Resubmissions

09-06-2024 11:03

240609-m5srbsad68 9

09-06-2024 10:58

240609-m2v3aahf6x 6

Analysis

  • max time kernel
    543s
  • max time network
    545s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 11:03

General

  • Target

    https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 30 IoCs
  • Loads dropped DLL 54 IoCs
  • Registers COM server for autorun 1 TTPs 33 IoCs
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
      2⤵
        PID:3608
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:3928
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2572
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
          2⤵
            PID:1168
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:548
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:1928
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                2⤵
                  PID:1340
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                  2⤵
                    PID:2944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
                    2⤵
                      PID:1860
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:412
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                      2⤵
                        PID:4568
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                        2⤵
                          PID:1364
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5804 /prefetch:8
                          2⤵
                            PID:540
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                            2⤵
                              PID:3024
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4644
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
                              2⤵
                                PID:2608
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                2⤵
                                  PID:2056
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4656
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                                  2⤵
                                    PID:4280
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3568 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1220
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6840 /prefetch:8
                                    2⤵
                                      PID:4432
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6940 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4968
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                                      2⤵
                                        PID:3864
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                                        2⤵
                                          PID:4848
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
                                          2⤵
                                            PID:1132
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                                            2⤵
                                              PID:4400
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6304 /prefetch:8
                                              2⤵
                                                PID:4360
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2208
                                              • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Checks whether UAC is enabled
                                                • Drops file in Program Files directory
                                                • Enumerates system info in registry
                                                • Modifies Internet Explorer settings
                                                • Modifies registry class
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5100
                                                • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                  MicrosoftEdgeWebview2Setup.exe /silent /install
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Program Files directory
                                                  PID:2624
                                                  • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                    4⤵
                                                    • Sets file execution options in registry
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1796
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:4436
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:3660
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Registers COM server for autorun
                                                        • Modifies registry class
                                                        PID:4412
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Registers COM server for autorun
                                                        • Modifies registry class
                                                        PID:1880
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                        6⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Registers COM server for autorun
                                                        • Modifies registry class
                                                        PID:1684
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGOEM2MzZFMC1FRjc1LTRGOTYtOTNBQy0zNzE3MjRBNjQ5MjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNTIyNDQxODAiIGluc3RhbGxfdGltZV9tcz0iNTUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      PID:4388
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C60482A6-C041-4EC7-86FA-CFD25E84EA5D}" /silent
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      PID:4512
                                                • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe
                                                  "C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of UnmapMainImage
                                                  PID:2208
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:1396
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2136
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:3632
                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe"
                                                    1⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2544
                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                                      2⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks whether UAC is enabled
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:552
                                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=552.4804.1659089329764480737
                                                        3⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • Enumerates system info in registry
                                                        • Modifies data under HKEY_USERS
                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                        • System policy modification
                                                        PID:4900
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x178,0x17c,0x180,0x154,0x18c,0x7ffb75934ef8,0x7ffb75934f04,0x7ffb75934f10
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:792
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:2660
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2016,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:1752
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2212,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:3908
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3484,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
                                                          4⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:1668
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4248,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:5688
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4736,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:5912
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=784,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:4336
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=780 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2144
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4840,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:5708
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4932
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • Modifies data under HKEY_USERS
                                                      PID:2988
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMkFBRjBGMC1CNzc5LTRERjUtQTRDQy0yQkRENDAwREU3OUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNTcxOTQxNTciLz48L2FwcD48L3JlcXVlc3Q-
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:2072
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:3776
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          PID:4828
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff616a54b18,0x7ff616a54b24,0x7ff616a54b30
                                                            4⤵
                                                            • Executes dropped EXE
                                                            PID:4732
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3QkVDNzAwQS05MzZCLTRBQzEtQjBEOS1EMUQ1Q0ExNkQ3N0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS45MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM2NDY0NDE3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNjQ3NDQzMTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjI0ODM0MjMzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xOTlkNmIyMi02ZjhlLTQ2MjAtODAyOS1mN2UzYTJhM2ZkZWE_UDE9MTcxODUzNjE0NSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TcFElMmJRbTAlMmZQT2ZrMzVqTHZFWkhlYmpJcndybSUyYnE4a0VGYlRvdnZaSW12UEY1SnBFSk5wJTJieSUyZk1RM1ZCSzhGTG5QZ2d2JTJid1hWNlF4R2glMmZhdFhha3pBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczODEwNzUyIiB0b3RhbD0iMTczODEwNzUyIiBkb3dubG9hZF90aW1lX21zPSIxOTMxOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2MjQ5MTQyMjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjM4Mzg0MjE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDc0MTU0Mjc4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzI1IiBkb3dubG9hZF90aW1lX21zPSIyNTk4OCIgZG93bmxvYWRlZD0iMTczODEwNzUyIiB0b3RhbD0iMTczODEwNzUyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzU3NSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:1376
                                                    • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe
                                                      "C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of UnmapMainImage
                                                      PID:5668

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exe

                                                      Filesize

                                                      6.9MB

                                                      MD5

                                                      d42926508ba6626be0143a2aa5275ba9

                                                      SHA1

                                                      ca2b45426611211dcd47fe66c9255ab81b843943

                                                      SHA256

                                                      9595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a

                                                      SHA512

                                                      53aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\EdgeUpdate.dat

                                                      Filesize

                                                      12KB

                                                      MD5

                                                      369bbc37cff290adb8963dc5e518b9b8

                                                      SHA1

                                                      de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                      SHA256

                                                      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                      SHA512

                                                      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeComRegisterShellARM64.exe

                                                      Filesize

                                                      179KB

                                                      MD5

                                                      7a160c6016922713345454265807f08d

                                                      SHA1

                                                      e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                      SHA256

                                                      35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                      SHA512

                                                      c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdate.exe

                                                      Filesize

                                                      201KB

                                                      MD5

                                                      4dc57ab56e37cd05e81f0d8aaafc5179

                                                      SHA1

                                                      494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                      SHA256

                                                      87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                      SHA512

                                                      320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                      Filesize

                                                      212KB

                                                      MD5

                                                      60dba9b06b56e58f5aea1a4149c743d2

                                                      SHA1

                                                      a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                      SHA256

                                                      4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                      SHA512

                                                      e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdateCore.exe

                                                      Filesize

                                                      257KB

                                                      MD5

                                                      c044dcfa4d518df8fc9d4a161d49cece

                                                      SHA1

                                                      91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                      SHA256

                                                      9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                      SHA512

                                                      f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\NOTICE.TXT

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      6dd5bf0743f2366a0bdd37e302783bcd

                                                      SHA1

                                                      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                      SHA256

                                                      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                      SHA512

                                                      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdate.dll

                                                      Filesize

                                                      2.0MB

                                                      MD5

                                                      965b3af7886e7bf6584488658c050ca2

                                                      SHA1

                                                      72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                      SHA256

                                                      d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                      SHA512

                                                      1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_af.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      567aec2d42d02675eb515bbd852be7db

                                                      SHA1

                                                      66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                      SHA256

                                                      a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                      SHA512

                                                      3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_am.dll

                                                      Filesize

                                                      24KB

                                                      MD5

                                                      f6c1324070b6c4e2a8f8921652bfbdfa

                                                      SHA1

                                                      988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                      SHA256

                                                      986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                      SHA512

                                                      63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_ar.dll

                                                      Filesize

                                                      26KB

                                                      MD5

                                                      570efe7aa117a1f98c7a682f8112cb6d

                                                      SHA1

                                                      536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                      SHA256

                                                      e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                      SHA512

                                                      5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_as.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      a8d3210e34bf6f63a35590245c16bc1b

                                                      SHA1

                                                      f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                      SHA256

                                                      3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                      SHA512

                                                      6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_az.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      7937c407ebe21170daf0975779f1aa49

                                                      SHA1

                                                      4c2a40e76209abd2492dfaaf65ef24de72291346

                                                      SHA256

                                                      5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                      SHA512

                                                      8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_bg.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      8375b1b756b2a74a12def575351e6bbd

                                                      SHA1

                                                      802ec096425dc1cab723d4cf2fd1a868315d3727

                                                      SHA256

                                                      a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                      SHA512

