f12eac8c3a254994bb0520735aede45

                                                                                                        SHA512

                                                                                                        4b8dfd0ed61c8826d3124485e189d1025348e0b5e3d3282d65cdcd8fb8a5e568ae1ce837d158a3e7fe86d3cfa023c600aab5a9c612bbab54a51b9e8905468c39

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        a350f9af9230a03de19953bfdf7b1bea

                                                                                                        SHA1

                                                                                                        17917e4bce2cf236bade4fb3d9ed62778487666f

                                                                                                        SHA256

                                                                                                        164707dbb63115466ecde678372130175ea4026437780d801f9ff4031cea4d7b

                                                                                                        SHA512

                                                                                                        731bacd26d378f5d5a6b099a51b4add74811a835562fa8db4a5c26eca7b7a02c38515301441a704f9db6b27e26d29606422d936e248f537d0337464031a91bda

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        473113ba88dd853eec8a650676f76c26

                                                                                                        SHA1

                                                                                                        0d68891f846488c953a6223c84fad04a027993c3

                                                                                                        SHA256

                                                                                                        ade2393086788e9d68be8992286815b33f926f432c03a3dda9ac5ae6d63d7ae5

                                                                                                        SHA512

                                                                                                        ffdfa8eaf9e29d855e9f85974e3f9439e9d0d4d8e2455da8ded78d11ee8bdf11090db40f9eccca45bce7343861b3341c67df2faed0a907229b2ad6c93c7e311f

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        2a16ac0f0e6ab51396e13f01bd91f455

                                                                                                        SHA1

                                                                                                        1baec771191f8faafb13d0c2f44f1aaacd2e4749

                                                                                                        SHA256

                                                                                                        dbdfae3e017f077fc9c1016b42d67be95adc7e50b052b055f216549d2a0184fd

                                                                                                        SHA512

                                                                                                        4d889e6fe4f0afea00891c1d842ac3c7cac1e03b64470c1b7bc6cc5377d278988d3b6fb94128cd7dbb0841d6e04a4e18f8c05ac9ad4e1d34a1e370ac9b505ef0

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        7d271d6b8c9f2fd5c8870152d7144475

                                                                                                        SHA1

                                                                                                        dc7de0243e8beea5e47a4c75a334c2ea33370576

                                                                                                        SHA256

                                                                                                        d4f63853bf03c6dac931d5d6238d7abfcf47d229cdfd190f0ae0537f0ba7b714

                                                                                                        SHA512

                                                                                                        e3a2b1bc5d344791e0f23fb7802a32843cefa32f2d4ead16b43ce289c2499aecdd2fcd00fa33fc319455721152e91433f6891f5430c6672527177acb5a5b3229

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        59d668abf3ef0914c8c5bb53d3df8b1d

                                                                                                        SHA1

                                                                                                        2fcb84b825365b3b6f73600949b5f744f0851f25

                                                                                                        SHA256

                                                                                                        3c7a52b33ec243caad3726e1c153f0ec708d223b5be0250a89d38425c1085a33

                                                                                                        SHA512

                                                                                                        8aae74fccf72bc4aa3ca41ce08730876891c925e6d40986add87ef8d7c4278207b1ddf095e964339814dd19dae3fd23847ea9f11116076275b7dc388b3bad2ed

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        1d05a9c3bb89772e5d16ff07081eee89

                                                                                                        SHA1

                                                                                                        4af54ffd664b54fef098ced6b04734983e38540d

                                                                                                        SHA256

                                                                                                        a7b0cd154b4d858bffcce8843aea11b9b090a2d392f12310c139285318d3fabd

                                                                                                        SHA512

                                                                                                        18ad14ffc29cb502bc2b1b6a0eb8c9510a904ede1868c4ba397ed2752c302fd280fa5eda24a5daed22cdcc9328a22e929b68b88ade0d66732ac5cda393ba4032

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        6eb147792d3b9c39f54382c6bc5753bd

                                                                                                        SHA1

                                                                                                        287bc00ec4f0e85fde6124e8113ec051fa0f67ba

                                                                                                        SHA256

                                                                                                        7000e5469837812dfc094bd1b514cdfdb652ea46d098599e6dbd14d9a6838bcf

                                                                                                        SHA512

                                                                                                        82e10988986599de58ef8d63ee459dc71a056e95d158ddbd1ca91012a7a519e33731386e7cd4d1601ed76419564e8ac79c2f1a3119c0b82cb08dee1e917627fe

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        cc5f8355541cc6e2f9acd0880633564c

                                                                                                        SHA1

                                                                                                        8af68706388bc59037135bcd24d45f90326e9030

                                                                                                        SHA256

                                                                                                        6e47cb87e235ade55668b64a322464df68dac1db427383ac9cf1971b31f487c6

                                                                                                        SHA512

                                                                                                        6b1fb260727dc00a88d527f6d7423337d4580f1c0dc7e698ad81b8a3aec43a2e29b4ef3fe9b621ea67ec0374be40ccbb0a32b7d18a630b3fb5f96b740a3398c3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        85d50ff3cf28fa8636e3483b142d4e69

                                                                                                        SHA1

                                                                                                        2245d4ebc148f2840d9b303657dc1f10c7106b1d

                                                                                                        SHA256

                                                                                                        9bdf259e52cf1ca2ba9c1d0bd8eb48821778a7c9484e7d67d6b098239df8b8f9

                                                                                                        SHA512

                                                                                                        20794b37f337db538bb3e0f5c8df9fe09b8a86feffed45fe0b734d946ebc2de6d0dfbbe1ec3af9cc0898f3f1f1a3f932a164bf6cacc35da2e9ff3ed1cd46c5ce

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        7a65b2e43f9492f38f56e0a6d53365ea

                                                                                                        SHA1

                                                                                                        02ede477afb8bbb0a1814ea1e4bc418a5de2e699

                                                                                                        SHA256

                                                                                                        dc55eea3810f3fd4e8ee95d364d18c08f895cb0a569aa0b4c35128a259e6e6f2

                                                                                                        SHA512

                                                                                                        0f13fe928ef8344d71bad88f69925d38286cc9460db50f5e2216b28b98d9fbacaaffa0ef7915bc0195a40c29ccf64e7e9d8b06935b8ea6918d5aefedffdcdd58

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        33a2975366b4ae2b52f2b0b067ddda37

                                                                                                        SHA1

                                                                                                        bf1dd85c0cdc8bbe6120043cd4880c871810162b

                                                                                                        SHA256

                                                                                                        a1f8841450ec7eece887ad8b25de26ae3f33191651aede86f594af1ca6b137b9

                                                                                                        SHA512

                                                                                                        5846f7c9df201b96ad28bcf753fb9fdc4a98cacd3da62f116c0ded1905594f7c7833f20e27b75bb0bae1480951e22f71dd1917910494c16cb64d9fbc293620b9

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        20f7fe98385111bd837082e8a861adfd

                                                                                                        SHA1

                                                                                                        f555e4ba6bf478622d473cb67f83111b5bf8ccd3

                                                                                                        SHA256

                                                                                                        47856883ce0f5754ef6b3c7403bfaa52afccc21a245d669bcdad5b799d79c0bb

                                                                                                        SHA512

                                                                                                        aec7ddb382fea9578cd4ce33a86d2afab7a3dede394a5d4eda4ecdc3e34a975dacc14af2c76484b6fc9f3c6a8f1f45e6e7ae26be131c8a3d9b9323a7dad9acd3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        a52c6f529ccef1d6e7b5a0881499ea78

