Analysis
-
max time kernel
543s -
max time network
545s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09-06-2024 11:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
Resource
win10v2004-20240508-en
General
-
Target
https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
Processes:
MicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
msedgewebview2.exeMicrosoftEdgeUpdate.exemsedgewebview2.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation msedgewebview2.exe -
Executes dropped EXE 30 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_125.0.2535.92.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxPlayerBeta.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exepid process 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 5100 RobloxPlayerInstaller.exe 2624 MicrosoftEdgeWebview2Setup.exe 1796 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 3660 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdateComRegisterShell64.exe 1880 MicrosoftEdgeUpdateComRegisterShell64.exe 1684 MicrosoftEdgeUpdateComRegisterShell64.exe 4388 MicrosoftEdgeUpdate.exe 4512 MicrosoftEdgeUpdate.exe 2988 MicrosoftEdgeUpdate.exe 2072 MicrosoftEdgeUpdate.exe 3776 MicrosoftEdge_X64_125.0.2535.92.exe 4828 setup.exe 4732 setup.exe 1376 MicrosoftEdgeUpdate.exe 2208 RobloxPlayerBeta.exe 4900 msedgewebview2.exe 792 msedgewebview2.exe 2660 msedgewebview2.exe 1752 msedgewebview2.exe 3908 msedgewebview2.exe 1668 msedgewebview2.exe 5668 RobloxPlayerBeta.exe 5688 msedgewebview2.exe 5912 msedgewebview2.exe 4336 msedgewebview2.exe 2144 msedgewebview2.exe 5708 msedgewebview2.exe -
Loads dropped DLL 54 IoCs
Processes:
cd57e4c171d6e8f5ea8b8f824a6a7316.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxPlayerBeta.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exepid process 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 1796 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 3660 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdateComRegisterShell64.exe 3660 MicrosoftEdgeUpdate.exe 1880 MicrosoftEdgeUpdateComRegisterShell64.exe 3660 MicrosoftEdgeUpdate.exe 1684 MicrosoftEdgeUpdateComRegisterShell64.exe 3660 MicrosoftEdgeUpdate.exe 4388 MicrosoftEdgeUpdate.exe 4512 MicrosoftEdgeUpdate.exe 2988 MicrosoftEdgeUpdate.exe 2988 MicrosoftEdgeUpdate.exe 4512 MicrosoftEdgeUpdate.exe 2072 MicrosoftEdgeUpdate.exe 1376 MicrosoftEdgeUpdate.exe 2208 RobloxPlayerBeta.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 4900 msedgewebview2.exe 792 msedgewebview2.exe 4900 msedgewebview2.exe 4900 msedgewebview2.exe 4900 msedgewebview2.exe 2660 msedgewebview2.exe 1752 msedgewebview2.exe 1752 msedgewebview2.exe 2660 msedgewebview2.exe 3908 msedgewebview2.exe 1668 msedgewebview2.exe 2660 msedgewebview2.exe 2660 msedgewebview2.exe 2660 msedgewebview2.exe 2660 msedgewebview2.exe 1668 msedgewebview2.exe 1668 msedgewebview2.exe 3908 msedgewebview2.exe 4900 msedgewebview2.exe 5668 RobloxPlayerBeta.exe 5688 msedgewebview2.exe 5688 msedgewebview2.exe 5912 msedgewebview2.exe 5912 msedgewebview2.exe 4336 msedgewebview2.exe 4336 msedgewebview2.exe 2144 msedgewebview2.exe 2144 msedgewebview2.exe 2144 msedgewebview2.exe 5708 msedgewebview2.exe 5708 msedgewebview2.exe -
Registers COM server for autorun 1 TTPs 33 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe -
Processes:
resource yara_rule behavioral1/memory/552-3260-0x0000000180000000-0x0000000180E54000-memory.dmp themida behavioral1/memory/552-3605-0x0000000180000000-0x0000000180E54000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
RobloxPlayerInstaller.execd57e4c171d6e8f5ea8b8f824a6a7316.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
Processes:
flow ioc 19 raw.githubusercontent.com 40 raw.githubusercontent.com 41 raw.githubusercontent.com 286 raw.githubusercontent.com 311 raw.githubusercontent.com 312 raw.githubusercontent.com 313 raw.githubusercontent.com 18 raw.githubusercontent.com -
Checks system information in the registry 2 TTPs 12 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exemsedgewebview2.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 2208 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
Processes:
RobloxPlayerBeta.execd57e4c171d6e8f5ea8b8f824a6a7316.exeRobloxPlayerBeta.exepid process 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxPlayerInstaller.exesetup.exeMicrosoftEdgeWebview2Setup.exedescription ioc process File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_key_indicator_inner.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\TopBar\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\bottom_zh_cn.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\sl.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\ButtonLeft.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\ButtonSelect.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\pl.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\dialog_green.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\DesignSystem\Thumbstick2.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\LuaPackages\Packages\_Index\t-1.2.5\t\t.d.ts RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\navigation_pushBack.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Lobby\Buttons\scroll_right.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VoiceChat\SpeakerLight\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\ic-more-profile.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\msedgeupdateres_uk.