                                                      aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_bn-IN.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      a94cf5e8b1708a43393263a33e739edd

                                                      SHA1

                                                      1068868bdc271a52aaae6f749028ed3170b09cce

                                                      SHA256

                                                      5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                      SHA512

                                                      920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_bn.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      7dc58c4e27eaf84ae9984cff2cc16235

                                                      SHA1

                                                      3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                      SHA256

                                                      e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                      SHA512

                                                      bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_bs.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      e338dccaa43962697db9f67e0265a3fc

                                                      SHA1

                                                      4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                      SHA256

                                                      99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                      SHA512

                                                      e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      2929e8d496d95739f207b9f59b13f925

                                                      SHA1

                                                      7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                      SHA256

                                                      2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                      SHA512

                                                      ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_ca.dll

                                                      Filesize

                                                      30KB

                                                      MD5

                                                      39551d8d284c108a17dc5f74a7084bb5

                                                      SHA1

                                                      6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                      SHA256

                                                      8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                      SHA512

                                                      6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_cs.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      16c84ad1222284f40968a851f541d6bb

                                                      SHA1

                                                      bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                      SHA256

                                                      e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                      SHA512

                                                      d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_cy.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      34d991980016595b803d212dc356d765

                                                      SHA1

                                                      e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                      SHA256

                                                      252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                      SHA512

                                                      8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_da.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      d34380d302b16eab40d5b63cfb4ed0fe

                                                      SHA1

                                                      1d3047119e353a55dc215666f2b7b69f0ede775b

                                                      SHA256

                                                      fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                      SHA512

                                                      45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_de.dll

                                                      Filesize

                                                      30KB

                                                      MD5

                                                      aab01f0d7bdc51b190f27ce58701c1da

                                                      SHA1

                                                      1a21aabab0875651efd974100a81cda52c462997

                                                      SHA256

                                                      061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                      SHA512

                                                      5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_el.dll

                                                      Filesize

                                                      30KB

                                                      MD5

                                                      ac275b6e825c3bd87d96b52eac36c0f6

                                                      SHA1

                                                      29e537d81f5d997285b62cd2efea088c3284d18f

                                                      SHA256

                                                      223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                      SHA512

                                                      bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_en-GB.dll

                                                      Filesize

                                                      27KB

                                                      MD5

                                                      d749e093f263244d276b6ffcf4ef4b42

                                                      SHA1

                                                      69f024c769632cdbb019943552bac5281d4cbe05

                                                      SHA256

                                                      fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                      SHA512

                                                      48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_en.dll

                                                      Filesize

                                                      27KB

                                                      MD5

                                                      4a1e3cf488e998ef4d22ac25ccc520a5

                                                      SHA1

                                                      dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                      SHA256

                                                      9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                      SHA512

                                                      ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_es-419.dll

                                                      Filesize

                                                      29KB

                                                      MD5

                                                      28fefc59008ef0325682a0611f8dba70

                                                      SHA1

                                                      f528803c731c11d8d92c5660cb4125c26bb75265

                                                      SHA256

                                                      55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                                      SHA512

                                                      2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_es.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      9db7f66f9dc417ebba021bc45af5d34b

                                                      SHA1

                                                      6815318b05019f521d65f6046cf340ad88e40971

                                                      SHA256

                                                      e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                                      SHA512

                                                      943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                                    • C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_et.dll

                                                      Filesize

                                                      28KB

                                                      MD5

                                                      b78cba3088ecdc571412955742ea560b

                                                      SHA1

                                                      bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                                      SHA256

                                                      f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                                      SHA512

                                                      04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                                    • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                      Filesize

                                                      5.3MB

                                                      MD5

                                                      d6ec3ffe6c3b16f94d459947f56cab5f

                                                      SHA1

                                                      f6a05ce1e412ac4273ad362ab9ff8c314bb80747

                                                      SHA256

                                                      87eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9

                                                      SHA512

                                                      9a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484

                                                    • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

                                                      Filesize

                                                      1.5MB

                                                      MD5

                                                      610b1b60dc8729bad759c92f82ee2804

                                                      SHA1

                                                      9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                      SHA256

                                                      921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                      SHA512

                                                      0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                    • C:\Program Files\MsEdgeCrashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      295bbca479c9ba1031c59f11218cff3d

                                                      SHA1

                                                      47fb528bef6eb4d5c9f65d57939bc90b2c5d7317

                                                      SHA256

                                                      b558d6b4266475dd3bfe6aea3f1c345d8866fe67258d44cb158db7033877ea8d

                                                      SHA512

                                                      60bab65511d744a48c442af7c4fc6e66da4dec4ba731b8fc9207e305905b46b24945ecca7f5fdde34b571fabc58ec9fd6662b9173216c5c74e874f7a4d48eb59

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping4900_634548441\manifest.json

                                                      Filesize

                                                      113B

                                                      MD5

                                                      b6911958067e8d96526537faed1bb9ef

                                                      SHA1

                                                      a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

                                                      SHA256

                                                      341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

                                                      SHA512

                                                      62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

                                                    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                      Filesize

                                                      60KB

                                                      MD5

                                                      f28fc4190058388e8bd36a749cab9051

                                                      SHA1

                                                      356779d652184657db550c3ce63ed829790e19e8

                                                      SHA256

                                                      61dc80495db8d125a83e9bd14cd526607d81b9a9e9d2405a2241fa480fc10786

                                                      SHA512

                                                      f4bb5ddbe2571501bc38aad986c74181722abc4462746ed28eafc6fcc79a436abae2dc3f4c7fa8605d2a5ef4e016c344006d628026aa811aa4455283fd75b71e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      56641592f6e69f5f5fb06f2319384490

                                                      SHA1

                                                      6a86be42e2c6d26b7830ad9f4e2627995fd91069

                                                      SHA256

                                                      02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                                                      SHA512

                                                      c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      612a6c4247ef652299b376221c984213

                                                      SHA1

                                                      d306f3b16bde39708aa862aee372345feb559750

                                                      SHA256

                                                      9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                                                      SHA512

                                                      34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                      Filesize

                                                      98KB

                                                      MD5

                                                      3020c417c60d75bab45eb5bbbc8692ba

                                                      SHA1

                                                      9cbf1c694914b66e445ab9dccd9787fc39e464cf

                                                      SHA256

                                                      e051b84978d4d8421e774833fa27ca6e3ffb06e677766898cd3350e16c4afd11

                                                      SHA512

                                                      f02977e465ce26a0935ce893a5f85e00c225bcfac181ec190c3c73722329eac6257d3d4f32599f3c917d0e708d4231bf7877d029a58e6383fc090fd78cf05243

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

                                                      Filesize

                                                      51KB

                                                      MD5

                                                      588ee33c26fe83cb97ca65e3c66b2e87

                                                      SHA1

                                                      842429b803132c3e7827af42fe4dc7a66e736b37

                                                      SHA256

                                                      bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                                      SHA512

                                                      6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      4KB

                                                      MD5

                                                      d8a14f33feeed1d7f63a7ae853d4a0ca

                                                      SHA1

                                                      a7a96978abe4a7e74ee59c88951a965a4c30997e

                                                      SHA256

                                                      d58a047cc27e7dd6eb988830b4beddd3de32a27a0451fbd3de9f3818d0cc688c

                                                      SHA512

                                                      ea65ca3b75b1134b120486ea9ddd25ac905f60c1383e39708dca5f9e82de2da669bc0d3250de00cdb9430a3359afc89e4bba4c4cc7ee0bfa48cf11b1911c1d43

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      10c23db644dd3fad544558ca2cd78db2

                                                      SHA1

                                                      c9ff4526edb2c2f51261955d965896d979de89f7

                                                      SHA256

                                                      2b597ace0c7bb6c3098ed67e5aead4dc93fecd56dde813b2c03941d96c6d5740

                                                      SHA512

                                                      fbcb29e3362f61b02566e6b91ba44460216b3434dc6f9de03c159cf194adf7f23a3bc651ae5277a2633e82a7a133aad39c1be87f8931e444a3841c8bfa903505

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      cfe67dc81e1da2fabc6afeadd24a0aae

