Analysis

  • max time kernel
    1800s
  • max time network
    1798s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2024 01:00

General

  • Target

    https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 22 IoCs
  • Loads dropped DLL 32 IoCs
  • Registers COM server for autorun 1 TTPs 33 IoCs
  • Themida packer 40 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 44 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 44 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78
      2⤵
        PID:4052
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:2
        2⤵
          PID:4124
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8
          2⤵
            PID:4928
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8
            2⤵
              PID:4576
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1
              2⤵
                PID:4836
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1
                2⤵
                  PID:436
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8
                  2⤵
                    PID:3320
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8
                    2⤵
                      PID:4824
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8
                      2⤵
                        PID:844
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1
                        2⤵
                          PID:2716
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4280 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1
                          2⤵
                            PID:1612
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:840
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:1348
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:3988
                            • C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
                              "C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
                              1⤵
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4996
                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                2⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks whether UAC is enabled
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                PID:3088
                            • C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe
                              "C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"
                              1⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5032
                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                "C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
                                2⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks whether UAC is enabled
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1416
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                              1⤵
                              • Enumerates system info in registry
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4296
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78
                                2⤵
                                  PID:3796
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:2
                                  2⤵
                                    PID:4132
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                    2⤵
                                      PID:2748
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                      2⤵
                                        PID:3692
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                        2⤵
                                          PID:612
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                          2⤵
                                            PID:5052
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                            2⤵
                                              PID:1644
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                              2⤵
                                                PID:1684
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                2⤵
                                                  PID:852
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                  2⤵
                                                    PID:1000
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                    2⤵
                                                      PID:2708
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                      2⤵
                                                        PID:3664
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                        2⤵
                                                          PID:1404
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                          2⤵
                                                            PID:1792
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5028 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                                            2⤵
                                                              PID:316
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                                              2⤵
                                                                PID:1072
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                                                2⤵
                                                                  PID:224
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:4152
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:4984
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:4992
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:1852
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:1964
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:4148
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:1508
                                                                              • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                • Checks whether UAC is enabled
                                                                                • Drops file in Program Files directory
                                                                                • Enumerates system info in registry
                                                                                • Modifies Internet Explorer settings
                                                                                • Modifies registry class
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:1256
                                                                                • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                  MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Drops file in Program Files directory
                                                                                  PID:3676
                                                                                  • C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                    4⤵
                                                                                    • Sets file execution options in registry
                                                                                    • Checks computer location settings
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Checks system information in the registry
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:544
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Modifies registry class
                                                                                      PID:5052
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Modifies registry class
                                                                                      PID:4216
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                        6⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        • Registers COM server for autorun
                                                                                        • Modifies registry class
                                                                                        PID:5004
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                        6⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        • Registers COM server for autorun
                                                                                        • Modifies registry class
                                                                                        PID:388
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                        6⤵
                                                                                        • Executes dropped EXE
                                                                                        • Loads dropped DLL
                                                                                        • Registers COM server for autorun
                                                                                        • Modifies registry class
                                                                                        PID:3624
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMDFFNkJGMC05NzNELTQ0NTEtOTJGMC04RkI0MkMxNzk1MDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MjkwODY4NDYiIGluc3RhbGxfdGltZV9tcz0iMTE4MiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Checks system information in the registry
                                                                                      PID:1852
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F68DF31B-C820-493B-99A4-C74A7AEB0D7A}" /silent
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      PID:436
                                                                                • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe
                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of UnmapMainImage
                                                                                  PID:2816
                                                                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                              1⤵
                                                                                PID:220
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • Modifies data under HKEY_USERS
                                                                                PID:3556
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OTFBNDI2Ni1DNEY5LTRFOEUtOTc1QS04ODJBNTg1NDc0Mzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MzUwNDcxNzUiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  PID:2968
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:1484
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    PID:1236
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff668504b18,0x7ff668504b24,0x7ff668504b30
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:1716
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODVBRkMwMC1BOTE3LTQ3NUMtQkIxNy01ODBFQ0FGRTgwRkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS45MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc0NDc1NzM2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NDQ4Njc0ODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDE0Nzc2ODgzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xOTlkNmIyMi02ZjhlLTQ2MjAtODAyOS1mN2UzYTJhM2ZkZWE_UDE9MTcxODY3MjgwMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hN2t5WEIwZ1l3MXRBRkJTNVlrYWtqMTFqcmlnSElweTltcDB3cUklMmJFd0dYZEl3U281dzUyM05BOHJISXglMmZONmlTZVlhdnhac2Myd1FmR1JjN0h4MXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIGRvd25sb2FkX3RpbWVfbXM9IjIwMzcxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAxNDg1NzI4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMjkzMzcxNTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NzM1NjczNTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MDciIGRvd25sb2FkX3RpbWVfbXM9IjI2OTgwIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0NDIxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  PID:2140
                                                                              • C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe
                                                                                "C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious use of UnmapMainImage
                                                                                PID:3668
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:4812
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                PID:1772