                                                                                                        SHA1

                                                                                                        6c65001178007b394f84dfff41d9baab9e95c055

                                                                                                        SHA256

                                                                                                        c36776a4d0bb788ac85f349c010a7abe6fab3a102a1c1c44b7a16dd7f530e01e

                                                                                                        SHA512

                                                                                                        013569c0b611b99e33de949a9b89e27579a884af7a9dabda2db0714c59d5ed04ced770545888d95bf7d77008ade8a38dabe52f5c8babf7aa472e15b750f9e93b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f8554aa746d5d0590d061d74c5afd671

                                                                                                        SHA1

                                                                                                        006fe7ea0da9735a3cd1077bb15eb0e963b074b7

                                                                                                        SHA256

                                                                                                        4fbabfa64552444db45a54ffe4b15a2974ab4cf4753574cb893e660a05a34a2c

                                                                                                        SHA512

                                                                                                        2ab86f89ac26fb12dc7c62f9911519c75b195c4edf6ad59fb707b1c7f6cc2b9d9b478e5b11597485a70e7ff9d49ac814bc4446fa4be3f59ff2010efe8c72814c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        c09711380736e63627c6c70ae0f1360c

                                                                                                        SHA1

                                                                                                        76e7f76d652f43f3a4d9689da4c8dfa44d3a16c6

                                                                                                        SHA256

                                                                                                        3004f5180e80acf5beb6fd5121e0570172f47bd2d825c814809b2423a35936cf

                                                                                                        SHA512

                                                                                                        bb7b3f750320d74c605435744aa3a358271f7a7fb82a002dbc78d1facb98c3df67a450f25eb4ba66b05942042b395766c75f68930b87412037e02ffc3b5fc1c7

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        c0769fec9b8da169d7b289a0ab2e2ef5

                                                                                                        SHA1

                                                                                                        052bbb72f020cc3174b0e9ab69086934dd532dd3

                                                                                                        SHA256

                                                                                                        296f4f68ab17e8aba6c6ff339d4c382d770e5d6bc4795c0618a2fedaa6fd50b5

                                                                                                        SHA512

                                                                                                        4581fd55b0e8bbe99b09318c72169154f4fbe12d7e8ec7014ffcc752bdf5ba7c4f6d193941cef92d09f443960523fb650c0763dac7457c8ef9c141a89f779ed3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        1a4409a45eae07788e388facab51ca88

                                                                                                        SHA1

                                                                                                        fe258ccb27ccc4b094ec0fe3ce721d32e9a10e93

                                                                                                        SHA256

                                                                                                        d477691d15a81a2e26399323c4bf589d0faebcca4ebc15965970611455eb28b7

                                                                                                        SHA512

                                                                                                        07427be6662f73dc13509b0e123ea966435017fa4d20fb0708e39ea42ae8caa5d538ad4b11d919badf95afc3bb01427474053b385621033f6ee7e568807ebf73

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        203971242d0a782978b4f353db453566

                                                                                                        SHA1

                                                                                                        08e3b1a77b7f94a6ab055ea8e33133722fcf882c

                                                                                                        SHA256

                                                                                                        305630fa1aee1e598490907ade9af5b2e6cf7124a29b79bf47e19ca532dc3ea9

                                                                                                        SHA512

                                                                                                        a40060d03e78aee0b6b6cf1218ffb0b08f8774ce50b79207c551ec3664d34dc28e66c12f8722a6ecdb14ca541f6e79223a3afe9a7f591f456cb562cc5aae823b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        084f8aff8bc6162a21c66eac06200a6d

                                                                                                        SHA1

                                                                                                        03111b066f1706cdb154a5ae18361fddeb7f5910

                                                                                                        SHA256

                                                                                                        65b365690bbf8437ce4e0179a50c6a0bae5e306353c30fedd2477ceccba03302

                                                                                                        SHA512

                                                                                                        1de07dcd564d29c8bf4a0fe3926981454c22722f74e1a65970701ce60cf36b03cfc98c899bf3a5879a04c6ec5d9196833a26a67c05b8710fb30c9c1f7ebe7e74

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f28d309bea4400afde835e59197fb404

                                                                                                        SHA1

                                                                                                        89a1c450712221e9afea46a63dc408c0bbe40123

                                                                                                        SHA256

                                                                                                        f5de0319a67f8107e6341cd49a77a7658a82d018a5bc90d837681dc827c4e970

                                                                                                        SHA512

                                                                                                        58ab97cbb0727a7e82f80f498fad11ada8bfaf39789ae5f68fb774491b5f1b9eead1613d82a9159c0b96a33c94ecdd019f7ae6434f1006b9a943a3efe9c726f3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        c100630262d9583a7bc55b0d40e11e89

                                                                                                        SHA1

                                                                                                        2350bcb8a6ed82ea72f67f721f727a87ba6b9b97

                                                                                                        SHA256

                                                                                                        e07e16b15fdf644e5818fc78d9ed19252ef1c51b0c8ab7de47dac9479ded5f01

                                                                                                        SHA512

                                                                                                        00c4e0014b8bae914c75771b290ed40a91b803efe4e8b024cc243183494e8ade44e477ab16f9782dd70feebcdcd2843542682f7bfc87a813e1fe64c240a531bd

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        6bbb4ce3ea0cb9323c84fe0837a0e37d

                                                                                                        SHA1

                                                                                                        c6a745fa24f1d7634b48e272b52c92e816a72a9c

                                                                                                        SHA256

                                                                                                        9eb2e0e36b93e3e9c8b00fa9e06ec60b68a88a63cd95aad8ac34cf738d999540

                                                                                                        SHA512

                                                                                                        669ff76d7bf2f87f58f576717fd918d20f6392c9585cc323dd7169dd7b0757b0d90180c749eb8f0570072ebb9940c00edba7bce29346aaf044f07366c4de4fcf

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        01722e0a7b7891f4b0c4a299cb169eda

                                                                                                        SHA1

                                                                                                        fac61550f11100147c48e4ff8c030ad5faa70e84

                                                                                                        SHA256

                                                                                                        f0190a0945c36c127a91ea188f0e6e3f3422f8d095be064e9c6be4416d5fe02f

                                                                                                        SHA512

                                                                                                        bf698216383c3deba5b4a0726ea2753139bece31a7ef9b60b95e50d859b856eeb1be717c4175a0c3572386939536b30c9203ba9a24c15abee720c695bd04d68c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        b2ce095277d00790b4480b301a18fc6e

                                                                                                        SHA1

                                                                                                        285fc1b72b5d20a9cdd995ddf4d2ad81a83ed13f

                                                                                                        SHA256

                                                                                                        360e24c716913322832719bd7c4aad084aa29739496156a10616bf40963e1bf4

                                                                                                        SHA512

                                                                                                        93db458bb86e07e5a242bd66215993d5800148da110843927595632dd810b6d5097864c617a41e24f4b822e9d3b21260d5398b0f62b60a5278e35b50ed719222

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        8bc3d8bd1e50efc4beb82d51262b05fa

                                                                                                        SHA1

                                                                                                        ae9cf3b6a27bff19e4b0529abadef572f3e7e812

                                                                                                        SHA256

                                                                                                        03b433c3e5bdd59c4130ebac7e558dc68b43d99c018c9c6cc6f28974281f7637

                                                                                                        SHA512

                                                                                                        f7b1b8f589eea9b79c7f5cd3e655a8386af96611dd174ed01bacf1b658bdd233dcb63a528f446e5e700532286148242025c7f0cc7cdf552dbe9f7096eb59a37e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0819e8cd1b72830ef63383ea60209e2e