                                                      SHA1

                                                      235e79ea9dbe44a3262b33c6a399f26cd5529d98

                                                      SHA256

                                                      2b945ddffa927a1557b95ebf269fee013dd6cb40c95d82fd17d4d67d62034558

                                                      SHA512

                                                      6f25fdd716a80b0af357ef6cba7a59759850299b4d7b2e347549f66acb79a257a82ed8caba1a84a37cb69a09da4680498374aba2ac381bc70f55bd7c684c19e6

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                                      Filesize

                                                      23B

                                                      MD5

                                                      3fd11ff447c1ee23538dc4d9724427a3

                                                      SHA1

                                                      1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                      SHA256

                                                      720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                      SHA512

                                                      10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      c0e239c4c79497c1adfe4bb998a00587

                                                      SHA1

                                                      f8a0dcb08bdcdff01106a363d5d823033e5c943c

                                                      SHA256

                                                      4abadf7686d7142e11de82aa54af06d7dc6267ed6183b2f832a72e9f0e614f36

                                                      SHA512

                                                      a0c26cb5bb25f572e59ac090fd1fca05159dec45864965d84e65e88d59efbc5b1ab2a713c159f5554f34e136b3fe929c8e5db543387cd8905cfa5aaba202ec5f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      67509a584c18d99ce826acc7f847567d

                                                      SHA1

                                                      5f8429825fceab669a0fe67a0221491d8687c7bd

                                                      SHA256

                                                      a4e71527fa390b0efaee9f1752b3370cbc52b0514730fbdbc280ee24976fdb78

                                                      SHA512

                                                      a3b3f52f00890cad635af3dcdec8dbfcd209877e9d179ab5fca6151fa888e4ba1ab69d6eef7349aa37ffb0b61e1dff6e1a69128b7ae57983336c6ada21f436ea

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      a3cdb3049140a3421a2f1cfceae36e02

                                                      SHA1

                                                      61a6af0dcb9deeac98c666bac33dd2f5ebda1ac6

                                                      SHA256

                                                      0a24095b9c2c47eb03c72bc446b2dd321d29bc2bf36d383563a91fb9800fa6cf

                                                      SHA512

                                                      add2783b933b61e416f02d67d072a7a9b2041356fea76405e0f804092ca46b3a050d9f31c610bdaf950cc658af0b5120768fc618b7a132917c29971766d4dca4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      16b3dfde73cda304a344d2b37b1d940f

                                                      SHA1

                                                      d251575ceb56c12a3ce55d06299ef1f683dd9be6

                                                      SHA256

                                                      67ccca91399537f102a817396acb91368d8b43e789c88438cf821aa8cb8f64f2

                                                      SHA512

                                                      30a63f19658a47171eba685be4ad62ff447d01590543c1471f5c4016638d2c63ae2c5e0f8ae9eb5d5f29d908ff976cbe54484d55d1b849791ecb48682bfd6b1f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      9KB

                                                      MD5

                                                      dedd4b6390a0020904332469e792c4b1

                                                      SHA1

                                                      e168e1a412e7f3b0f0b5605257feb35ebd1d1d97

                                                      SHA256

                                                      3d5afe3617e0b35475438114e3b341fc4a9ebf162707985e25b2b858886490d3

                                                      SHA512

                                                      e6182d441318fb3d044a5567bbe5fd7950ee324cf913128f1ac6f65952ae800280f051e0c593c069cf9e9697ce6a41ccfcfb57c831d605653c5f51316a2bae4a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      d2bfbb9e49707fbf5d0c8a5dcb96bd72

                                                      SHA1

                                                      20ca70a4f34e96da1000a44d00ffd8ce624a1e33

                                                      SHA256

                                                      790a561f99261507319b1b93a90341e8df37b10ef5ed379e27ab2ba8b7aeb3fb

                                                      SHA512

                                                      72d8eeb09f30cf4416448ae55dc72ca98b3de09555c76b7956b04006aa692602901d00d00ed3c0069435b53fbfdb3163da46538e83982b4d9b5ecff00a700a03

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      4ee86338c2b7b10625b3dbe87c710cd7

                                                      SHA1

                                                      850010ba30c5ce34d655d8b6769e785f1d006444

                                                      SHA256

                                                      9e9ed048dcea3f1533a7a43150c405f4a5e938dc9b4d56edbe609586eb822f3a

                                                      SHA512

                                                      4393aaf8e67866bd8e9f9f8846a69c5aa848327b0c1a27f18d1f851f3d5be8ff6ab79adf0c0c958f982f9c440e089f373844333c500b68aaef115a5aca48b970

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      8d6820a7ddb1a374c06c40720e87dcde

                                                      SHA1

                                                      532445a923607661261e89251e8b3b71fabd10a5

                                                      SHA256

                                                      43fd58ff4583f24c5949ff741cbbce09b2510429f91142f51cadce9256d7098d

                                                      SHA512

                                                      1b099b7e1090e8dad0eea374d43b252e95b26a9dcd748ee52a6ae030900fbb6999fe63dab8fdbade6d7bf127e39fe50954b1f2ae9151397a0f51bcd4f761f0d3

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      016986bf5eb56a2f983396fd885a6f93

                                                      SHA1

                                                      a4c7d5d706de14e7979dd2353c5aacd6ae086276

                                                      SHA256

                                                      e7895c96a3f1810ca756dc7a316bb9161b704763285f819e362274dc9da3252b

                                                      SHA512

                                                      43424cb51cacd26b0a6ce18686107abd066a490d9b42fe1c9dbf4b199f0b06a32e84332e43f3815b3e82361ebd4e21969f866153d9bb28afbe805c4ac4bad488

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      8bbff8c768b54f081ff7906718d5fe0e

                                                      SHA1

                                                      6bc09cf6c5b18043563f8daa53271300e2a865e3

                                                      SHA256

                                                      f6aabcefc0fd1a1e2d512a5e1d4977d81cf16d39b581cd0991af5f0c5ff9a4d7

                                                      SHA512

                                                      358c4c5d4da12dced7f5a0cba43b6978f45727467d481621ce85455b81faf156cda2ba89edf8434f456568f8a848e15982486a7ea8ae17547a783cf5f1a27634

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      e35dfff2ec206d721fff479dba27fa81

                                                      SHA1

                                                      65a934021143f14017fa3f9043cdb5a98f7fd5aa

                                                      SHA256

                                                      56400c0cd78724aa408763a008788f4a23a6c186b9761700414c7a4c831b596d

                                                      SHA512

                                                      49cc22049f61a9e9a8864635803f561a158258e0f4c43c23d9e9405e7b8224f803a377b22696a326e5ea5cddf37d2befd3fa50db9d9caef9c3e5be5722ef7a09

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      cbf2db79f228bd1514aa8614be48be43

                                                      SHA1

                                                      cf0375136ad8c67adbf03300872c8bfa6e934ac5

                                                      SHA256

                                                      388a402946d25e96af2c4462717963cb1efb4f3079f430ec8e69bbeb0811c3b0

                                                      SHA512

                                                      da5e77863809ea9f256d4302a26bc1260d040a53db32576f1413657bc342f163288077fa699dc6a35b9c0de1c41ace38dc058fa6c1178e97b4a6f40e44182dda

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      c6970e0a92b04ff456d7db1f0b491222

                                                      SHA1

                                                      23df9e982bfd028601a3cb39684e5da828f4d411

                                                      SHA256

                                                      56db41c4bb34a7a806f390deeb7ebbd667c46782341471987f6673024fd684ed

                                                      SHA512

                                                      c1440737ffb90017ae207dbe5add724ca2ce40cb72f08235c0c703656187f6f88a9bf2598f5fe3559a4a571a56616ab94db2c75835347e7f83a1ac7232c81f32

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      939d5ccdb8133d8400a3df5796736325

                                                      SHA1

                                                      cf9937148fb05f9bd882bf26d8f2788286d3ea7a

                                                      SHA256

                                                      9bb70d99da833c8161fb8851d913dd46ce7c13f3fda2e30ccf2470426387c250

                                                      SHA512

                                                      467a27f3b13cc59f529133bc49dcb19f13a96876cc2de1b789f00fd598d2c3b8f60d6c0ac40c7d9669f09457a1ac46f47a4b768009b4b8bee3ceb47626e0a4da