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\left_hover_zh_cn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\km.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainTools\mt_sea_level.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_4.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VoiceChat\SpeakerNew\Unmuted40.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\FaceCaptureUI\ReRecordButton.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\GameSettings\default_badge.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\dual_engine_adapter_x64.dll setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\BHO\ie_to_edge_bho_64.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\VisualElements\SmallLogoBeta.png setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\btn_newBlue.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Emotes\EmotesRadialIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Emotes\Small\CircleBackground.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\back_zh_cn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\ms.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DeveloperFramework\checkbox_unchecked_hover_light.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\Voting\Thumb.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\InspectMenu\ico_alert_tilt.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\Auth\CharacterShadow.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\avatar\heads\headD.mesh RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\shaders\shaders_glsl3.pack RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\Search.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\TopBar\leaderboardOn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\addEvent_border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\image_keyframe_bounce_unselected.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DevConsole\Filter-stroke.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Health-BKG-Left-Cap.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\fonts\Fondamento-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\fonts\SourceSansPro-Light.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\fonts\families\AmaticSC.json RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerLauncher.exe RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Modal.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VoiceChat\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\category\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\ja.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\identity_proxy\win10\identity_helper.Sparse.Beta.msix setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\PlayStationController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VoiceChat\SpeakerNew\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChatV2\navigation_pushRight.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 8 IoCs
Processes:
msedgewebview2.exemsedge.exeRobloxPlayerInstaller.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe -
Processes:
RobloxPlayerInstaller.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe -
Modifies data under HKEY_USERS 43 IoCs
Processes:
MicrosoftEdgeUpdate.exemsedgewebview2.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedgewebview2.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624050758052402" msedgewebview2.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
RobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA} MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\PROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID\ = "MicrosoftEdgeUpdate.CoreClass.1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" MicrosoftEdgeUpdate.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 449245.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exeSolaraBootstrapper.exemsedge.exemsedge.exemsedge.exemsedge.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exemsedgewebview2.exepid process 2572 msedge.exe 2572 msedge.exe 4772 msedge.exe 4772 msedge.exe 412 identity_helper.exe 412 identity_helper.exe 4644 msedge.exe 4644 msedge.exe 2544 SolaraBootstrapper.exe 2544 SolaraBootstrapper.exe 2544 SolaraBootstrapper.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 1220 msedge.exe 4968 msedge.exe 4968 msedge.exe 2208 msedge.exe 2208 msedge.exe 5100 RobloxPlayerInstaller.exe 5100 RobloxPlayerInstaller.exe 1796 MicrosoftEdgeUpdate.exe 1796 MicrosoftEdgeUpdate.exe 1796 MicrosoftEdgeUpdate.exe 1796 MicrosoftEdgeUpdate.exe 1796 MicrosoftEdgeUpdate.exe 1796 MicrosoftEdgeUpdate.exe 2208 RobloxPlayerBeta.exe 2208 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe 2144 msedgewebview2.exe 2144 msedgewebview2.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exemsedgewebview2.exepid process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4900 msedgewebview2.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
SolaraBootstrapper.exeMicrosoftEdgeUpdate.exedescription pid process Token: SeDebugPrivilege 2544 SolaraBootstrapper.exe Token: SeDebugPrivilege 1796 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 1796 MicrosoftEdgeUpdate.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
Processes:
msedge.execd57e4c171d6e8f5ea8b8f824a6a7316.exepid process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 552 cd57e4c171d6e8f5ea8b8f824a6a7316.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exepid process 2208 RobloxPlayerBeta.exe 5668 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4772 wrote to memory of 3608 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3608 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 3928 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 2572 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 2572 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 1168 4772 msedge.exe msedge.exe -
System policy modification 1 TTPs 1 IoCs
Processes:
msedgewebview2.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection msedgewebview2.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb884447182⤵PID:3608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:3928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:1168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:1928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:1340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:2944
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵PID:1860
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:1364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5804 /prefetch:82⤵PID:540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:3024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:12⤵PID:2608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:2056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6840 /prefetch:82⤵PID:4432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:3864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:4848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵PID:1132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:4400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6304 /prefetch:82⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,14903484233984286957,17178558847344743288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208 -
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5100 -
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2624 -
C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU85D6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1796 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4436 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3660 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4412 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1880 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1684 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGOEM2MzZFMC1FRjc1LTRGOTYtOTNBQy0zNzE3MjRBNjQ5MjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNTIyNDQxODAiIGluc3RhbGxfdGltZV9tcz0iNTUxIi8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4388 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C60482A6-C041-4EC7-86FA-CFD25E84EA5D}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4512 -
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2136
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3632
-
C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2544 -
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
PID:552 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=552.4804.16590893297644807373⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- System policy modification
PID:4900 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x178,0x17c,0x180,0x154,0x18c,0x7ffb75934ef8,0x7ffb75934f04,0x7ffb75934f104⤵
- Executes dropped EXE
- Loads dropped DLL
PID:792 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2660 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2016,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:34⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1752 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2212,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3908 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3484,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1668 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4248,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5688 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4736,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5912 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=784,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4336 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=780 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2144 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4840,i,13432542321013152110,8579131645953596221,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4932
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2988 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMkFBRjBGMC1CNzc5LTRERjUtQTRDQy0yQkRENDAwREU3OUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNTcxOTQxNTciLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2072 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:3776 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4828 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F272687-D4A3-43C1-9759-009B5630A40D}\EDGEMITMP_CFDB6.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff616a54b18,0x7ff616a54b24,0x7ff616a54b304⤵
- Executes dropped EXE