                                                                                                        SHA1

                                                                                                        41521485bffb2b908a11cb43e57544c33033cf67

                                                                                                        SHA256

                                                                                                        f7de35ae79f83e815bd88bdbdb2362ba5433488315faa2003dae5150ee37eac9

                                                                                                        SHA512

                                                                                                        0134a32885f8ced1ba21ecd81ce6de9729150c3532a8ffc45ebe8e088d45834b60a3955b68aa2e446419bdbbcbd5d8bc40fa1d817f77d14d009940ae48f81fa9

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        c047c8a19420b622e160c6a2ed3bf01b

                                                                                                        SHA1

                                                                                                        f7b42e8270ca8e0d77aa65b2c595602360271fbc

                                                                                                        SHA256

                                                                                                        e798088cfd5a7dc9d00e402e9183bc73af9fd9957f8cfd6be8411a244c3c9efa

                                                                                                        SHA512

                                                                                                        1b35691cb720082b55cceaec564d124c7d604789ab7fc389027b23575c55eebfe73f73678fde2187f6d1e24307f9a65c3ddd357420e85baaffa87de228f19ad3

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        2269a1f00b022ab36538f3de9eb0b5e1

                                                                                                        SHA1

                                                                                                        f33cceb11be6e1e5fec06f40ab94f52c35a368cc

                                                                                                        SHA256

                                                                                                        6b40aa901b66a242d68b82ac10dd27e019cc73a0565fa8c22bb94c0786564342

                                                                                                        SHA512

                                                                                                        d118f405bc4d231b48a79e6ffc34f18a342c7558f9fd5da826fc0c8977617fc7f178269a10120d2df1d9af6ebfb5bb82b0063535e2b5d0e6b065fd97825edf6d

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        85f884ebeafc9d8817f1760be70e747c

                                                                                                        SHA1

                                                                                                        be454811c44e5eeb6da85203f55d07e23fb5b09b

                                                                                                        SHA256

                                                                                                        143e3ba94c1874cc92aab4e33510683b13d1150cb41ef1946fb53eefbcafff75

                                                                                                        SHA512

                                                                                                        e7c538a0ac4a77b6e714865a24e408abc06c37d7cd5d3d81757a622f5b785820ac671e463d472a46da096aa4c271203d73106a302cb81d86174ffa47abb4a03b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0eae3a9681ddea846e3a9f7bb8f231f1

                                                                                                        SHA1

                                                                                                        330c400baadfc75dbcccf8456fe07fe670b0fedb

                                                                                                        SHA256

                                                                                                        a3de933f39d84775dd4a4e4fb4a184c1ac7b1b87ccfbd0a2c2d1c549c90531e8

                                                                                                        SHA512

                                                                                                        77340cd4505e9eb1434d97d797cba271f0071ba27cff04cb0dc8ae7ca8d5e449f83636b1e865a83e17fe6b7aebab38ca28194570482c7176f20d4fd2859bd0d1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        7531b48167f6353d5d8c4895d7d02d19

                                                                                                        SHA1

                                                                                                        ac311e3ae69aba30cf1eb457acf63ac517b185ff

                                                                                                        SHA256

                                                                                                        0b92dfbc4736f77bfddd378104ad946816894b67f45c28cbe18e23c2d79509ed

                                                                                                        SHA512

                                                                                                        b1b69111526986456f8e8d20bff4cdcc0b39dc04bde9a7531856381147d1f92176f74af67181892b1dc4c1e80482979458dd937ac6c5b7e3a03b2dc7bccc56c4

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f9b534cbbab32b338e7b216367afc6f6

                                                                                                        SHA1

                                                                                                        a3acd9c70c8e75b198261520223d1df5528cca72

                                                                                                        SHA256

                                                                                                        79ece04653b0a57aab2599ab88be352a7dad6051b7b321653393a4efbc3ad907

                                                                                                        SHA512

                                                                                                        81caaaf1d67564e7d79fad540e2a3bd98c09e2121d4e7168cbf24874be6c7a72f2b17d3c91017a34fc776e551288964ec8a5bc324cb312eb04a4bc70efbd50f7

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        2709e8efd47400502978d1bedc9d3c9c

                                                                                                        SHA1

                                                                                                        c18bc09634919e0c38a935fb9575e749a151de20

                                                                                                        SHA256

                                                                                                        2804969a1d8ebbfa8795e4c35967f6d017c3416a5fac1d7637684b304a5fe163

                                                                                                        SHA512

                                                                                                        cd3e0062a99b8985fa7fd8401f99a8e8f52e03a4f32ee79160afcd2afca6c81d5b919866e642f299c6743a2b563eedc271654d190106da41a1317e098a96804c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        24233ecdb56588ef95c5b0e79d9bc074

                                                                                                        SHA1

                                                                                                        e716deb6915de084cecbfb6e49f03aa3c1bf51e6

                                                                                                        SHA256

                                                                                                        c06a09ef68a90c38ee5792abc439ff428f1789f22c2495f602215304430db794

                                                                                                        SHA512

                                                                                                        b5f6c297d53c01aa55e5b76de2ea1222ecc92b673274219339a61a7b1d4aad9568c45bec68cfeef4c4631f8c52301cb2d759c5706600e2f6cd48424d47bd4f3a

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        f4357f76c2dbfe4d0f3aa14bafa40507

                                                                                                        SHA1

                                                                                                        15012113b884f2089c0154d5313798bf181ef349

                                                                                                        SHA256

                                                                                                        8e6c0e696100b46a8c7c11a51e9862d8aa480552515449af5f34400afda68c71

                                                                                                        SHA512

                                                                                                        2f6cb5419feed2b046da8262b73da2e73f5358a5b50e87e84c92acc3f1b65d82ddd55d57452e62c7e5ef918df523842a84590c2d70af68164b11136ad0d7a26b

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        7f7b05ad18dc1f3201c8f2b42aba3e92

                                                                                                        SHA1

                                                                                                        f551fd25f6de390e761d5541491ce294f59988db

                                                                                                        SHA256

                                                                                                        719fa78b1af38923a3b5b5440a79b64d64eb07c95e0ab1fd1f61dd8039957f21

                                                                                                        SHA512

                                                                                                        caf1be235755535ff4d1e80726417e20551ba1602a5b198f6c1aa0d9ef3bbbeb08a4383ef87340f174efddd21e49a4aa8e11198683256afd28f5343a385841e1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        0e2c8d08d241bccf9f0ed116fcdc925e

                                                                                                        SHA1

                                                                                                        0080a21bbb6132171bf7c5563e47fecb881162e8

                                                                                                        SHA256

                                                                                                        2b81b41b2ccab87e14c77e04649c930b93d364f221904f4934d8625f969ed943

                                                                                                        SHA512

                                                                                                        c1b8ab725a4a113223b5107ac8d06363235df85438e948355398298864a745820f276f82846603617cd728e908b1b3763b72f3760e8107abefa6dc3a7e922fbe

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        589cdc4f20cdc238c20b2528d417c6be

                                                                                                        SHA1

                                                                                                        213111999b5b043d9c3ca5f2ef3db2d306ab77eb

                                                                                                        SHA256

                                                                                                        091c97685c03b4d7a4a3264e53c640ec279fdb0c93338405bc9d5285a0f3b72e

                                                                                                        SHA512

                                                                                                        65824edf12856f6a52637baecfe639362cb18ba22c0e51dd947ec71c0e6a66b8012ab582b137b4c99b6c16022049824b01ddf360d5307e03be7b153724ca4402

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        8d2ae7fa9332721d374daef55a6cbcf3