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      b555e387c3b1f7af975cd9537bd310da

                                                      SHA1

                                                      8ab0f7dc9d9be52643f910dd1f4df2056998763a

                                                      SHA256

                                                      9817a28be245df51adfa101dbbd4fee6c5995118ea1fb974da93a15249270456

                                                      SHA512

                                                      b843592e94909f78e3a46a20b7284fd2e41cf7f65861def23a3b6bc2cbd1ff2c8c179a2b7fa297a61526651f589f7f4998d5d683b368d58162056622b838fa12

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      03fb7b63da27a7374bc30d4fd0cfa33d

                                                      SHA1

                                                      60bf63eb331dbf356e8e0b7316fc87632fc78e52

                                                      SHA256

                                                      c026c0752c2d108dce453dd5ed3de781f936ecd545826678b0ab0b792549fd68

                                                      SHA512

                                                      c249d2fe3abd77d614c5a514ef0d648ab40a6bbc09246293e6087ccb67f96f5288362c70bb47298f39e0548f3f07273aa1a442294cb860a507813b021fb762b0

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      9ee15c53ca933fbe3667138cfdd21217

                                                      SHA1

                                                      b5a650a2b9edea2cfdd9050a0bb8b502b2a16426

                                                      SHA256

                                                      6cfbc404531d04bd15564b18ce00ab354e2966172c211795e2eceb2beca16bd2

                                                      SHA512

                                                      691bdfd64b5cae7fb3ca51502ce3fff3d5fc393a1d3b3c5d9e0e062405ba7aef5d3aa11197d3e04c1cddea2f7e235d1c7c38204ff348fc38c6980b6838c691e5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      6d59f1940e5cfe6084a3a63104d36bbb

                                                      SHA1

                                                      15348a8c859e091b46fca26b7a83e80bfdde4623

                                                      SHA256

                                                      dca6e7319366c301da0a21d8337584093b430f08c55ca1eb2858d035db1e50ea

                                                      SHA512

                                                      be0a688e209304a7fbe8dc46c07f544d99e22f83a822437c22159a164577268f9de5cf82aa77f318d69e4a918da9fef462e4b5c2f56aecb86b478e81aa15cd4d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      21a53dcd77bd86acad0650281f827c63

                                                      SHA1

                                                      04f8bba4585a4b7d5d6aecadc7f0e8a00c5645f2

                                                      SHA256

                                                      b9d921361038bfb7965060378ba54e652b1e977ef556bc48e8a7cb2280c36abf

                                                      SHA512

                                                      37e5f8e408f4f995cb1d8bb6ae570e1aded3a0d7a161dc6d49ef37f240d4ea4cf3cbd998c5c947202c128c8b82b16a6bbc51b33f9265187db5c914bfc4003106

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      6abda7448bf5f3eaa8c93996867c7750

                                                      SHA1

                                                      b59fd6f2a6909ecbaee7922fd5fec0b186c9138f

                                                      SHA256

                                                      2b2a44722e5932b8bc960a19b4318bc2f4e849a82c192ea564892fb7e09a78f5

                                                      SHA512

                                                      1e87afa57bba3ecf6be4931b1141a518e64a0fc5964850152109274230b6675ff15169eb36cf2dbf400b637e9a632dc4fb40e22ab5f5bf603abe12968825b2d2

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      040a1bf1218612c4e624bd9e21dd8ea3

                                                      SHA1

                                                      ec628418f5f09806d7360009e9eeaf3661a8f4dd

                                                      SHA256

                                                      cb7b95fa7c0256b8fcd2454946c6d76c498d528390644fbe4e01dcc4817a179c

                                                      SHA512

                                                      76af8d406c7c18a9970cc6a89e878a15f4f74d7254387e427e7e6d03d1b10eccdaffac7d412b477eca1f5fc43961439e2b226a3e37c0769d7e159273d97ef10e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      bd9abbdf1ac1958f6c75f9d5139a8208

                                                      SHA1

                                                      0753b6f658573762aca15e0f970a91756bc46f4b

                                                      SHA256

                                                      554183ed82f8bf07a300c8900a20049a1bf55ec6a78f74aaa8d3357c48c98728

                                                      SHA512

                                                      27d004f2557c52b409ae325b75bb6c092e48621c6f4f51162e66083906f5e74866124a4a771f9a1122538035cc53d4f5e16c9d10755356da4e3dd1c186f996c7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      bcb7d5fb0488a1b4be66f0869b490c1b

                                                      SHA1

                                                      925ecddba7b44179e49b85534b75e78342d38dc2

                                                      SHA256

                                                      8bc5f79dcc999273589fb9272b5010303ee04bda5dfc7e845ccd31d402a19dee

                                                      SHA512

                                                      168ec65d497826c0c4968f94b52768cfac5d03f49b2f2df46da229cd2c99ebc46cd25cfe82bcc89aee9e6a8d089be4b72521338b429c0f04b609e77bec2a7b30

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      40ee3b089c2d330cc32d474d3493a51b

                                                      SHA1

                                                      7aaf0a7c580d58988f483b9de48aa89641b4f5fd

                                                      SHA256

                                                      d9bf85797f4cbd9e5aafc173f8af4d573383fa4eaf956cea4e80f550f1114e14

                                                      SHA512

                                                      839e9b7215493ad808f0553e534d79714f892e962a3ca0a8b854d9093bf195ebbbab943cd37b00ceda02afa2c4ef198fcf62f5dac2df986c055af03ce7e01433

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      fb4a62097407ec5e2a49a802fa370b3f

                                                      SHA1

                                                      c67ff79560df7f5123dc77784ed4b31ed47a90e9

                                                      SHA256

                                                      fc0e6de62e36761122a10f57be2011f246fd95e3d2611f994475a605797e565b

                                                      SHA512

                                                      94cb72c973fced4bd5f897f5037b26e7f64a79e06d6e21bde38c2285ce483942dae99c4a288f031c515941aaedb5a6bae122c1aff686943e72a06d72e0c2d677

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      f6e291692e95072c81a9a86178bbd31e

                                                      SHA1

                                                      d493717812923896dc255d4c15465ca1c7b961f3

                                                      SHA256

                                                      845008ec7c2edc30549dda3ebd3b14a2b9079d021b76cae5a6eae01d6385094e

                                                      SHA512

                                                      206a789566f7863313a7f3fa638944f078e6b7adacffb5f70eceaa68f65582d38aa7bbcd09ab6297e6c64979a0cd47d25c5b4ccc45f8a1824e44c83d4fb85b5d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      ac636b6f5e134e75ce9bde03d02a23a8

                                                      SHA1

                                                      dd0161137aeb43b37c78d9b8355514a8faec322e

                                                      SHA256

                                                      3847eb4f329ea58d6df64b4dde9c7f34441c3802ebbc0a285cc00c873681a4b5

                                                      SHA512

                                                      3bca33aa0628808a460b06f6aff55ee3441d20f534a7a894db4e196ecc63bcedaba22f77a993e193f8c6ee183866b4bc949592882133f67ef9558ae0e70fb713

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      efbcc111071066fd983693d16765c7b1

                                                      SHA1

                                                      19279124650951152b99b829cf6189202832116a

                                                      SHA256

                                                      c168744933ac1fb2dc976635611d3e8bb6848087bd819c68d6f81b75294030cb

                                                      SHA512

                                                      0f5e186c86b507694445a446c5b3945d33320d8027e9c3e7019b375ce24f84cb9807acfeeabad42a32ae9573e6a67c9c550066ca45bd5a48d3ab89b249a362b9

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      885cc9eb48dca57bae0f657dcdafe515

                                                      SHA1

                                                      ba1ee94ae3ca38d5db50cdef7804f54666ec3d93

                                                      SHA256

                                                      305d7cc8e7361d4e9488e4283d0849cdc1103709103f9a0790ebe727a9b55cc6

                                                      SHA512

                                                      bc3304828e8e7b0dcf8e89937942ed7d1cbd376eb2899cffa625c66ef801624b3740e7c0707cc6c69a3f4f53f8bac4010b7d4f8ce7ee4ab06cfb58d8bfcaaf2d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      2a34c3d0e99fa8997b9ee8e89435095d