PID:4732 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzYwNDgyQTYtQzA0MS00RUM3LTg2RkEtQ0ZEMjVFODRFQTVEfSIgdXNlcmlkPSJ7NUU5MzM4MkUtRDY3MS00NTU4LUI2NUUtOUYyQTBEREFGNUNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3QkVDNzAwQS05MzZCLTRBQzEtQjBEOS1EMUQ1Q0ExNkQ3N0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS45MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM2NDY0NDE3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNjQ3NDQzMTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjI0ODM0MjMzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xOTlkNmIyMi02ZjhlLTQ2MjAtODAyOS1mN2UzYTJhM2ZkZWE_UDE9MTcxODUzNjE0NSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TcFElMmJRbTAlMmZQT2ZrMzVqTHZFWkhlYmpJcndybSUyYnE4a0VGYlRvdnZaSW12UEY1SnBFSk5wJTJieSUyZk1RM1ZCSzhGTG5QZ2d2JTJid1hWNlF4R2glMmZhdFhha3pBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczODEwNzUyIiB0b3RhbD0iMTczODEwNzUyIiBkb3dubG9hZF90aW1lX21zPSIxOTMxOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2MjQ5MTQyMjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjM4Mzg0MjE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDc0MTU0Mjc4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzI1IiBkb3dubG9hZF90aW1lX21zPSIyNTk4OCIgZG93bmxvYWRlZD0iMTczODEwNzUyIiB0b3RhbD0iMTczODEwNzUyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzU3NSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1376
-
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.9MB
MD5d42926508ba6626be0143a2aa5275ba9
SHA1ca2b45426611211dcd47fe66c9255ab81b843943
SHA2569595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a
SHA51253aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
30KB
MD5aab01f0d7bdc51b190f27ce58701c1da
SHA11a21aabab0875651efd974100a81cda52c462997
SHA256061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA5125edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e
-
Filesize
30KB
MD5ac275b6e825c3bd87d96b52eac36c0f6
SHA129e537d81f5d997285b62cd2efea088c3284d18f
SHA256223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679
-
Filesize
27KB
MD5d749e093f263244d276b6ffcf4ef4b42
SHA169f024c769632cdbb019943552bac5281d4cbe05
SHA256fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA51248d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
29KB
MD528fefc59008ef0325682a0611f8dba70
SHA1f528803c731c11d8d92c5660cb4125c26bb75265
SHA25655a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA5122ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed
-
Filesize
28KB
MD59db7f66f9dc417ebba021bc45af5d34b
SHA16815318b05019f521d65f6046cf340ad88e40971
SHA256e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952
-
Filesize
28KB
MD5b78cba3088ecdc571412955742ea560b
SHA1bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA51204c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf
-
Filesize
5.3MB
MD5d6ec3ffe6c3b16f94d459947f56cab5f
SHA1f6a05ce1e412ac4273ad362ab9ff8c314bb80747
SHA25687eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9
SHA5129a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484
-
C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD5295bbca479c9ba1031c59f11218cff3d
SHA147fb528bef6eb4d5c9f65d57939bc90b2c5d7317
SHA256b558d6b4266475dd3bfe6aea3f1c345d8866fe67258d44cb158db7033877ea8d
SHA51260bab65511d744a48c442af7c4fc6e66da4dec4ba731b8fc9207e305905b46b24945ecca7f5fdde34b571fabc58ec9fd6662b9173216c5c74e874f7a4d48eb59
-
Filesize
113B
MD5b6911958067e8d96526537faed1bb9ef
SHA1a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
SHA256341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
SHA51262802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062
-
Filesize
60KB
MD5f28fc4190058388e8bd36a749cab9051
SHA1356779d652184657db550c3ce63ed829790e19e8
SHA25661dc80495db8d125a83e9bd14cd526607d81b9a9e9d2405a2241fa480fc10786
SHA512f4bb5ddbe2571501bc38aad986c74181722abc4462746ed28eafc6fcc79a436abae2dc3f4c7fa8605d2a5ef4e016c344006d628026aa811aa4455283fd75b71e
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
98KB
MD53020c417c60d75bab45eb5bbbc8692ba
SHA19cbf1c694914b66e445ab9dccd9787fc39e464cf
SHA256e051b84978d4d8421e774833fa27ca6e3ffb06e677766898cd3350e16c4afd11
SHA512f02977e465ce26a0935ce893a5f85e00c225bcfac181ec190c3c73722329eac6257d3d4f32599f3c917d0e708d4231bf7877d029a58e6383fc090fd78cf05243
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5d8a14f33feeed1d7f63a7ae853d4a0ca
SHA1a7a96978abe4a7e74ee59c88951a965a4c30997e
SHA256d58a047cc27e7dd6eb988830b4beddd3de32a27a0451fbd3de9f3818d0cc688c
SHA512ea65ca3b75b1134b120486ea9ddd25ac905f60c1383e39708dca5f9e82de2da669bc0d3250de00cdb9430a3359afc89e4bba4c4cc7ee0bfa48cf11b1911c1d43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD510c23db644dd3fad544558ca2cd78db2
SHA1c9ff4526edb2c2f51261955d965896d979de89f7
SHA2562b597ace0c7bb6c3098ed67e5aead4dc93fecd56dde813b2c03941d96c6d5740
SHA512fbcb29e3362f61b02566e6b91ba44460216b3434dc6f9de03c159cf194adf7f23a3bc651ae5277a2633e82a7a133aad39c1be87f8931e444a3841c8bfa903505
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5cfe67dc81e1da2fabc6afeadd24a0aae
SHA1235e79ea9dbe44a3262b33c6a399f26cd5529d98
SHA2562b945ddffa927a1557b95ebf269fee013dd6cb40c95d82fd17d4d67d62034558
SHA5126f25fdd716a80b0af357ef6cba7a59759850299b4d7b2e347549f66acb79a257a82ed8caba1a84a37cb69a09da4680498374aba2ac381bc70f55bd7c684c19e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
2KB
MD5c0e239c4c79497c1adfe4bb998a00587
SHA1f8a0dcb08bdcdff01106a363d5d823033e5c943c
SHA2564abadf7686d7142e11de82aa54af06d7dc6267ed6183b2f832a72e9f0e614f36
SHA512a0c26cb5bb25f572e59ac090fd1fca05159dec45864965d84e65e88d59efbc5b1ab2a713c159f5554f34e136b3fe929c8e5db543387cd8905cfa5aaba202ec5f
-
Filesize
2KB
MD567509a584c18d99ce826acc7f847567d
SHA15f8429825fceab669a0fe67a0221491d8687c7bd
SHA256a4e71527fa390b0efaee9f1752b3370cbc52b0514730fbdbc280ee24976fdb78