                                                                                                        SHA1

                                                                                                        47d40e7362d61827b89c19da5d2dbc02a2740946

                                                                                                        SHA256

                                                                                                        41ef2bca1c4e507b5371f664f6ae56e4f1b4789abef12b0fb9554ec3285e7fe8

                                                                                                        SHA512

                                                                                                        77e2e9717b312e8b7af197b0920e65165a8adcf2df703e757525a84fc36ad4eef2380671ae3289c16c6cb09e06e9cb0442eb2ffd655c6855d8e3a1b325fb0f2c

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        103cf7b0213f77684b7848ede282eac6

                                                                                                        SHA1

                                                                                                        733b06129181ecb8b1156b9ef2c72dbbfbeaff34

                                                                                                        SHA256

                                                                                                        649e1f1f5a111d12661d2ba3b0ca414fbfa46138112678e1d0340c2919d13576

                                                                                                        SHA512

                                                                                                        6879f393c2fdbc6ae17c5c34c745481eebafb7f28a9365078c74ba3d790f03354074b3b2ccfdf3b85459ab42dd167f37f4ab19ead6c9f6ff72dc76514c65e2e9

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        a0ca0aefe4e03612dc289eb297997aef

                                                                                                        SHA1

                                                                                                        f762c849c00737985b2cd42b9f466b8844dff817

                                                                                                        SHA256

                                                                                                        578ee2293fcbf7954c9ec69fa8a19f0d52d80e25087468681cb83e3f7cb62f16

                                                                                                        SHA512

                                                                                                        dfaf26e697b5f550667dc1f0d2ba4fb504d89d4fd6c581b9be18c7f898d79bfbcbd3377baf7e8e3d966440cdf93bd327df970765e4e655cf54b3cbae84f8f64a

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        b70bf22b2fbc3a5cb804bf39daed151b

                                                                                                        SHA1

                                                                                                        443867cee898b7ab162d679c1d549ce9da0b4d03

                                                                                                        SHA256

                                                                                                        b6a3aad68a1a3300ce9bab1d4c506b2b7666b987be61a81add7695114f650fad

                                                                                                        SHA512

                                                                                                        8f16e9408a1e82cf2e793e4f9102d5b413e05dfa936afd2cae40c85bc15665f3d2aeed00cec09ff879c3eb68cd9aaa35656c4678f795d58644700ea43376a938

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d29a3.TMP

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        da75ad12bd5b3f95cb1399775596962d

                                                                                                        SHA1

                                                                                                        b3b497fb007f7f5a474661b9e83c11b0286fb3cd

                                                                                                        SHA256

                                                                                                        b21055dfbc9421034cc3092a5deb26d3fb5f3e57a7691a55aeef17715c6c84fa

                                                                                                        SHA512

                                                                                                        31565f80a1c555c569e2f6b0ab05cfbca673695db4076e550279a1c48c0ffd7f56074d89946bde36a8ad8d4cf276b1d61a845e66d0a64ff584f373d5e3eef93e

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                        Filesize

                                                                                                        11KB

                                                                                                        MD5

                                                                                                        4d410cb50b384912fcb6df7e817f740c

                                                                                                        SHA1

                                                                                                        f0477e4148fd7209193d4a96242a4c9364d9d523

                                                                                                        SHA256

                                                                                                        a235934a841956240f88e5c9018553311782ee96220d42d8cd6c3ff82a48a60e

                                                                                                        SHA512

                                                                                                        e5c2604065733f68e716ac867dff205b7c131cbca2069ebee1c9afd3b99585365309475750064e41eb5aa711fe453dbbbdaf703ab67cff0378ffdc2f450e7db1

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        76c3e3f5b189d66dcecdcf911dc456ed

                                                                                                        SHA1

                                                                                                        f310fd992eb8e8df899db99cbaa0a69338fad640

                                                                                                        SHA256

                                                                                                        c8d50a147975ffeebbb94f3dc26216654560d99ebfcca362da835179e84eb513

                                                                                                        SHA512

                                                                                                        fc41197e0cd58e2cb533ada8a998561cd5399d04d73664db2adc02fb5b9368630bfb70de83238e65a59c72ce4b12e3afe004ea4cee3a963ab326d4c50706b9da

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        560186fe0fb6a7dcc1e288f3d7a3716b

                                                                                                        SHA1

                                                                                                        1d55a40db68c0274b57131386accb88eed9feb9f

                                                                                                        SHA256

                                                                                                        08371907d08404033c7fa0dbdac35713589beada7412874b8a3768d9978c0412

                                                                                                        SHA512

                                                                                                        a64e0964641c47be513ee4082b487c5e738ac01be5b297008a3ac16f75e18450ac2af031460d5a7ed949df21876811b76c2e7e706f0acb09ec25027e0db9ee30

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b8e0e14d-733c-4069-ab81-cf9aecda92c7.tmp

                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        5915da7189d9fc106eebc0c9e97cf7c0

                                                                                                        SHA1

                                                                                                        b325025c103de924a042f7dc90cfcc1ddfc67c20

                                                                                                        SHA256

                                                                                                        e33ae84b4ccd65a569b6875707c278a8714eaead7bd53aad45521a642facb451

                                                                                                        SHA512

                                                                                                        f68cda05f203051ad0e9e35018ba1d4c4c8a2e19011ec326eae8eb834bfb2e157743b388c459e089117f33fab4aee35518a67e0e01fe76722ac84ef4982c24df

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                        Filesize

                                                                                                        10KB

                                                                                                        MD5

                                                                                                        6e2dd918b2c22ec9d38424b34577d88b

                                                                                                        SHA1

                                                                                                        ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9

                                                                                                        SHA256

                                                                                                        037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f

                                                                                                        SHA512

                                                                                                        fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca

                                                                                                      • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\938199ca646378b696716037afc964ba

                                                                                                        Filesize

                                                                                                        5.7MB

                                                                                                        MD5

                                                                                                        938199ca646378b696716037afc964ba

                                                                                                        SHA1

                                                                                                        2d865bfeccf3badef2f64e5d6453e6ab71d5f5a7

                                                                                                        SHA256

                                                                                                        2acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e

                                                                                                        SHA512

                                                                                                        1a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

                                                                                                        Filesize

                                                                                                        488KB

                                                                                                        MD5

                                                                                                        851fee9a41856b588847cf8272645f58

                                                                                                        SHA1

                                                                                                        ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                                                                                                        SHA256

                                                                                                        5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                                                                                                        SHA512

                                                                                                        cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

                                                                                                        Filesize

                                                                                                        43KB

                                                                                                        MD5

                                                                                                        34ec990ed346ec6a4f14841b12280c20

                                                                                                        SHA1

                                                                                                        6587164274a1ae7f47bdb9d71d066b83241576f0

                                                                                                        SHA256

                                                                                                        1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                                                                                                        SHA512

                                                                                                        b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

                                                                                                        Filesize

                                                                                                        139B

                                                                                                        MD5

                                                                                                        d0104f79f0b4f03bbcd3b287fa04cf8c

                                                                                                        SHA1

                                                                                                        54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                                                                                                        SHA256

                                                                                                        997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                                                                                                        SHA512

                                                                                                        daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

                                                                                                        Filesize

                                                                                                        43B

                                                                                                        MD5

                                                                                                        c28b0fe9be6e306cc2ad30fe00e3db10

                                                                                                        SHA1

                                                                                                        af79c81bd61c9a937fca18425dd84cdf8317c8b9

                                                                                                        SHA256

                                                                                                        0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                                                                                                        SHA512

                                                                                                        e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

                                                                                                        Filesize

                                                                                                        216B

                                                                                                        MD5

                                                                                                        c2ab942102236f987048d0d84d73d960

                                                                                                        SHA1

                                                                                                        95462172699187ac02eaec6074024b26e6d71cff

                                                                                                        SHA256

                                                                                                        948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                                                                                                        SHA512