                                                      SHA1

                                                      f4f2cfc18ec0fc38c7f7d5c91132e2d85a619f9d

                                                      SHA256

                                                      e40cce2b90997627027000c0d8220566d99e053e14aed6bbbd9a4766f517943b

                                                      SHA512

                                                      9b625b5d8ae58503dea09a1cb6fad735298c9a90f5d074f87b5038d915582034662e1ec2b6b430f92e80558b26bfedaf97f3d04937b1bdf3b041e6f1f4a2f91f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      94ce7769f69e2e36e83c91db371e44de

                                                      SHA1

                                                      21a3fd21d15e3ceb8b27a314d0159fb7f124c059

                                                      SHA256

                                                      178d969dab78abec0b868923690902d8d78b6249d69c01a7297b84ba19790c81

                                                      SHA512

                                                      83850e3114dc430313184d4efca26dd19139a9d84d0e5ba4da53e78fdd8ef4c32154c841aff59187cfc2fc5525d54ceab6602a9a9422fcb1dca882660156c0f1

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      c8c923dbb1176b50440b3f75ce313d75

                                                      SHA1

                                                      7f35afda679505a12b721a2045be79dca8d5b0b1

                                                      SHA256

                                                      abdd0c428449e1f48e43bb3ddd9f9f08053f507381ac2580e63cbfd752a5e848

                                                      SHA512

                                                      3c6714d8d8cf50bb79333aa3d66761023768c11a2fc01591b73c5697fba24b38175688eb9e0fe272cd6e568bd21fb0e9045eefb0fc0a0a05d3a5b473cbb42359

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      5a578467926b0d35887f92b33d549cbe

                                                      SHA1

                                                      08f3d7aa22e6346044426118a4c5a5f069936e84

                                                      SHA256

                                                      e6994848dc2f5f0e183821de0224e3e2216f7b691d2761fa83d51d137c7d65fb

                                                      SHA512

                                                      0671ad252268af1a324daf1b7ecbdcd43579f00c93a3e677aab9e007be1a1b2620779e5b6a3bf70d005f632a0191c00a1b54381110cb0dcc01f97897dde1ed3b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      395268496992a7b85e3039966d36aaa2

                                                      SHA1

                                                      fea14b76ea25d90c77663413d9f160469b7ad7c2

                                                      SHA256

                                                      1d5b67c7fa3141c8428abb030e159651c33a206778a619c6ef5afdf369709255

                                                      SHA512

                                                      319d1bed772eedef9ad6b1b4bdecc98e6ceb5216753c85ca724e58451d79e5cbca4fa893ac8e5eaa10feb477960372a9ca060587bc7f3afb1cdc4d7d06c18839

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      92994f4e3a1f7dde18afa1b5e1cb97f3

                                                      SHA1

                                                      a3c0bf1e67ddf356f75b41095bc5344114c74e26

                                                      SHA256

                                                      6ea7334f9194a5df1f4f22b4b460a800e68009f0861d4723c29e1b20f79a674b

                                                      SHA512

                                                      594c091083064e5bbfcfa840e96578102f2c5f524d68f1fcf4e25ebbec7075bdb05f0e3c5bafb24d461fb2442b6ae222f7153d7a823f3f2721440a837a1e57e4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      ffb0893fab95efaccedab80a87ef20bd

                                                      SHA1

                                                      4f5be23bb57922aa3a599729de9b445ff596871f

                                                      SHA256

                                                      f6383af77ed949bfc090d85fb7ea9da528ea082e27018c16acdb4e60b7a02ce0

                                                      SHA512

                                                      65a3ecf6d06d63011825fa8f4f7eb110afa4a0b8d370749714850555b3926f4bb2c7aad8c8f5d5b198721cde1ad930d760c9b54e2280d2147a3babff94da23ac

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      3823a5120c24b69dc2718dc52aa2e40d

                                                      SHA1

                                                      6e0805dc365752cb1c08ee191832f24fe6932c2c

                                                      SHA256

                                                      efc26ac497886d032bde2bf3056750c01803c47cd74fadea59a1605564f4d7ac

                                                      SHA512

                                                      571eec53340843a1634d7066512d2d73f4a6e3086ab294356a5533ce2b64be523afb4c956272cf2dcaa4975789a47fba8dbb4ad821e02cc9cc428da7ec4789e5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      ae1d2e56050fb712895aed51a47a7650

                                                      SHA1

                                                      9b0eb2549622e5df6fad85ddaa4b7d1add102faa

                                                      SHA256

                                                      1825da2880e625a354f8a49a4c32f99eb5b597209e92a4958c8be7ec46674da5

                                                      SHA512

                                                      0b4170adf794e05a677bedbfeb4f42f23d4a87ef47f2c8142e621018824b12a3aa5555a8434128d7f0d8d5f8419abf75bb7222e7ae3ed5490c65045821f55e75

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      e060d07ea2fb9637a12380cae5b849c7

                                                      SHA1

                                                      72a058015b08a60adbf3c9abd9fbcae7bf63c7d0

                                                      SHA256

                                                      da75741b088764f11234c08f21809f771c6e308bf8c391cffd98bf905a9c3e68

                                                      SHA512

                                                      551935f376ad6fe4bec42db715dc682f804994836fac5192734fb30e7bc19d634398d47b98c09e52851be188de687544b6d1cbc56c89f2df663b53dabb15e528

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      970487704f4ffa68ff62fc489edc6ceb

                                                      SHA1

                                                      2badd9aada5505ea08eb823f5aa9797d1eedd74e

                                                      SHA256

                                                      bd56fcde111aa604f957845817edbed440ef962e05b4a73134d5a7ef7dfdb821

                                                      SHA512

                                                      46345eb1601ad6256d23575980b95ef566f3ffe0285320aff8d49a0a5a531432b9167f7baa3dc58740e0bc734c061a1f6afab0463eff138e45918300f118e206

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      405bfafe5ec2a484dd422b5497839dc7

                                                      SHA1

                                                      30b6a0aa53cbacc81882ddefd45693c25885e5c9

                                                      SHA256

                                                      b7b0e1f66864e8286e537d4cf08fd21e8a8c056f4a71bbc692a04ce2714ccffd

                                                      SHA512

                                                      daa24a677dba420c57e65a4839b809089d7d4dbe0f17b01296054d35478aab0a66425ea18370dd4be794ac3a46f0419b18561710c47f3c16bf24e3336fbf8581

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      d2f871357181975a10e553e25e59f52b

                                                      SHA1

                                                      e4f5c06e2622bcad1a99dabfc380048a0175fff9

                                                      SHA256

                                                      98a04888e2d89e243fec5c2937b864f2d32ee9ec5cef0f913b115557314da3e9

                                                      SHA512

                                                      e4fb6aa8f33d3b49c6ef0a1c31ea320b6ad830f99ad677bf5be10d13703e1512b44d57bb2e01383aff68e6c9e2687f0bd92992559b3598c125151f00c26e8ecf

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      c948c739799b73eb03dad895c4f0c301

                                                      SHA1

                                                      d1a61895ca4f99a76505f13c52aa6bf27fea845c

                                                      SHA256

                                                      c49abd64726257351ba005ead265b5fb2c8920ea424c2216b839d168f7e58462

                                                      SHA512

                                                      af73636e0e00b01e4a02dc689e3f94ab3c716debdecb8de841dbb80f748916893ea619ca42a013e1a5709b80e266c01d56a2499c24c0bee2ba0349c9dd347a09

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      bf303cffed2b652529809f222e059c58

                                                      SHA1

                                                      7506903751ac0f5ad4e001e9a5fd3f7c113d5cca

                                                      SHA256

                                                      2dcc5546591eb1d9594d52e50fbe50ef0206ebe0d80836b0ea1e1622d6738661

                                                      SHA512

                                                      5b282eb3afc419d312d287df5406dc0f8dddf4c508a61cbfbaf96eb246393e3ea82ab4dd03f9d724500e3ef4542adc40f216e00abc609f2ccfb092511e2b8c11