SHA512a3b3f52f00890cad635af3dcdec8dbfcd209877e9d179ab5fca6151fa888e4ba1ab69d6eef7349aa37ffb0b61e1dff6e1a69128b7ae57983336c6ada21f436ea
-
Filesize
7KB
MD5a3cdb3049140a3421a2f1cfceae36e02
SHA161a6af0dcb9deeac98c666bac33dd2f5ebda1ac6
SHA2560a24095b9c2c47eb03c72bc446b2dd321d29bc2bf36d383563a91fb9800fa6cf
SHA512add2783b933b61e416f02d67d072a7a9b2041356fea76405e0f804092ca46b3a050d9f31c610bdaf950cc658af0b5120768fc618b7a132917c29971766d4dca4
-
Filesize
9KB
MD516b3dfde73cda304a344d2b37b1d940f
SHA1d251575ceb56c12a3ce55d06299ef1f683dd9be6
SHA25667ccca91399537f102a817396acb91368d8b43e789c88438cf821aa8cb8f64f2
SHA51230a63f19658a47171eba685be4ad62ff447d01590543c1471f5c4016638d2c63ae2c5e0f8ae9eb5d5f29d908ff976cbe54484d55d1b849791ecb48682bfd6b1f
-
Filesize
9KB
MD5dedd4b6390a0020904332469e792c4b1
SHA1e168e1a412e7f3b0f0b5605257feb35ebd1d1d97
SHA2563d5afe3617e0b35475438114e3b341fc4a9ebf162707985e25b2b858886490d3
SHA512e6182d441318fb3d044a5567bbe5fd7950ee324cf913128f1ac6f65952ae800280f051e0c593c069cf9e9697ce6a41ccfcfb57c831d605653c5f51316a2bae4a
-
Filesize
5KB
MD5d2bfbb9e49707fbf5d0c8a5dcb96bd72
SHA120ca70a4f34e96da1000a44d00ffd8ce624a1e33
SHA256790a561f99261507319b1b93a90341e8df37b10ef5ed379e27ab2ba8b7aeb3fb
SHA51272d8eeb09f30cf4416448ae55dc72ca98b3de09555c76b7956b04006aa692602901d00d00ed3c0069435b53fbfdb3163da46538e83982b4d9b5ecff00a700a03
-
Filesize
6KB
MD54ee86338c2b7b10625b3dbe87c710cd7
SHA1850010ba30c5ce34d655d8b6769e785f1d006444
SHA2569e9ed048dcea3f1533a7a43150c405f4a5e938dc9b4d56edbe609586eb822f3a
SHA5124393aaf8e67866bd8e9f9f8846a69c5aa848327b0c1a27f18d1f851f3d5be8ff6ab79adf0c0c958f982f9c440e089f373844333c500b68aaef115a5aca48b970
-
Filesize
6KB
MD58d6820a7ddb1a374c06c40720e87dcde
SHA1532445a923607661261e89251e8b3b71fabd10a5
SHA25643fd58ff4583f24c5949ff741cbbce09b2510429f91142f51cadce9256d7098d
SHA5121b099b7e1090e8dad0eea374d43b252e95b26a9dcd748ee52a6ae030900fbb6999fe63dab8fdbade6d7bf127e39fe50954b1f2ae9151397a0f51bcd4f761f0d3
-
Filesize
6KB
MD5016986bf5eb56a2f983396fd885a6f93
SHA1a4c7d5d706de14e7979dd2353c5aacd6ae086276
SHA256e7895c96a3f1810ca756dc7a316bb9161b704763285f819e362274dc9da3252b
SHA51243424cb51cacd26b0a6ce18686107abd066a490d9b42fe1c9dbf4b199f0b06a32e84332e43f3815b3e82361ebd4e21969f866153d9bb28afbe805c4ac4bad488
-
Filesize
6KB
MD58bbff8c768b54f081ff7906718d5fe0e
SHA16bc09cf6c5b18043563f8daa53271300e2a865e3
SHA256f6aabcefc0fd1a1e2d512a5e1d4977d81cf16d39b581cd0991af5f0c5ff9a4d7
SHA512358c4c5d4da12dced7f5a0cba43b6978f45727467d481621ce85455b81faf156cda2ba89edf8434f456568f8a848e15982486a7ea8ae17547a783cf5f1a27634
-
Filesize
6KB
MD5e35dfff2ec206d721fff479dba27fa81
SHA165a934021143f14017fa3f9043cdb5a98f7fd5aa
SHA25656400c0cd78724aa408763a008788f4a23a6c186b9761700414c7a4c831b596d
SHA51249cc22049f61a9e9a8864635803f561a158258e0f4c43c23d9e9405e7b8224f803a377b22696a326e5ea5cddf37d2befd3fa50db9d9caef9c3e5be5722ef7a09
-
Filesize
5KB
MD5cbf2db79f228bd1514aa8614be48be43
SHA1cf0375136ad8c67adbf03300872c8bfa6e934ac5
SHA256388a402946d25e96af2c4462717963cb1efb4f3079f430ec8e69bbeb0811c3b0
SHA512da5e77863809ea9f256d4302a26bc1260d040a53db32576f1413657bc342f163288077fa699dc6a35b9c0de1c41ace38dc058fa6c1178e97b4a6f40e44182dda
-
Filesize
2KB
MD5c6970e0a92b04ff456d7db1f0b491222
SHA123df9e982bfd028601a3cb39684e5da828f4d411
SHA25656db41c4bb34a7a806f390deeb7ebbd667c46782341471987f6673024fd684ed
SHA512c1440737ffb90017ae207dbe5add724ca2ce40cb72f08235c0c703656187f6f88a9bf2598f5fe3559a4a571a56616ab94db2c75835347e7f83a1ac7232c81f32
-
Filesize
2KB
MD5939d5ccdb8133d8400a3df5796736325
SHA1cf9937148fb05f9bd882bf26d8f2788286d3ea7a
SHA2569bb70d99da833c8161fb8851d913dd46ce7c13f3fda2e30ccf2470426387c250
SHA512467a27f3b13cc59f529133bc49dcb19f13a96876cc2de1b789f00fd598d2c3b8f60d6c0ac40c7d9669f09457a1ac46f47a4b768009b4b8bee3ceb47626e0a4da
-
Filesize
2KB
MD5b555e387c3b1f7af975cd9537bd310da
SHA18ab0f7dc9d9be52643f910dd1f4df2056998763a
SHA2569817a28be245df51adfa101dbbd4fee6c5995118ea1fb974da93a15249270456
SHA512b843592e94909f78e3a46a20b7284fd2e41cf7f65861def23a3b6bc2cbd1ff2c8c179a2b7fa297a61526651f589f7f4998d5d683b368d58162056622b838fa12
-
Filesize
2KB
MD503fb7b63da27a7374bc30d4fd0cfa33d
SHA160bf63eb331dbf356e8e0b7316fc87632fc78e52
SHA256c026c0752c2d108dce453dd5ed3de781f936ecd545826678b0ab0b792549fd68
SHA512c249d2fe3abd77d614c5a514ef0d648ab40a6bbc09246293e6087ccb67f96f5288362c70bb47298f39e0548f3f07273aa1a442294cb860a507813b021fb762b0
-
Filesize
5KB
MD59ee15c53ca933fbe3667138cfdd21217
SHA1b5a650a2b9edea2cfdd9050a0bb8b502b2a16426
SHA2566cfbc404531d04bd15564b18ce00ab354e2966172c211795e2eceb2beca16bd2
SHA512691bdfd64b5cae7fb3ca51502ce3fff3d5fc393a1d3b3c5d9e0e062405ba7aef5d3aa11197d3e04c1cddea2f7e235d1c7c38204ff348fc38c6980b6838c691e5
-
Filesize
3KB
MD56d59f1940e5cfe6084a3a63104d36bbb
SHA115348a8c859e091b46fca26b7a83e80bfdde4623
SHA256dca6e7319366c301da0a21d8337584093b430f08c55ca1eb2858d035db1e50ea
SHA512be0a688e209304a7fbe8dc46c07f544d99e22f83a822437c22159a164577268f9de5cf82aa77f318d69e4a918da9fef462e4b5c2f56aecb86b478e81aa15cd4d
-
Filesize
5KB
MD521a53dcd77bd86acad0650281f827c63
SHA104f8bba4585a4b7d5d6aecadc7f0e8a00c5645f2
SHA256b9d921361038bfb7965060378ba54e652b1e977ef556bc48e8a7cb2280c36abf
SHA51237e5f8e408f4f995cb1d8bb6ae570e1aded3a0d7a161dc6d49ef37f240d4ea4cf3cbd998c5c947202c128c8b82b16a6bbc51b33f9265187db5c914bfc4003106
-
Filesize
5KB
MD56abda7448bf5f3eaa8c93996867c7750
SHA1b59fd6f2a6909ecbaee7922fd5fec0b186c9138f
SHA2562b2a44722e5932b8bc960a19b4318bc2f4e849a82c192ea564892fb7e09a78f5
SHA5121e87afa57bba3ecf6be4931b1141a518e64a0fc5964850152109274230b6675ff15169eb36cf2dbf400b637e9a632dc4fb40e22ab5f5bf603abe12968825b2d2