                                                                                                        e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        13babc4f212ce635d68da544339c962b

                                                                                                        SHA1

                                                                                                        4881ad2ec8eb2470a7049421047c6d076f48f1de

                                                                                                        SHA256

                                                                                                        bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                                                                                                        SHA512

                                                                                                        40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\index.html

                                                                                                        Filesize

                                                                                                        20KB

                                                                                                        MD5

                                                                                                        08d9ac1e35385587b0c3c8a73ea97234

                                                                                                        SHA1

                                                                                                        d1db15b5e97152be999339d90630f68ed06a6b78

                                                                                                        SHA256

                                                                                                        016cadaa9a8494b15efea920a5ea9c02b441e90dbc7c444e73db3b307f93a741

                                                                                                        SHA512

                                                                                                        8061a5a92f828642ea2fcb319571efa406ed67a75b4d4da1aeb3da96391a72fcde670e3e52efef62d37ddc17f7eca5afa0d35aa02bfd1bcadd8e86240cb802a6

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\basic-languages\lua\lua.js

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        8706d861294e09a1f2f7e63d19e5fcb7

                                                                                                        SHA1

                                                                                                        fa5f4bdc6c2f1728f65c41fb5c539211a24b6f23

                                                                                                        SHA256

                                                                                                        fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42

                                                                                                        SHA512

                                                                                                        1f9297eb4392db612630f824069afdc9d49259aba6361fb0b87372123ada067bc27d10d0623dc1eb7494da55c82840c5521f6fef74c1ada3b0fd801755234f1f

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.css

                                                                                                        Filesize

                                                                                                        171KB

                                                                                                        MD5

                                                                                                        233217455a3ef3604bf4942024b94f98

                                                                                                        SHA1

                                                                                                        95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

                                                                                                        SHA256

                                                                                                        2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

                                                                                                        SHA512

                                                                                                        6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.js

                                                                                                        Filesize

                                                                                                        2.0MB

                                                                                                        MD5

                                                                                                        9399a8eaa741d04b0ae6566a5ebb8106

                                                                                                        SHA1

                                                                                                        5646a9d35b773d784ad914417ed861c5cba45e31

                                                                                                        SHA256

                                                                                                        93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18

                                                                                                        SHA512

                                                                                                        d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\editor\editor.main.nls.js

                                                                                                        Filesize

                                                                                                        31KB

                                                                                                        MD5

                                                                                                        74dd2381ddbb5af80ce28aefed3068fc

                                                                                                        SHA1

                                                                                                        0996dc91842ab20387e08a46f3807a3f77958902

                                                                                                        SHA256

                                                                                                        fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48

                                                                                                        SHA512

                                                                                                        8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\vs\loader.js

                                                                                                        Filesize

                                                                                                        27KB

                                                                                                        MD5

                                                                                                        8a3086f6c6298f986bda09080dd003b1

                                                                                                        SHA1

                                                                                                        8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

                                                                                                        SHA256

                                                                                                        0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

                                                                                                        SHA512

                                                                                                        9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

                                                                                                        Filesize

                                                                                                        695KB

                                                                                                        MD5

                                                                                                        195ffb7167db3219b217c4fd439eedd6

                                                                                                        SHA1

                                                                                                        1e76e6099570ede620b76ed47cf8d03a936d49f8

                                                                                                        SHA256

                                                                                                        e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                                                                                        SHA512

                                                                                                        56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

                                                                                                        Filesize

                                                                                                        99KB

                                                                                                        MD5

                                                                                                        7a2b8cfcd543f6e4ebca43162b67d610

                                                                                                        SHA1

                                                                                                        c1c45a326249bf0ccd2be2fbd412f1a62fb67024

                                                                                                        SHA256

                                                                                                        7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

                                                                                                        SHA512

                                                                                                        e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

                                                                                                        Filesize

                                                                                                        133KB

                                                                                                        MD5

                                                                                                        a0bd0d1a66e7c7f1d97aedecdafb933f

                                                                                                        SHA1

                                                                                                        dd109ac34beb8289030e4ec0a026297b793f64a3

                                                                                                        SHA256

                                                                                                        79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                                                                                                        SHA512

                                                                                                        2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

                                                                                                        Filesize

                                                                                                        5.2MB

                                                                                                        MD5

                                                                                                        aead90ab96e2853f59be27c4ec1e4853

                                                                                                        SHA1

                                                                                                        43cdedde26488d3209e17efff9a51e1f944eb35f

                                                                                                        SHA256

                                                                                                        46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                                                                                        SHA512

                                                                                                        f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

                                                                                                        Filesize

                                                                                                        4.3MB

                                                                                                        MD5

                                                                                                        48521b6f8acefe8cd61b4ffc80b1d28d

                                                                                                        SHA1

                                                                                                        f553cca3439424585eefe2ecebeaeaa6b447950d

                                                                                                        SHA256

                                                                                                        69415bde05f368f24b38418244c6038c405cc0d3ff52d87a089e37c0100bc922

                                                                                                        SHA512

                                                                                                        4b7e87140370e5f0134da35734e18d7f8f60265241cbf7050c202474da8bd98505923113bcf51951d7e73ce79bddf14c8f1b6e4a9296cca140b7b326d2c90415

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

                                                                                                        Filesize

                                                                                                        85KB

                                                                                                        MD5

                                                                                                        f8f4522d11178a26e97e2046f249dfa7

                                                                                                        SHA1

                                                                                                        8b591d9a37716e235260fb6b3f601e4ccbebf15d

                                                                                                        SHA256

                                                                                                        3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0

                                                                                                        SHA512

                                                                                                        52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        f428ea0697dc6d9ab2a83e929592977d

                                                                                                        SHA1

                                                                                                        2f5973e08fed9e18c097e71d9f3c49116ca2d509

                                                                                                        SHA256

                                                                                                        fe70a92a0da043c5977f253ccf6fdf136f8b5855301dbc047f1a733bcaf0b0e3

                                                                                                        SHA512

                                                                                                        e2388f9cd7ccc4139436cd9981381abb483b4355e9c7e11a27fc63114553931cbf54686e246148318a7ca9c696c4a0825c0d1477c66772a11ad88ab749ae8997

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        8cfbf97d1bf196b222ac0e5d80cf8b57

                                                                                                        SHA1

                                                                                                        d1c292f3e8041ee55a1ff02f62084b7b8854727b

                                                                                                        SHA256

                                                                                                        e14525e179f57105444bd54f9d50879a1768e26c03235d44927ef6b40c3421f6

                                                                                                        SHA512

                                                                                                        a2afa14df4decfe9a9ff1a3b5f96ae7699ccec395a075c23a311050ee6d7d5e7eb91e0a4f63c9223a590dd821b2716e9c006633f520fb173ecc870eefd2153bb

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        2e4d97d3771a8d8224fef5f8924e3679

                                                                                                        SHA1

                                                                                                        3024dbead32c6f093dab1b09ad7b01c07049beb0

                                                                                                        SHA256

                                                                                                        cbc17c81525a9772bd25745cf195f05a3cdf8bd15045dcb0410cfc4855bda877

                                                                                                        SHA512

                                                                                                        1efbd6dd27310753cbb0cb52c42e0a70f1dc4e84da13b75df84aa016aa1f2abeb09d6ebafef28140ea90b53f45586e752f6ccc9a3be0ff03afd884d397f13126

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

                                                                                                        Filesize

                                                                                                        20B

                                                                                                        MD5

                                                                                                        9e4e94633b73f4a7680240a0ffd6cd2c

                                                                                                        SHA1

                                                                                                        e68e02453ce22736169a56fdb59043d33668368f

                                                                                                        SHA256

                                                                                                        41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                                                        SHA512