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      033bf13d8db631d8851f9623d5a01ccf

                                                      SHA1

                                                      390c95567274b7b009bcca5497b9fb5b15361545

                                                      SHA256

                                                      fc6a8cade3ee1eb7ea7b08616b1f23f5de9637fec6a5bbd1f8cd3743598d1897

                                                      SHA512

                                                      ceb6cf3ceee6459dda927818a49910159178f81325545829e4c0f0d18a9ccbcdb639f85398c9d2c1e23cef619ede3d0d898b80a7e814bc1f49882b8027f3f91f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      b023a6c246f1a220e3a94772ac37225a

                                                      SHA1

                                                      5d185600f14179c21e4fbd86b6008e204f19e0db

                                                      SHA256

                                                      70e3e672601808914df142c8167ee86b02d62606fc743c87ecad77262a595141

                                                      SHA512

                                                      3174adff56977f56fbf34e2c4a96480f188e206cc4bfd181ab6b748b3feed19d674646f021193057bba13d458ef658e1f850d15b2865034a9007be9056ee3363

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      45421d4b51f96c44185ba43cdbcea4db

                                                      SHA1

                                                      190d493ecc33ca3b192bb4d66c253df82c10c6c4

                                                      SHA256

                                                      803cad82c7b6cf99b345c2b75eb3275d8e0a49bdbeb5e4e5a6a0b84858fa74ad

                                                      SHA512

                                                      d3c98bdec0b6711cea3bb6003edf147e51f8ec965ec1ed3c8907d394f9c83bb95905f47e366af5f6bbf9bb05afee14ff21affeae0b5e5c93a1c8c60a67f1bee7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      f6febc941a487c08ecfa8fe91880434f

                                                      SHA1

                                                      f297507b451ba78c857cfab6b02d3e0d9569eb6c

                                                      SHA256

                                                      01356b2cad5f1c1e8b19b4cdf9e827bd8486b03343f30061f1b1c1d5eae87e83

                                                      SHA512

                                                      78a4ddbba3794bd5e2b3929a9ed6636187d84d13015622665d51ccf1e6f3a47faa8d3f92d5432cd0f10c58aca93acc7bb197a6c89847d77b25708f347d6d0342

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      918906f1b84fcb06cf44ed146c9a6b94

                                                      SHA1

                                                      f6360033786ec17175b7750149084a2ba4923722

                                                      SHA256

                                                      47715ea8da4dbb59df8725f136087a80d0a53c4cc91c7cb7a8d09cdae37fedd6

                                                      SHA512

                                                      ff6da35ae9055fbefb1cba915448ce2bb1458d217c03c000bbc15f1c05724aaacea9eed646a60aa4d3e5c3bd2e9ebb2de1adc16f345c7904e25c05b9d79c8ec5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58174c.TMP

                                                      Filesize

                                                      371B

                                                      MD5

                                                      6290302fc7e0d0c9a118de04b680c4a4

                                                      SHA1

                                                      75c0491854346b4100dfc6ad4ced00a98a610b58

                                                      SHA256

                                                      bc0f3c48d87211fa812e77e1c7aad1c783743a4cc7d1e6b1bc19d5398846e14f

                                                      SHA512

                                                      4d43cb45d3468c5bcd5ca3fa3f3b0fb72527d3a1ecf1d8a8b88ecc8196dd22f59e563573ac8898f725ae09ba09bbd490864d9b75cc9ceffd72cd1705ad08f0ab

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      7908eb03bbf71aeea4ce53cbe673fa4e

                                                      SHA1

                                                      e71034319d7ddc69b655ddaf08c876930e8950be

                                                      SHA256

                                                      8530244299a55fda9cbe5925cd2cdff287abfc46c1e440cc4394cc00062a90e6

                                                      SHA512

                                                      e2cfe5160cd62a77a8b5eed3358b1e5bcaaa05e990cd1e9387f64dc1ef88e30a01ef5895fadd870d80d5f25916faf5374a3cdad96b30a32590005c13f6bb8629

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      865dee9d3b6f17f9d529a441712fbf88

                                                      SHA1

                                                      e542726a0dfecb1d141c7a366ba07b25549e7afc

                                                      SHA256

                                                      e92403d492187851211971cf5d38b18ec709ffd71622dc1f8fbbc7c7ed89a81a

                                                      SHA512

                                                      abb7826f87a2ec8fb86d3f7018ca4b245dbae9952439295f7805da719bf419b1a40b8424369bf61f2ab9435b0eb2a06c9fbcbb009a11c7ad16f6e6faf27c0e22

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      c597d1c2b1b8908087bb96bc71b7944f

                                                      SHA1

                                                      d5075579d606a8db62ba5efdaae7a68273596739

                                                      SHA256

                                                      22119c03183395f7cc9fcf74630712cb56bb35e8c826627817af002bf4192ccc

                                                      SHA512

                                                      5082e529eea1e72629832767adb7fe69b223e85c0b37ea8488b2f541a5e98c0ff6c3dfa829258af0a71fa32f267f7fe21d3c1adbad0351d9c2823fa13424cfe4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      d13612355aaa531d45f634e6f8f84c0c

                                                      SHA1

                                                      af0672eb7dd933dd689d1c360d652a9d01130ca8

                                                      SHA256

                                                      84685783cc4cfccede055140c1897d166fb6c985769ff162725155f837730d07

                                                      SHA512

                                                      0768b99793f2f67166792a6100003ffb9da004b72996cdae4860e721474c866e25d6a33ecf468daa0e0e0ea3cf785db41421d4234ac26c478b17516667643f18

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      11KB

                                                      MD5

                                                      3b011293afead4fbbcfe7ccf77209e27

                                                      SHA1

                                                      99acfa9a33e16caf8b15d2ad6ae015ed4f985fe4

                                                      SHA256

                                                      f3ee305e6a8a67045c82cf11c5c652d2d4642aa157f514cb97367145d1cfcd03

                                                      SHA512

                                                      d53c59c020cd9550e2a92084bad7117d1573e3a29bffb8700dc8abfb1f69c2a42d2c714cedf09bdb2b54b03a41eaf3fbb5bd1533dbfc49aaba45ff780a15f2a9

                                                    • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d711fadf1919a05ac8eccb48c397156c

                                                      Filesize

                                                      5.8MB

                                                      MD5

                                                      d711fadf1919a05ac8eccb48c397156c

                                                      SHA1

                                                      d316ed33dda1b7170d56e086e53d280854f301ec

                                                      SHA256

                                                      b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834

                                                      SHA512

                                                      dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

                                                      Filesize

                                                      488KB

                                                      MD5

                                                      851fee9a41856b588847cf8272645f58

                                                      SHA1

                                                      ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                                                      SHA256

                                                      5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                                                      SHA512

                                                      cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

                                                      Filesize

                                                      43KB

                                                      MD5

                                                      34ec990ed346ec6a4f14841b12280c20

                                                      SHA1

                                                      6587164274a1ae7f47bdb9d71d066b83241576f0

                                                      SHA256

                                                      1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                                                      SHA512

                                                      b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

                                                      Filesize

                                                      139B

                                                      MD5

                                                      d0104f79f0b4f03bbcd3b287fa04cf8c

                                                      SHA1

                                                      54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                                                      SHA256

                                                      997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                                                      SHA512

                                                      daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

                                                      Filesize

                                                      43B

                                                      MD5

                                                      c28b0fe9be6e306cc2ad30fe00e3db10

                                                      SHA1

                                                      af79c81bd61c9a937fca18425dd84cdf8317c8b9

                                                      SHA256

                                                      0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                                                      SHA512

                                                      e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

                                                      Filesize

                                                      216B

                                                      MD5

                                                      c2ab942102236f987048d0d84d73d960

                                                      SHA1

                                                      95462172699187ac02eaec6074024b26e6d71cff

                                                      SHA256

                                                      948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                                                      SHA512

                                                      e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      13babc4f212ce635d68da544339c962b

                                                      SHA1

                                                      4881ad2ec8eb2470a7049421047c6d076f48f1de

                                                      SHA256

                                                      bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                                                      SHA512