-
Filesize
5KB
MD5040a1bf1218612c4e624bd9e21dd8ea3
SHA1ec628418f5f09806d7360009e9eeaf3661a8f4dd
SHA256cb7b95fa7c0256b8fcd2454946c6d76c498d528390644fbe4e01dcc4817a179c
SHA51276af8d406c7c18a9970cc6a89e878a15f4f74d7254387e427e7e6d03d1b10eccdaffac7d412b477eca1f5fc43961439e2b226a3e37c0769d7e159273d97ef10e
-
Filesize
3KB
MD5bd9abbdf1ac1958f6c75f9d5139a8208
SHA10753b6f658573762aca15e0f970a91756bc46f4b
SHA256554183ed82f8bf07a300c8900a20049a1bf55ec6a78f74aaa8d3357c48c98728
SHA51227d004f2557c52b409ae325b75bb6c092e48621c6f4f51162e66083906f5e74866124a4a771f9a1122538035cc53d4f5e16c9d10755356da4e3dd1c186f996c7
-
Filesize
3KB
MD5bcb7d5fb0488a1b4be66f0869b490c1b
SHA1925ecddba7b44179e49b85534b75e78342d38dc2
SHA2568bc5f79dcc999273589fb9272b5010303ee04bda5dfc7e845ccd31d402a19dee
SHA512168ec65d497826c0c4968f94b52768cfac5d03f49b2f2df46da229cd2c99ebc46cd25cfe82bcc89aee9e6a8d089be4b72521338b429c0f04b609e77bec2a7b30
-
Filesize
5KB
MD540ee3b089c2d330cc32d474d3493a51b
SHA17aaf0a7c580d58988f483b9de48aa89641b4f5fd
SHA256d9bf85797f4cbd9e5aafc173f8af4d573383fa4eaf956cea4e80f550f1114e14
SHA512839e9b7215493ad808f0553e534d79714f892e962a3ca0a8b854d9093bf195ebbbab943cd37b00ceda02afa2c4ef198fcf62f5dac2df986c055af03ce7e01433
-
Filesize
2KB
MD5fb4a62097407ec5e2a49a802fa370b3f
SHA1c67ff79560df7f5123dc77784ed4b31ed47a90e9
SHA256fc0e6de62e36761122a10f57be2011f246fd95e3d2611f994475a605797e565b
SHA51294cb72c973fced4bd5f897f5037b26e7f64a79e06d6e21bde38c2285ce483942dae99c4a288f031c515941aaedb5a6bae122c1aff686943e72a06d72e0c2d677
-
Filesize
3KB
MD5f6e291692e95072c81a9a86178bbd31e
SHA1d493717812923896dc255d4c15465ca1c7b961f3
SHA256845008ec7c2edc30549dda3ebd3b14a2b9079d021b76cae5a6eae01d6385094e
SHA512206a789566f7863313a7f3fa638944f078e6b7adacffb5f70eceaa68f65582d38aa7bbcd09ab6297e6c64979a0cd47d25c5b4ccc45f8a1824e44c83d4fb85b5d
-
Filesize
5KB
MD5ac636b6f5e134e75ce9bde03d02a23a8
SHA1dd0161137aeb43b37c78d9b8355514a8faec322e
SHA2563847eb4f329ea58d6df64b4dde9c7f34441c3802ebbc0a285cc00c873681a4b5
SHA5123bca33aa0628808a460b06f6aff55ee3441d20f534a7a894db4e196ecc63bcedaba22f77a993e193f8c6ee183866b4bc949592882133f67ef9558ae0e70fb713
-
Filesize
5KB
MD5efbcc111071066fd983693d16765c7b1
SHA119279124650951152b99b829cf6189202832116a
SHA256c168744933ac1fb2dc976635611d3e8bb6848087bd819c68d6f81b75294030cb
SHA5120f5e186c86b507694445a446c5b3945d33320d8027e9c3e7019b375ce24f84cb9807acfeeabad42a32ae9573e6a67c9c550066ca45bd5a48d3ab89b249a362b9
-
Filesize
5KB
MD5885cc9eb48dca57bae0f657dcdafe515
SHA1ba1ee94ae3ca38d5db50cdef7804f54666ec3d93
SHA256305d7cc8e7361d4e9488e4283d0849cdc1103709103f9a0790ebe727a9b55cc6
SHA512bc3304828e8e7b0dcf8e89937942ed7d1cbd376eb2899cffa625c66ef801624b3740e7c0707cc6c69a3f4f53f8bac4010b7d4f8ce7ee4ab06cfb58d8bfcaaf2d
-
Filesize
5KB
MD52a34c3d0e99fa8997b9ee8e89435095d
SHA1f4f2cfc18ec0fc38c7f7d5c91132e2d85a619f9d
SHA256e40cce2b90997627027000c0d8220566d99e053e14aed6bbbd9a4766f517943b
SHA5129b625b5d8ae58503dea09a1cb6fad735298c9a90f5d074f87b5038d915582034662e1ec2b6b430f92e80558b26bfedaf97f3d04937b1bdf3b041e6f1f4a2f91f
-
Filesize
5KB
MD594ce7769f69e2e36e83c91db371e44de
SHA121a3fd21d15e3ceb8b27a314d0159fb7f124c059
SHA256178d969dab78abec0b868923690902d8d78b6249d69c01a7297b84ba19790c81
SHA51283850e3114dc430313184d4efca26dd19139a9d84d0e5ba4da53e78fdd8ef4c32154c841aff59187cfc2fc5525d54ceab6602a9a9422fcb1dca882660156c0f1
-
Filesize
5KB
MD5c8c923dbb1176b50440b3f75ce313d75
SHA17f35afda679505a12b721a2045be79dca8d5b0b1
SHA256abdd0c428449e1f48e43bb3ddd9f9f08053f507381ac2580e63cbfd752a5e848
SHA5123c6714d8d8cf50bb79333aa3d66761023768c11a2fc01591b73c5697fba24b38175688eb9e0fe272cd6e568bd21fb0e9045eefb0fc0a0a05d3a5b473cbb42359
-
Filesize
5KB
MD55a578467926b0d35887f92b33d549cbe
SHA108f3d7aa22e6346044426118a4c5a5f069936e84
SHA256e6994848dc2f5f0e183821de0224e3e2216f7b691d2761fa83d51d137c7d65fb
SHA5120671ad252268af1a324daf1b7ecbdcd43579f00c93a3e677aab9e007be1a1b2620779e5b6a3bf70d005f632a0191c00a1b54381110cb0dcc01f97897dde1ed3b
-
Filesize
5KB
MD5395268496992a7b85e3039966d36aaa2
SHA1fea14b76ea25d90c77663413d9f160469b7ad7c2
SHA2561d5b67c7fa3141c8428abb030e159651c33a206778a619c6ef5afdf369709255
SHA512319d1bed772eedef9ad6b1b4bdecc98e6ceb5216753c85ca724e58451d79e5cbca4fa893ac8e5eaa10feb477960372a9ca060587bc7f3afb1cdc4d7d06c18839
-
Filesize
5KB
MD592994f4e3a1f7dde18afa1b5e1cb97f3
SHA1a3c0bf1e67ddf356f75b41095bc5344114c74e26
SHA2566ea7334f9194a5df1f4f22b4b460a800e68009f0861d4723c29e1b20f79a674b
SHA512594c091083064e5bbfcfa840e96578102f2c5f524d68f1fcf4e25ebbec7075bdb05f0e3c5bafb24d461fb2442b6ae222f7153d7a823f3f2721440a837a1e57e4
-
Filesize
5KB
MD5ffb0893fab95efaccedab80a87ef20bd
SHA14f5be23bb57922aa3a599729de9b445ff596871f
SHA256f6383af77ed949bfc090d85fb7ea9da528ea082e27018c16acdb4e60b7a02ce0
SHA51265a3ecf6d06d63011825fa8f4f7eb110afa4a0b8d370749714850555b3926f4bb2c7aad8c8f5d5b198721cde1ad930d760c9b54e2280d2147a3babff94da23ac
-
Filesize
5KB
MD53823a5120c24b69dc2718dc52aa2e40d
SHA16e0805dc365752cb1c08ee191832f24fe6932c2c
SHA256efc26ac497886d032bde2bf3056750c01803c47cd74fadea59a1605564f4d7ac
SHA512571eec53340843a1634d7066512d2d73f4a6e3086ab294356a5533ce2b64be523afb4c956272cf2dcaa4975789a47fba8dbb4ad821e02cc9cc428da7ec4789e5
-
Filesize
5KB
MD5ae1d2e56050fb712895aed51a47a7650
SHA19b0eb2549622e5df6fad85ddaa4b7d1add102faa
SHA2561825da2880e625a354f8a49a4c32f99eb5b597209e92a4958c8be7ec46674da5
SHA5120b4170adf794e05a677bedbfeb4f42f23d4a87ef47f2c8142e621018824b12a3aa5555a8434128d7f0d8d5f8419abf75bb7222e7ae3ed5490c65045821f55e75