                                                                                                        193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT

                                                                                                        Filesize

                                                                                                        16B

                                                                                                        MD5

                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                        SHA1

                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                        SHA256

                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                        SHA512

                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                        Filesize

                                                                                                        41B

                                                                                                        MD5

                                                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                        SHA1

                                                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                        SHA256

                                                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                        SHA512

                                                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State

                                                                                                        Filesize

                                                                                                        935B

                                                                                                        MD5

                                                                                                        9939f561d05b3634e1b4044f407faea3

                                                                                                        SHA1

                                                                                                        95b7387dd9c554486b740552ab1ff83b2f4456dd

                                                                                                        SHA256

                                                                                                        0e226d5ca982f0a53c818760af879f0546944feaf383625e919061afe9083963

                                                                                                        SHA512

                                                                                                        43e3b7c263036647676736b2515fc781c342169eae871236d42220f66b9b998754f0f782bc1b8ca7ae5f88994b756efd644013d7a833c87586b272e4ebac8478

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network Persistent State~RFe58b7f1.TMP

                                                                                                        Filesize

                                                                                                        59B

                                                                                                        MD5

                                                                                                        2800881c775077e1c4b6e06bf4676de4

                                                                                                        SHA1

                                                                                                        2873631068c8b3b9495638c865915be822442c8b

                                                                                                        SHA256

                                                                                                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                        SHA512

                                                                                                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        43019b22a04f28ff036be875655e4d1f

                                                                                                        SHA1

                                                                                                        18b761646c1e80c4fc4a914b430d23cb2fb304db

                                                                                                        SHA256

                                                                                                        6048dc932fbd7b9469f533c13f68d5fff52148ed221d7af71f04551d86166a74

                                                                                                        SHA512

                                                                                                        f1948b8bd49174e539aa0a2c4d3c2c38e3214e170a9ef63f714a08041ecb0daccecc63766904ffca9aac183cd5aaad670b6c66f10acb90b10ff9e56b0c191a36

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        220af775020bd37e46fa020aa623e7ab

                                                                                                        SHA1

                                                                                                        8e9b121503551e4eb83d31eea453de02b846dd99

                                                                                                        SHA256

                                                                                                        0d6339f873bfa8873036b61c84757a71c6276dbc124ffad95809961d230a4bab

                                                                                                        SHA512

                                                                                                        f92d8c47e06ae6bf7256aa00242e7f40e723b2f7e813182bef78f47e6f2ffb705a22070969ec9a408b6231d803f68c2caf13aa7dcea8c7167f3180bc9c1871fb

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        fe946f325a17db98565be053772ad9ff

                                                                                                        SHA1

                                                                                                        974e62831a1d8b1c2cfea6da6e4d31defab8054a

                                                                                                        SHA256

                                                                                                        541d1b0a21a9a492d9b61786058bd67886c17d9f50d5c5632420c1dc3c0cc1b0

                                                                                                        SHA512

                                                                                                        7c6d641c1d21e2c199b3b9a975277cc399ae258a51f4d493fb8a1ac41e2bb504a59ff613590ce3cfa6f331afb04a987e247403a776c8b880acc608a58ce0f201

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences~RFe580c8e.TMP

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        a00da0a0d211e3a016f14b534bfbdc2f

                                                                                                        SHA1

                                                                                                        be8c710f9f64897eca78dae81a425f6e8fb7480d

                                                                                                        SHA256

                                                                                                        63541145fb21f57fe343c651fcd511d9db2b3b54f1667bd2c9eb86a658132e15

                                                                                                        SHA512

                                                                                                        a6161db11de3564155b2d62998c44af84c85d22ae5218b1df3d99523ea4525982e50dbcd8b8edf794b69a9795cc37ba62b719ee11a19a82fc71b65ee9a96039d

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                        Filesize

                                                                                                        16B

                                                                                                        MD5

                                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                                        SHA1

                                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                        SHA256

                                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                        SHA512

                                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        9e8fac9ad7c2486b4b82e0b25efe1a00

                                                                                                        SHA1

                                                                                                        c2b3ee9a2de24e13930f0f2b4079f2d7a9b8614e

                                                                                                        SHA256

                                                                                                        a5809b7645ffec583eeebbd84bca080f4b200c8e04760ca313affd5aee16455c

                                                                                                        SHA512

                                                                                                        dc0864999c30ddc8c7f93b60ce2308192061ee645f67ddab585ee9d63593f8b70307ac4dc2c39fa6824fbb70bcd89fdb53859d08ae7a3234cb4ee31bbd2c2317

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                                                                        Filesize

                                                                                                        9KB

                                                                                                        MD5

                                                                                                        dd594c1598ae13dd188f5e1fd6f4038e

                                                                                                        SHA1

                                                                                                        c282f5fcb864562e395e8343649db2ae83312107

                                                                                                        SHA256

                                                                                                        5490dd6a72c6ff4e4e1e692329696731856ded7f40b91fe09f20853e15ca310d

                                                                                                        SHA512

                                                                                                        8ed4324752711d12788ad57c31476b2d381dd004a57fd614f64685a005ae92c2a1a40e4dbe8c78a2d927fdba4675f526a86d834776758b81fc0d7e2bfdceba69

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                                                                        Filesize

                                                                                                        9KB

                                                                                                        MD5

                                                                                                        9941d2f2fa39a3b299b5a40adbdc832a

                                                                                                        SHA1

                                                                                                        ba7299fc465dc53f3d03b3b6429a30ae93fd55ab

                                                                                                        SHA256

                                                                                                        2ec1d186dff5e4c1529180b1df15841a8179b2b32dc7f88a3e8a1f31913ff484

                                                                                                        SHA512

                                                                                                        c4f9c7251f465dc950b029a46177af97d3136793033eeb073d7f5ece356117e95496cb5482e3bd5d627f8cf816d770d740b65c19457eec60fda8682f677b2d5b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe57e772.TMP

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        MD5

                                                                                                        077bd779ee3b26b4c36f608e42b27195

                                                                                                        SHA1

                                                                                                        e8d67355caf131706e0960ddaa107c98181ead36

                                                                                                        SHA256

                                                                                                        c26a389ac8d7cd9e9b9d0f78ac177c798300944a2b0b56369052bdffae267f78

                                                                                                        SHA512

                                                                                                        3dd9d16f1cdd776f489d6b9f252e4f358bf15d8719488bc6cd66e4ec3f07dfe0d5e22372eff8cc9b614bf9d7cb45e0f2f4720a842184731a332c31f4a0b88070

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Advertising

                                                                                                        Filesize

                                                                                                        24KB

                                                                                                        MD5

                                                                                                        1cc67aa27d683e35f6e2d52e27794fed

                                                                                                        SHA1

                                                                                                        6061d27882d9afb4bb885ed3be65b0bd44341e4b

                                                                                                        SHA256

                                                                                                        3c2451d0820eb623c7e95da72017071fce5c5091c168f1b18b3010e914ef84d5

                                                                                                        SHA512

                                                                                                        34776fb3abd952aece898051293773ac220391e6b114445317c9b51757a858cded9596e84c32e3019b7d9d660dfa880456b5b6c0ee6e10a64fe3431340132deb

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Analytics

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        da298eacf42b8fd3bf54b5030976159b