                                                      40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

                                                      Filesize

                                                      133KB

                                                      MD5

                                                      a0bd0d1a66e7c7f1d97aedecdafb933f

                                                      SHA1

                                                      dd109ac34beb8289030e4ec0a026297b793f64a3

                                                      SHA256

                                                      79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                                                      SHA512

                                                      2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

                                                      Filesize

                                                      5.2MB

                                                      MD5

                                                      aead90ab96e2853f59be27c4ec1e4853

                                                      SHA1

                                                      43cdedde26488d3209e17efff9a51e1f944eb35f

                                                      SHA256

                                                      46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                                      SHA512

                                                      f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

                                                      Filesize

                                                      85KB

                                                      MD5

                                                      f8f4522d11178a26e97e2046f249dfa7

                                                      SHA1

                                                      8b591d9a37716e235260fb6b3f601e4ccbebf15d

                                                      SHA256

                                                      3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0

                                                      SHA512

                                                      52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\67eaf2d3-830a-476c-9f38-9176447f407b.tmp

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      025378311676baa403120dc91474079e

                                                      SHA1

                                                      aa70882ffd10d1c75b68233fd594c5245e24779e

                                                      SHA256

                                                      2c051d27eb9b0126a12f10836f36cb5dc26446d04424d7a3316bbac2f98d9058

                                                      SHA512

                                                      ff02be203c219046d233b71810a882cc59e1db9bdf51529bdc4b671de99a8fe08f229e5c0cb5efcba72ac27d7cf2ff38e9c0492e7e0fa45d52e9c15042b466cc

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set

                                                      Filesize

                                                      21KB

                                                      MD5

                                                      d246e8dc614619ad838c649e09969503

                                                      SHA1

                                                      70b7cf937136e17d8cf325b7212f58cba5975b53

                                                      SHA256

                                                      9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

                                                      SHA512

                                                      736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      d1c2287b42daef78a90ae7e20fd47e33

                                                      SHA1

                                                      e3a035b7c31847ba050830112cd1369f1d44b434

                                                      SHA256

                                                      7f903c8d8c6b48158ae95885d1b8eb10ad3332383abd73f70fba89898c83f573

                                                      SHA512

                                                      c9c049ef77658c128b75b641bccd5f5d521da19dd3746303f1473a0f17fff5a58f13b9bd4dcdfb2bb4452f12e2484176438588b9b7175894c4f15703aa9656c9

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\593b9d1b-5d50-4a0b-8890-62a38267c9c5.tmp

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      6d89f2646a3fa099c4dde2d150235c4a

                                                      SHA1

                                                      d41725a8557446e3ec17a329187afc6b8112b691

                                                      SHA256

                                                      c8a77300602f8e31534756bbcca4db1246ea83a1034df43bc09d8e500268f82f

                                                      SHA512

                                                      7d339a1a71207fffd3bee9ccd8261c345bc1caa62c87bcc2d0fd4479e701be53d5432433fe1fcee95efa01ee5fb00c6733dec2957bc15abe1b74d2de395b975b

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\5a2fc2e4-c2d4-4cf2-823d-6bed13cf0ea3.tmp

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      cd9674fac009b49801355d3658af16d4

                                                      SHA1

                                                      ccdd75f9263e20fd4de65294ae8d92fbaba16325

                                                      SHA256

                                                      3aff58db209e7698f51ebed3c9194339217147647ccac1857c0678680d939dcb

                                                      SHA512

                                                      c62e0ff75cb22f44c9595d1b94b536d830c218c2c8f00ee8a52eb6faac0381b64b7e59ecda74eaf3d1fa175e123343f9e11acf02375cd7a29f00f5ef45b0a28b

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

                                                      Filesize

                                                      41B

                                                      MD5

                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                      SHA1

                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                      SHA256

                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                      SHA512

                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      975fa0eddb12e45d115be8649f3769b3

                                                      SHA1

                                                      eeef15e1fc7352a3c686623e243d3a7d17f4980b

                                                      SHA256

                                                      bc262e746264a298c83ea7009e3c5c327e8d3b518e6ebb34c96e99f6a0682b6d

                                                      SHA512

                                                      96c684a858e4bd05fa889ffbb97b2463c9fd874574cc8a3d8d5ff1e81ef9ad9f48305e6f6a86a93ed648f31a7285916888c632e6637e5c8cf413c9dfed9888af

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5e9662.TMP

                                                      Filesize

                                                      59B

                                                      MD5

                                                      2800881c775077e1c4b6e06bf4676de4

                                                      SHA1

                                                      2873631068c8b3b9495638c865915be822442c8b

                                                      SHA256

                                                      226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                      SHA512

                                                      e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

                                                      Filesize

                                                      2B

                                                      MD5

                                                      d751713988987e9331980363e24189ce

                                                      SHA1

                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                      SHA256

                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                      SHA512

                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      b1c8cb1ef761efe0e6a74e53807e38e4

                                                      SHA1

                                                      c253da95282b34b4345a4bcbc61d80f1f763637a

                                                      SHA256

                                                      15d25b67a0e7bfd15a3ac470a30a12a416b4aaaff3e6289640db4d3217a224fc

                                                      SHA512

                                                      fb68d9e9055f1f0993fc38f985fb54c9a7c804e019752191bc4c1e1c4b0ebf3271d4575d6b72b3af827f8f0cb447e75a413eef2f0f70f81da21a8c662d9b20ca

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

                                                      Filesize

                                                      16B

                                                      MD5

                                                      46295cac801e5d4857d09837238a6394

                                                      SHA1

                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                      SHA256

                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                      SHA512

                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_0

                                                      Filesize

                                                      8KB

                                                      MD5

                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                      SHA1

                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                      SHA256

                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                      SHA512

                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_1

                                                      Filesize

                                                      264KB

                                                      MD5

                                                      d0d388f3865d0523e451d6ba0be34cc4

                                                      SHA1

                                                      8571c6a52aacc2747c048e3419e5657b74612995

                                                      SHA256

                                                      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                      SHA512

                                                      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_2

                                                      Filesize

                                                      8KB

                                                      MD5

                                                      0962291d6d367570bee5454721c17e11

                                                      SHA1

                                                      59d10a893ef321a706a9255176761366115bedcb

                                                      SHA256

                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                      SHA512

                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_3

                                                      Filesize

                                                      8KB

                                                      MD5

                                                      41876349cb12d6db992f1309f22df3f0

                                                      SHA1

                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                      SHA256

                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                      SHA512

                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      b88f94cc2f916bacefbaa64781e95418

                                                      SHA1

                                                      c8787fbd077e43e4c54e1e16a28cc6d0c6d67b81

                                                      SHA256

                                                      ab33084fc5c0c16260a317534909f3ee5b3be4d37333234d88756caddb5b30be

                                                      SHA512

                                                      3b125ee1c4e2f7368500812fb0ed2b10528f0038453258c3c8cabfa07d2d8b3538b59db1c39bb54252ac8b31efc03d1708f16ef96e25e1ef7cd4b74e586615f2

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      2c8d943e9f65bc8f2e01883fde8e50d8

                                                      SHA1

                                                      ea93c7b58a5b4041e3e0f73ecf0acf411966ebd4

                                                      SHA256

                                                      e037f94c29df044ae66c70cc25078f35f766b608276e944723e0203f6ba2490e

                                                      SHA512

                                                      4046f2ba08bb6594848fa11cfce4190b3201fca34207d1a6ec36a73ea1e60d8d390f215877c493bcd0ca5a14d6c5cce36c2bb8496a802060f8514fd690016102

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State

                                                      Filesize

                                                      3KB

                                                      MD5

                                                      afa6a089d41241c16ce2b247699310dd

                                                      SHA1

                                                      7442e9ab20d301e948cb2954afb79c738e6c59ac

                                                      SHA256

                                                      02f275e0d3367081d9330e39ed404a125addd77b05d505720227f372e38be677

                                                      SHA512

                                                      5aab38748c4e606a8f0f82bba1fc41c237ab01f6ccebc979d7f6f4bc8cbf5f890deefc2087d26fe9595a91230f97c40e95d650cfae274364474c91ad0e1c821e