-
Filesize
5KB
MD5e060d07ea2fb9637a12380cae5b849c7
SHA172a058015b08a60adbf3c9abd9fbcae7bf63c7d0
SHA256da75741b088764f11234c08f21809f771c6e308bf8c391cffd98bf905a9c3e68
SHA512551935f376ad6fe4bec42db715dc682f804994836fac5192734fb30e7bc19d634398d47b98c09e52851be188de687544b6d1cbc56c89f2df663b53dabb15e528
-
Filesize
5KB
MD5970487704f4ffa68ff62fc489edc6ceb
SHA12badd9aada5505ea08eb823f5aa9797d1eedd74e
SHA256bd56fcde111aa604f957845817edbed440ef962e05b4a73134d5a7ef7dfdb821
SHA51246345eb1601ad6256d23575980b95ef566f3ffe0285320aff8d49a0a5a531432b9167f7baa3dc58740e0bc734c061a1f6afab0463eff138e45918300f118e206
-
Filesize
5KB
MD5405bfafe5ec2a484dd422b5497839dc7
SHA130b6a0aa53cbacc81882ddefd45693c25885e5c9
SHA256b7b0e1f66864e8286e537d4cf08fd21e8a8c056f4a71bbc692a04ce2714ccffd
SHA512daa24a677dba420c57e65a4839b809089d7d4dbe0f17b01296054d35478aab0a66425ea18370dd4be794ac3a46f0419b18561710c47f3c16bf24e3336fbf8581
-
Filesize
5KB
MD5d2f871357181975a10e553e25e59f52b
SHA1e4f5c06e2622bcad1a99dabfc380048a0175fff9
SHA25698a04888e2d89e243fec5c2937b864f2d32ee9ec5cef0f913b115557314da3e9
SHA512e4fb6aa8f33d3b49c6ef0a1c31ea320b6ad830f99ad677bf5be10d13703e1512b44d57bb2e01383aff68e6c9e2687f0bd92992559b3598c125151f00c26e8ecf
-
Filesize
2KB
MD5c948c739799b73eb03dad895c4f0c301
SHA1d1a61895ca4f99a76505f13c52aa6bf27fea845c
SHA256c49abd64726257351ba005ead265b5fb2c8920ea424c2216b839d168f7e58462
SHA512af73636e0e00b01e4a02dc689e3f94ab3c716debdecb8de841dbb80f748916893ea619ca42a013e1a5709b80e266c01d56a2499c24c0bee2ba0349c9dd347a09
-
Filesize
5KB
MD5bf303cffed2b652529809f222e059c58
SHA17506903751ac0f5ad4e001e9a5fd3f7c113d5cca
SHA2562dcc5546591eb1d9594d52e50fbe50ef0206ebe0d80836b0ea1e1622d6738661
SHA5125b282eb3afc419d312d287df5406dc0f8dddf4c508a61cbfbaf96eb246393e3ea82ab4dd03f9d724500e3ef4542adc40f216e00abc609f2ccfb092511e2b8c11
-
Filesize
5KB
MD5033bf13d8db631d8851f9623d5a01ccf
SHA1390c95567274b7b009bcca5497b9fb5b15361545
SHA256fc6a8cade3ee1eb7ea7b08616b1f23f5de9637fec6a5bbd1f8cd3743598d1897
SHA512ceb6cf3ceee6459dda927818a49910159178f81325545829e4c0f0d18a9ccbcdb639f85398c9d2c1e23cef619ede3d0d898b80a7e814bc1f49882b8027f3f91f
-
Filesize
2KB
MD5b023a6c246f1a220e3a94772ac37225a
SHA15d185600f14179c21e4fbd86b6008e204f19e0db
SHA25670e3e672601808914df142c8167ee86b02d62606fc743c87ecad77262a595141
SHA5123174adff56977f56fbf34e2c4a96480f188e206cc4bfd181ab6b748b3feed19d674646f021193057bba13d458ef658e1f850d15b2865034a9007be9056ee3363
-
Filesize
5KB
MD545421d4b51f96c44185ba43cdbcea4db
SHA1190d493ecc33ca3b192bb4d66c253df82c10c6c4
SHA256803cad82c7b6cf99b345c2b75eb3275d8e0a49bdbeb5e4e5a6a0b84858fa74ad
SHA512d3c98bdec0b6711cea3bb6003edf147e51f8ec965ec1ed3c8907d394f9c83bb95905f47e366af5f6bbf9bb05afee14ff21affeae0b5e5c93a1c8c60a67f1bee7
-
Filesize
5KB
MD5f6febc941a487c08ecfa8fe91880434f
SHA1f297507b451ba78c857cfab6b02d3e0d9569eb6c
SHA25601356b2cad5f1c1e8b19b4cdf9e827bd8486b03343f30061f1b1c1d5eae87e83
SHA51278a4ddbba3794bd5e2b3929a9ed6636187d84d13015622665d51ccf1e6f3a47faa8d3f92d5432cd0f10c58aca93acc7bb197a6c89847d77b25708f347d6d0342
-
Filesize
5KB
MD5918906f1b84fcb06cf44ed146c9a6b94
SHA1f6360033786ec17175b7750149084a2ba4923722
SHA25647715ea8da4dbb59df8725f136087a80d0a53c4cc91c7cb7a8d09cdae37fedd6
SHA512ff6da35ae9055fbefb1cba915448ce2bb1458d217c03c000bbc15f1c05724aaacea9eed646a60aa4d3e5c3bd2e9ebb2de1adc16f345c7904e25c05b9d79c8ec5
-
Filesize
371B
MD56290302fc7e0d0c9a118de04b680c4a4
SHA175c0491854346b4100dfc6ad4ced00a98a610b58
SHA256bc0f3c48d87211fa812e77e1c7aad1c783743a4cc7d1e6b1bc19d5398846e14f
SHA5124d43cb45d3468c5bcd5ca3fa3f3b0fb72527d3a1ecf1d8a8b88ecc8196dd22f59e563573ac8898f725ae09ba09bbd490864d9b75cc9ceffd72cd1705ad08f0ab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57908eb03bbf71aeea4ce53cbe673fa4e
SHA1e71034319d7ddc69b655ddaf08c876930e8950be
SHA2568530244299a55fda9cbe5925cd2cdff287abfc46c1e440cc4394cc00062a90e6
SHA512e2cfe5160cd62a77a8b5eed3358b1e5bcaaa05e990cd1e9387f64dc1ef88e30a01ef5895fadd870d80d5f25916faf5374a3cdad96b30a32590005c13f6bb8629
-
Filesize
10KB
MD5865dee9d3b6f17f9d529a441712fbf88
SHA1e542726a0dfecb1d141c7a366ba07b25549e7afc
SHA256e92403d492187851211971cf5d38b18ec709ffd71622dc1f8fbbc7c7ed89a81a
SHA512abb7826f87a2ec8fb86d3f7018ca4b245dbae9952439295f7805da719bf419b1a40b8424369bf61f2ab9435b0eb2a06c9fbcbb009a11c7ad16f6e6faf27c0e22
-
Filesize
11KB
MD5c597d1c2b1b8908087bb96bc71b7944f
SHA1d5075579d606a8db62ba5efdaae7a68273596739
SHA25622119c03183395f7cc9fcf74630712cb56bb35e8c826627817af002bf4192ccc
SHA5125082e529eea1e72629832767adb7fe69b223e85c0b37ea8488b2f541a5e98c0ff6c3dfa829258af0a71fa32f267f7fe21d3c1adbad0351d9c2823fa13424cfe4
-
Filesize
11KB
MD5d13612355aaa531d45f634e6f8f84c0c
SHA1af0672eb7dd933dd689d1c360d652a9d01130ca8
SHA25684685783cc4cfccede055140c1897d166fb6c985769ff162725155f837730d07
SHA5120768b99793f2f67166792a6100003ffb9da004b72996cdae4860e721474c866e25d6a33ecf468daa0e0e0ea3cf785db41421d4234ac26c478b17516667643f18
-
Filesize
11KB
MD53b011293afead4fbbcfe7ccf77209e27
SHA199acfa9a33e16caf8b15d2ad6ae015ed4f985fe4
SHA256f3ee305e6a8a67045c82cf11c5c652d2d4642aa157f514cb97367145d1cfcd03
SHA512d53c59c020cd9550e2a92084bad7117d1573e3a29bffb8700dc8abfb1f69c2a42d2c714cedf09bdb2b54b03a41eaf3fbb5bd1533dbfc49aaba45ff780a15f2a9
-
Filesize
5.8MB
MD5d711fadf1919a05ac8eccb48c397156c
SHA1d316ed33dda1b7170d56e086e53d280854f301ec
SHA256b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834
SHA512dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282
-
Filesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
Filesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
Filesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
Filesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
Filesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
Filesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
Filesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
85KB
MD5f8f4522d11178a26e97e2046f249dfa7
SHA18b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA2563c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA51252ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\67eaf2d3-830a-476c-9f38-9176447f407b.tmp
Filesize16KB
MD5025378311676baa403120dc91474079e
SHA1aa70882ffd10d1c75b68233fd594c5245e24779e
SHA2562c051d27eb9b0126a12f10836f36cb5dc26446d04424d7a3316bbac2f98d9058
SHA512ff02be203c219046d233b71810a882cc59e1db9bdf51529bdc4b671de99a8fe08f229e5c0cb5efcba72ac27d7cf2ff38e9c0492e7e0fa45d52e9c15042b466cc
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
Filesize21KB
MD5d246e8dc614619ad838c649e09969503
SHA170b7cf937136e17d8cf325b7212f58cba5975b53
SHA2569dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1
SHA512736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize280B
MD5d1c2287b42daef78a90ae7e20fd47e33
SHA1e3a035b7c31847ba050830112cd1369f1d44b434
SHA2567f903c8d8c6b48158ae95885d1b8eb10ad3332383abd73f70fba89898c83f573
SHA512c9c049ef77658c128b75b641bccd5f5d521da19dd3746303f1473a0f17fff5a58f13b9bd4dcdfb2bb4452f12e2484176438588b9b7175894c4f15703aa9656c9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\593b9d1b-5d50-4a0b-8890-62a38267c9c5.tmp
Filesize6KB
MD56d89f2646a3fa099c4dde2d150235c4a
SHA1d41725a8557446e3ec17a329187afc6b8112b691
SHA256c8a77300602f8e31534756bbcca4db1246ea83a1034df43bc09d8e500268f82f
SHA5127d339a1a71207fffd3bee9ccd8261c345bc1caa62c87bcc2d0fd4479e701be53d5432433fe1fcee95efa01ee5fb00c6733dec2957bc15abe1b74d2de395b975b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\5a2fc2e4-c2d4-4cf2-823d-6bed13cf0ea3.tmp
Filesize6KB
MD5cd9674fac009b49801355d3658af16d4
SHA1ccdd75f9263e20fd4de65294ae8d92fbaba16325
SHA2563aff58db209e7698f51ebed3c9194339217147647ccac1857c0678680d939dcb
SHA512c62e0ff75cb22f44c9595d1b94b536d830c218c2c8f00ee8a52eb6faac0381b64b7e59ecda74eaf3d1fa175e123343f9e11acf02375cd7a29f00f5ef45b0a28b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State
Filesize1KB
MD5975fa0eddb12e45d115be8649f3769b3
SHA1eeef15e1fc7352a3c686623e243d3a7d17f4980b
SHA256bc262e746264a298c83ea7009e3c5c327e8d3b518e6ebb34c96e99f6a0682b6d
SHA51296c684a858e4bd05fa889ffbb97b2463c9fd874574cc8a3d8d5ff1e81ef9ad9f48305e6f6a86a93ed648f31a7285916888c632e6637e5c8cf413c9dfed9888af
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5e9662.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Preferences
Filesize6KB
MD5b1c8cb1ef761efe0e6a74e53807e38e4
SHA1c253da95282b34b4345a4bcbc61d80f1f763637a
SHA25615d25b67a0e7bfd15a3ac470a30a12a416b4aaaff3e6289640db4d3217a224fc
SHA512fb68d9e9055f1f0993fc38f985fb54c9a7c804e019752191bc4c1e1c4b0ebf3271d4575d6b72b3af827f8f0cb447e75a413eef2f0f70f81da21a8c662d9b20ca
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_0
Filesize8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_1
Filesize264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_2
Filesize8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\GrShaderCache\data_3
Filesize8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize1KB
MD5b88f94cc2f916bacefbaa64781e95418
SHA1c8787fbd077e43e4c54e1e16a28cc6d0c6d67b81
SHA256ab33084fc5c0c16260a317534909f3ee5b3be4d37333234d88756caddb5b30be
SHA5123b125ee1c4e2f7368500812fb0ed2b10528f0038453258c3c8cabfa07d2d8b3538b59db1c39bb54252ac8b31efc03d1708f16ef96e25e1ef7cd4b74e586615f2
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize2KB
MD52c8d943e9f65bc8f2e01883fde8e50d8
SHA1ea93c7b58a5b4041e3e0f73ecf0acf411966ebd4
SHA256e037f94c29df044ae66c70cc25078f35f766b608276e944723e0203f6ba2490e
SHA5124046f2ba08bb6594848fa11cfce4190b3201fca34207d1a6ec36a73ea1e60d8d390f215877c493bcd0ca5a14d6c5cce36c2bb8496a802060f8514fd690016102
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
Filesize3KB
MD5afa6a089d41241c16ce2b247699310dd
SHA17442e9ab20d301e948cb2954afb79c738e6c59ac
SHA25602f275e0d3367081d9330e39ed404a125addd77b05d505720227f372e38be677
SHA5125aab38748c4e606a8f0f82bba1fc41c237ab01f6ccebc979d7f6f4bc8cbf5f890deefc2087d26fe9595a91230f97c40e95d650cfae274364474c91ad0e1c821e
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe5d831d.TMP
Filesize1KB
MD5cd975029b2044e45428f1f502c4a60ff
SHA1dada148f6a5d26aceb76cd1d049a790298a8002f
SHA25617e6ea19aaf9f53dc0e8686924b1d3b955618ecaa3f8afb4b464fb1deb7de97a
SHA51234e10301f85db9b0080445a4bbe8a48707def5102b127a28fda2a712f6b8051fa01d58a9829c9286a4f143aeb12c07843ff066803b26f523cd11858d6e8a9e8b
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE
Filesize24KB
MD5aad9405766b20014ab3beb08b99536de
SHA1486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
5.4MB
MD584e67989f7ccd11c2b7db38f3d3443b8
SHA1c3e821de715aa7508b3273de16c9156014d81922
SHA2565eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
SHA512d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99
-
Filesize
5KB
MD54ec8143b6dbe27870cf8333711ff5096
SHA1693d467ebec348469011ffef1bd370b113653147
SHA2562510be907ec476e8375ac7b5431536ae9a32bf99fe77ab695a5100852b111b96
SHA512b513d2b9c63d999ccf459cea625bfdc481e44f0f3222996182a0d0d89fdb97ed754b927c7a429e43b96f13d2fc73e2860edca78b162a41101ae97e1a0f4e054e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e