                                                                                                        SHA1

                                                                                                        a976f4f5e2d81f80dc0e8a10595190f35e9d324b

                                                                                                        SHA256

                                                                                                        3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

                                                                                                        SHA512

                                                                                                        5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\CompatExceptions

                                                                                                        Filesize

                                                                                                        689B

                                                                                                        MD5

                                                                                                        108de320dc5348d3b6af1f06a4374407

                                                                                                        SHA1

                                                                                                        90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

                                                                                                        SHA256

                                                                                                        5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

                                                                                                        SHA512

                                                                                                        70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Content

                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        de67adf873370835f12a4962fa4b3a85

                                                                                                        SHA1

                                                                                                        99831e0a001b8604b5b431d09307273872d5f07e

                                                                                                        SHA256

                                                                                                        76975bf9dc15a979cfbf917496c385767357e1ce7ff30ac94dcc901cbc74607b

                                                                                                        SHA512

                                                                                                        f1ea69a38500afd96903d60f9bb2308ea1c368e28e970669467e8d7c637268774374dffe92fbe02a6d043ff0fb763913790ba617b5251cb46ee000423b591cc7

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Cryptomining

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        16779f9f388a6dbefdcaa33c25db08f6

                                                                                                        SHA1

                                                                                                        d0bfd4788f04251f4f2ac42be198fb717e0046ae

                                                                                                        SHA256

                                                                                                        75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

                                                                                                        SHA512

                                                                                                        abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Entities

                                                                                                        Filesize

                                                                                                        68KB

                                                                                                        MD5

                                                                                                        571c13809cc4efaff6e0b650858b9744

                                                                                                        SHA1

                                                                                                        83e82a841f1565ad3c395cbc83cb5b0a1e83e132

                                                                                                        SHA256

                                                                                                        ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

                                                                                                        SHA512

                                                                                                        93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Fingerprinting

                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        b46196ad79c9ef6ddacc36b790350ca9

                                                                                                        SHA1

                                                                                                        3df9069231c232fe8571a4772eb832fbbe376c23

                                                                                                        SHA256

                                                                                                        a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

                                                                                                        SHA512

                                                                                                        61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Other

                                                                                                        Filesize

                                                                                                        34B

                                                                                                        MD5

                                                                                                        cd0395742b85e2b669eaec1d5f15b65b

                                                                                                        SHA1

                                                                                                        43c81d1c62fc7ff94f9364639c9a46a0747d122e

                                                                                                        SHA256

                                                                                                        2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

                                                                                                        SHA512

                                                                                                        4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Mu\Social

                                                                                                        Filesize

                                                                                                        355B

                                                                                                        MD5

                                                                                                        4c817c4cb035841975c6738aa05742d9

                                                                                                        SHA1

                                                                                                        1d89da38b339cd9a1aadfc824ed8667018817d4e

                                                                                                        SHA256

                                                                                                        4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

                                                                                                        SHA512

                                                                                                        fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Advertising

                                                                                                        Filesize

                                                                                                        997B

                                                                                                        MD5

                                                                                                        d81750ec7af7709a55e2d1c830d123e6

                                                                                                        SHA1

                                                                                                        c2f118b9c96d8b793ea751ff17fe4e2b945bd8a5

                                                                                                        SHA256

                                                                                                        28ca4a595aea39469c715d2a64d026cde5a5fba021d8471b7183fdd019df2081

                                                                                                        SHA512

                                                                                                        a6b4c4c97fb47a158fe5eb2125cb42b7ea1d37df90c652ce31396a29b224f94834a4ea36d1ffc61bf6da4316e8fec5f139054be15466193cf6080621286effd9

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Analytics

                                                                                                        Filesize

                                                                                                        126B

                                                                                                        MD5

                                                                                                        c4acde1c5f5561bdddbc9846e9f3d2f2

                                                                                                        SHA1

                                                                                                        520973b512aa1a374e18518f85dc801b3fc1767e

                                                                                                        SHA256

                                                                                                        9fa640bc46d85197048b78253c2745aca7c7d48d023d55269c11e9b8d66ea703

                                                                                                        SHA512

                                                                                                        d938ae798f11b348bf2c57995fd3731c4ee24d03fb59fc2708bd15fdbdacae21ada1123e3ef08b328ed140366f590d4afc4799ba77a97cf7fe186f815d107a73

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Content

                                                                                                        Filesize

                                                                                                        36B

                                                                                                        MD5

                                                                                                        7f077f40c2d1ce8e95faa8fdb23ed8b4

                                                                                                        SHA1

                                                                                                        2c329e3e20ea559974ddcaabc2c7c22de81e7ad2

                                                                                                        SHA256

                                                                                                        bda08f8b53c121bbc03da1f5c870c016b06fa620a2c02375988555dd12889cdf

                                                                                                        SHA512

                                                                                                        c1fb5d40491ae22a155a9bd115c32cbe9dbcba615545af2f1a252475f9d59844763cd7c177f08277d8ef59e873b7d885fda17f2a504d9ec2c181d0f793cb542b

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Cryptomining

                                                                                                        Filesize

                                                                                                        32B

                                                                                                        MD5

                                                                                                        4ec1eda0e8a06238ff5bf88569964d59

                                                                                                        SHA1

                                                                                                        a2e78944fcac34d89385487ccbbfa4d8f078d612

                                                                                                        SHA256

                                                                                                        696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

                                                                                                        SHA512

                                                                                                        c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Entities

                                                                                                        Filesize

                                                                                                        16KB

                                                                                                        MD5

                                                                                                        011dd90f861d72166efe3a81634e69aa

                                                                                                        SHA1

                                                                                                        7219b5188a6bc52f22864a8afec7906b3225b40f

                                                                                                        SHA256

                                                                                                        46c606fa05ccd710c8212f816b3db43ed5a2102e2239ac508b6797a2d83d5c45

                                                                                                        SHA512

                                                                                                        4d41d4a97fa741da3f7a9530f6e5d02010efe57f2c15d4d91130c06931b896fa116294fa441399f2d7eb16cde6a7d11ca7d5781db3e3e18f31704528abcedb5a

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Fingerprinting

                                                                                                        Filesize

                                                                                                        172B

                                                                                                        MD5

                                                                                                        3852430540e0356d1ba68f31be011533

                                                                                                        SHA1

                                                                                                        d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

                                                                                                        SHA256

                                                                                                        f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

                                                                                                        SHA512

                                                                                                        7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Other

                                                                                                        Filesize

                                                                                                        75B

                                                                                                        MD5

                                                                                                        c6c7f3ee1e17acbff6ac22aa89b02e4e

                                                                                                        SHA1

                                                                                                        bdbd0220e54b80b3d2ffbbddadc89bfbb8e64a8b

                                                                                                        SHA256

                                                                                                        a2f9f27d6938a74979d34484bced535412969c2533dc694bfa667fe81d66d7d4

                                                                                                        SHA512

                                                                                                        86ed28ffdd00b4a397a20968792fcd30dd4a891a187a7789c00c88b64689b334a11fa087eb54ccee813c181cf891b43184dde7af9a6f33caed2a71e2c445a7b4

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Social

                                                                                                        Filesize

                                                                                                        3KB

                                                                                                        MD5

                                                                                                        ae92ac226ba04a34a6e8f1140f04bbbf

                                                                                                        SHA1

                                                                                                        db368322491478a19ca31244b2af1e3988d8645d

                                                                                                        SHA256

                                                                                                        19031c7f1b4ef0c92222723114164ed772c7811205f646821ddc41e4901480a0

                                                                                                        SHA512

                                                                                                        1b6b5144cd87d4e06fe240aedc6e46cd4019457903ec267be5b450690cb56c88430bd43bad086afe13c122d93e2b1aac50c129033a9a4197ec3e6ebdb161e038

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.25\Sigma\Staging

                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        61dddcad6e2e3bd2b440facc1f56c7a7