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5d831d.TMP

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      cd975029b2044e45428f1f502c4a60ff

                                                      SHA1

                                                      dada148f6a5d26aceb76cd1d049a790298a8002f

                                                      SHA256

                                                      17e6ea19aaf9f53dc0e8686924b1d3b955618ecaa3f8afb4b464fb1deb7de97a

                                                      SHA512

                                                      34e10301f85db9b0080445a4bbe8a48707def5102b127a28fda2a712f6b8051fa01d58a9829c9286a4f143aeb12c07843ff066803b26f523cd11858d6e8a9e8b

                                                    • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE

                                                      Filesize

                                                      24KB

                                                      MD5

                                                      aad9405766b20014ab3beb08b99536de

                                                      SHA1

                                                      486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                                      SHA256

                                                      ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                                      SHA512

                                                      bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

                                                      Filesize

                                                      2B

                                                      MD5

                                                      f3b25701fe362ec84616a93a45ce9998

                                                      SHA1

                                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                      SHA256

                                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                      SHA512

                                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

                                                      Filesize

                                                      5.4MB

                                                      MD5

                                                      84e67989f7ccd11c2b7db38f3d3443b8

                                                      SHA1

                                                      c3e821de715aa7508b3273de16c9156014d81922

                                                      SHA256

                                                      5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c

                                                      SHA512

                                                      d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99

                                                    • C:\Users\Admin\Downloads\SolaraB.zip

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      4ec8143b6dbe27870cf8333711ff5096

                                                      SHA1

                                                      693d467ebec348469011ffef1bd370b113653147

                                                      SHA256

                                                      2510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96

                                                      SHA512

                                                      b513d2b9c63d999ccf459cea625bfdc481e44f0f3222996182a0d0d89fdb97ed754b927c7a429e43b96f13d2fc73e2860edca78b162a41101ae97e1a0f4e054e

                                                    • \??\pipe\LOCAL\crashpad_4772_ZMOPJQTEQTKRUXMO

                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                    • memory/552-1558-0x0000027344950000-0x0000027344A0A000-memory.dmp

                                                      Filesize

                                                      744KB

                                                    • memory/552-3605-0x0000000180000000-0x0000000180E54000-memory.dmp

                                                      Filesize

                                                      14.3MB

                                                    • memory/552-3274-0x000002734A110000-0x000002734A148000-memory.dmp

                                                      Filesize

                                                      224KB

                                                    • memory/552-3275-0x0000027345680000-0x000002734568E000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/552-3273-0x0000027344910000-0x0000027344918000-memory.dmp

                                                      Filesize

                                                      32KB

                                                    • memory/552-1560-0x0000027344A10000-0x0000027344A8E000-memory.dmp

                                                      Filesize

                                                      504KB

                                                    • memory/552-3260-0x0000000180000000-0x0000000180E54000-memory.dmp

                                                      Filesize

                                                      14.3MB

                                                    • memory/552-1562-0x000002732BDA0000-0x000002732BDAE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/552-1557-0x0000027344DD0000-0x000002734530C000-memory.dmp

                                                      Filesize

                                                      5.2MB

                                                    • memory/552-1555-0x000002732A180000-0x000002732A19A000-memory.dmp

                                                      Filesize

                                                      104KB

                                                    • memory/1796-3135-0x0000000000B10000-0x0000000000B45000-memory.dmp

                                                      Filesize

                                                      212KB

                                                    • memory/1796-3095-0x0000000074000000-0x0000000074210000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/1796-3016-0x0000000000B10000-0x0000000000B45000-memory.dmp

                                                      Filesize

                                                      212KB

                                                    • memory/1796-3017-0x0000000074000000-0x0000000074210000-memory.dmp

                                                      Filesize

                                                      2.1MB

                                                    • memory/2208-3167-0x00007FFB95120000-0x00007FFB95150000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3180-0x00007FFB956E0000-0x00007FFB956EB000-memory.dmp

                                                      Filesize

                                                      44KB

                                                    • memory/2208-3182-0x00007FFB94CB0000-0x00007FFB94CC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3163-0x00007FFB95120000-0x00007FFB95150000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3162-0x00007FFB94FB0000-0x00007FFB94FC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3177-0x00007FFB956E0000-0x00007FFB956EB000-memory.dmp

                                                      Filesize

                                                      44KB

                                                    • memory/2208-3176-0x00007FFB956C0000-0x00007FFB956D0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3175-0x00007FFB956C0000-0x00007FFB956D0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3187-0x00007FFB94DE0000-0x00007FFB94E06000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2208-3188-0x00007FFB94DE0000-0x00007FFB94E06000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2208-3181-0x00007FFB956E0000-0x00007FFB956EB000-memory.dmp

                                                      Filesize

                                                      44KB

                                                    • memory/2208-3178-0x00007FFB956E0000-0x00007FFB956EB000-memory.dmp

                                                      Filesize

                                                      44KB

                                                    • memory/2208-3168-0x00007FFB95600000-0x00007FFB95610000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3169-0x00007FFB95600000-0x00007FFB95610000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3170-0x00007FFB956B0000-0x00007FFB956BE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/2208-3171-0x00007FFB956B0000-0x00007FFB956BE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/2208-3172-0x00007FFB956B0000-0x00007FFB956BE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/2208-3173-0x00007FFB956B0000-0x00007FFB956BE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/2208-3174-0x00007FFB956B0000-0x00007FFB956BE000-memory.dmp

                                                      Filesize

                                                      56KB

                                                    • memory/2208-3165-0x00007FFB95120000-0x00007FFB95150000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3159-0x00007FFB94EA0000-0x00007FFB94EB0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3166-0x00007FFB95120000-0x00007FFB95150000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3160-0x00007FFB94EA0000-0x00007FFB94EB0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3184-0x00007FFB94DB0000-0x00007FFB94DC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3161-0x00007FFB94FB0000-0x00007FFB94FC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3179-0x00007FFB956E0000-0x00007FFB956EB000-memory.dmp

                                                      Filesize

                                                      44KB

                                                    • memory/2208-3183-0x00007FFB94CB0000-0x00007FFB94CC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3164-0x00007FFB95120000-0x00007FFB95150000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3151-0x00007FFB970F0000-0x00007FFB97100000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3152-0x00007FFB97180000-0x00007FFB97190000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3153-0x00007FFB97180000-0x00007FFB97190000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3154-0x00007FFB971A0000-0x00007FFB971B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3155-0x00007FFB971A0000-0x00007FFB971B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3156-0x00007FFB971A0000-0x00007FFB971B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3158-0x00007FFB971A0000-0x00007FFB971B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3157-0x00007FFB971A0000-0x00007FFB971B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3150-0x00007FFB970F0000-0x00007FFB97100000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3141-0x00007FFB97590000-0x00007FFB975A0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3142-0x00007FFB976A0000-0x00007FFB976B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3143-0x00007FFB976A0000-0x00007FFB976B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3145-0x00007FFB976F0000-0x00007FFB97720000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3146-0x00007FFB976F0000-0x00007FFB97720000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3147-0x00007FFB976F0000-0x00007FFB97720000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3148-0x00007FFB976F0000-0x00007FFB97720000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3149-0x00007FFB97780000-0x00007FFB97785000-memory.dmp

                                                      Filesize

                                                      20KB

                                                    • memory/2208-3144-0x00007FFB976F0000-0x00007FFB97720000-memory.dmp

                                                      Filesize

                                                      192KB

                                                    • memory/2208-3185-0x00007FFB94DB0000-0x00007FFB94DC0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2208-3186-0x00007FFB94DE0000-0x00007FFB94E06000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2208-3140-0x00007FFB97590000-0x00007FFB975A0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/2544-89-0x0000000005A30000-0x0000000005A42000-memory.dmp

                                                      Filesize

                                                      72KB

                                                    • memory/2544-76-0x00000000029D0000-0x00000000029DA000-memory.dmp

                                                      Filesize

                                                      40KB

                                                    • memory/2544-75-0x0000000000550000-0x000000000055A000-memory.dmp

                                                      Filesize

                                                      40KB