                                                                                                        SHA1

                                                                                                        be7750704fa3b007e20c7366e364b3194e4d5587

                                                                                                        SHA256

                                                                                                        35a7a93fe66261463bdafeddc46bf9ddcc79f0ef81244066b9332f71da23aff6

                                                                                                        SHA512

                                                                                                        40d87f54c00825ddd5cf96d5fc4760835520d008d884fb2d35c28a1397946e491a156423cf28bf29bdfa1cb669694833786ca273bba91176b8586ad092bd7927

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

                                                                                                        Filesize

                                                                                                        522KB

                                                                                                        MD5

                                                                                                        e31f5136d91bad0fcbce053aac798a30

                                                                                                        SHA1

                                                                                                        ee785d2546aec4803bcae08cdebfd5d168c42337

                                                                                                        SHA256

                                                                                                        ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

                                                                                                        SHA512

                                                                                                        a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

                                                                                                        Filesize

                                                                                                        113KB

                                                                                                        MD5

                                                                                                        75365924730b0b2c1a6ee9028ef07685

                                                                                                        SHA1

                                                                                                        a10687c37deb2ce5422140b541a64ac15534250f

                                                                                                        SHA256

                                                                                                        945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

                                                                                                        SHA512

                                                                                                        c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                                        Filesize

                                                                                                        2B

                                                                                                        MD5

                                                                                                        f3b25701fe362ec84616a93a45ce9998

                                                                                                        SHA1

                                                                                                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                        SHA256

                                                                                                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                        SHA512

                                                                                                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 642753.crdownload

                                                                                                        Filesize

                                                                                                        5.3MB

                                                                                                        MD5

                                                                                                        f8abc05327115c321307efaf662498bb

                                                                                                        SHA1

                                                                                                        4d848adb9b0a5b278f97f75fa125145dcbffd572

                                                                                                        SHA256

                                                                                                        c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f

                                                                                                        SHA512

                                                                                                        a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4

                                                                                                      • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

                                                                                                        Filesize

                                                                                                        280B

                                                                                                        MD5

                                                                                                        0d15dfd24214caf3caf3529b152582f1

                                                                                                        SHA1

                                                                                                        acb5db4b2e01fe195be4e2abb719b81969ea5a13

                                                                                                        SHA256

                                                                                                        3873dcd00813603530927f18ee295fe0688d07ae775ebf09f90a89e7ef697ea8

                                                                                                        SHA512

                                                                                                        2593244d48f1bb70da1f21de21ff23d991232be42bbfee034d67708a7574754d2d6c97c9911b631ceac684d233ecba4a93c2a33ef093bc5641cb56bffab7a7d8

                                                                                                      • \??\pipe\LOCAL\crashpad_1692_AIVLPZRDGIZCQURA

                                                                                                        MD5

                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                        SHA1

                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                        SHA256

                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                        SHA512

                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                      • memory/1184-1659-0x000001E862810000-0x000001E8628E6000-memory.dmp

                                                                                                        Filesize

                                                                                                        856KB

                                                                                                      • memory/1392-1773-0x000002B28F6D0000-0x000002B28F7A6000-memory.dmp

                                                                                                        Filesize

                                                                                                        856KB

                                                                                                      • memory/2036-1805-0x00000228461A0000-0x0000022846276000-memory.dmp

                                                                                                        Filesize

                                                                                                        856KB

                                                                                                      • memory/2340-5-0x0000000005BF0000-0x0000000005C02000-memory.dmp

                                                                                                        Filesize

                                                                                                        72KB

                                                                                                      • memory/2340-0-0x000000007445E000-0x000000007445F000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/2340-1-0x00000000004D0000-0x00000000004DA000-memory.dmp

                                                                                                        Filesize

                                                                                                        40KB

                                                                                                      • memory/2340-2-0x0000000002950000-0x000000000295A000-memory.dmp

                                                                                                        Filesize

                                                                                                        40KB

                                                                                                      • memory/2340-1472-0x0000000074450000-0x0000000074C01000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/2340-3-0x0000000074450000-0x0000000074C01000-memory.dmp

                                                                                                        Filesize

                                                                                                        7.7MB

                                                                                                      • memory/3412-1619-0x00007FFFF8CD0000-0x00007FFFF8CF4000-memory.dmp

                                                                                                        Filesize

                                                                                                        144KB

                                                                                                      • memory/3412-1492-0x00007FFFE6C60000-0x00007FFFE7722000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                      • memory/3412-1669-0x00007FFFE6C60000-0x00007FFFE7722000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                      • memory/3412-1479-0x000001FE74A30000-0x000001FE74AAE000-memory.dmp

                                                                                                        Filesize

                                                                                                        504KB

                                                                                                      • memory/3412-1481-0x000001FE5BE20000-0x000001FE5BE2E000-memory.dmp

                                                                                                        Filesize

                                                                                                        56KB

                                                                                                      • memory/3412-1618-0x0000000180000000-0x0000000180B28000-memory.dmp

                                                                                                        Filesize

                                                                                                        11.2MB

                                                                                                      • memory/3412-1663-0x00007FFFE6C63000-0x00007FFFE6C65000-memory.dmp

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                      • memory/3412-1473-0x000001FE5A140000-0x000001FE5A15A000-memory.dmp

                                                                                                        Filesize

                                                                                                        104KB

                                                                                                      • memory/3412-1665-0x000001FE793B0000-0x000001FE79462000-memory.dmp

                                                                                                        Filesize

                                                                                                        712KB

                                                                                                      • memory/3412-1471-0x00007FFFE6C63000-0x00007FFFE6C65000-memory.dmp

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                      • memory/3412-1477-0x000001FE74970000-0x000001FE74A2A000-memory.dmp

                                                                                                        Filesize

                                                                                                        744KB

                                                                                                      • memory/3412-1498-0x000001FE74DA0000-0x000001FE74DD8000-memory.dmp

                                                                                                        Filesize

                                                                                                        224KB

                                                                                                      • memory/3412-1476-0x000001FE74DF0000-0x000001FE7532C000-memory.dmp

                                                                                                        Filesize

                                                                                                        5.2MB

                                                                                                      • memory/3412-1493-0x0000000180000000-0x0000000180B28000-memory.dmp

                                                                                                        Filesize

                                                                                                        11.2MB

                                                                                                      • memory/3412-1666-0x000001FE78970000-0x000001FE78992000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                      • memory/3412-1495-0x0000000180000000-0x0000000180B28000-memory.dmp

                                                                                                        Filesize

                                                                                                        11.2MB

                                                                                                      • memory/3412-1494-0x0000000180000000-0x0000000180B28000-memory.dmp

                                                                                                        Filesize

                                                                                                        11.2MB

                                                                                                      • memory/3412-1496-0x0000000180000000-0x0000000180B28000-memory.dmp

                                                                                                        Filesize

                                                                                                        11.2MB

                                                                                                      • memory/3412-1497-0x000001FE74CF0000-0x000001FE74CF8000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                      • memory/3412-1475-0x00007FFFE6C60000-0x00007FFFE7722000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                      • memory/3412-1499-0x000001FE74D60000-0x000001FE74D6E000-memory.dmp

                                                                                                        Filesize

                                                                                                        56KB

                                                                                                      • memory/4900-1658-0x0000015B146B0000-0x0000015B14786000-memory.dmp

                                                                                                        Filesize

                                                                                                        856KB

                                                                                                      • memory/4900-1520-0x00007FF806930000-0x00007FF806931000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/5044-1660-0x0000026C58B40000-0x0000026C58C16000-memory.dmp

                                                                                                        Filesize

                                                                                                        856KB