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exe
                                                                                Filesize

                                                                                6.9MB

                                                                                MD5

                                                                                d42926508ba6626be0143a2aa5275ba9

                                                                                SHA1

                                                                                ca2b45426611211dcd47fe66c9255ab81b843943

                                                                                SHA256

                                                                                9595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a

                                                                                SHA512

                                                                                53aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2

                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                Filesize

                                                                                201KB

                                                                                MD5

                                                                                4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                SHA1

                                                                                494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                SHA256

                                                                                87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                SHA512

                                                                                320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                              • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                Filesize

                                                                                5.3MB

                                                                                MD5

                                                                                d6ec3ffe6c3b16f94d459947f56cab5f

                                                                                SHA1

                                                                                f6a05ce1e412ac4273ad362ab9ff8c314bb80747

                                                                                SHA256

                                                                                87eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9

                                                                                SHA512

                                                                                9a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484

                                                                              • C:\Program Files\MsEdgeCrashpad\settings.dat
                                                                                Filesize

                                                                                280B

                                                                                MD5

                                                                                86fd4e8c269df6b0d1104e0668eadae2

                                                                                SHA1

                                                                                fcf7f9289bf151a4ac99f0ca8d9af1170d01b018

                                                                                SHA256

                                                                                e2cc44c9724aaba3e03a8fdeb9af10e4c28e65e79ed81f15a90de3fadd83c07c

                                                                                SHA512

                                                                                99986f5d036133d373218f26a22aab7ff6b616a3e6839b8b0a840426dd42fe9fa05e255b7019d833d300d374f5d1115ef2e3725cd134416eb407cbad83b2d076

                                                                              • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                Filesize

                                                                                88KB

                                                                                MD5

                                                                                c5c924179838003e01ad5c7f4f730b9d

                                                                                SHA1

                                                                                18eb04a048d05bae88fe03eae42adbe5c953ef4f

                                                                                SHA256

                                                                                93c370b788be1619c57e28d80454f89dfe03020e3b31c40055e76fb70835aff8

                                                                                SHA512

                                                                                16dfb2313ce5b5ee62a859653d3581586c983e94d96bce330cd014e5a7210735b891f3bd3dcdc08f2d4c283757188beb36418c797a52a54acc3c9278c7891bf5

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                d0df793c4e281659228b2837846ace2d

                                                                                SHA1

                                                                                ece0a5b1581f86b175ccbc7822483448ec728077

                                                                                SHA256

                                                                                4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9

                                                                                SHA512

                                                                                400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                                                Filesize

                                                                                44KB

                                                                                MD5

                                                                                3eedd3b5538ed7c9bc5b86270e48d608

                                                                                SHA1

                                                                                0f281e898e33f5ce5bd639ab58ecdc7dc5259dcc

                                                                                SHA256

                                                                                ccd68a3536a8dc2555177dbd37f65dde93b8338f01971fde5ccc5f09347d9bca

                                                                                SHA512

                                                                                b1d34094f3ea10ac8a448445c8ad746f754fd3107544ac91cd1a5891b03fb5aa3c8ee5ed6f515f2b15d6baf556c12ce1e29944a775dd99492573e83a8921e7ef

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                53edc02ca5b0a735d6f70d60c6b1b16d

                                                                                SHA1

                                                                                7331326644655c726d72cf310331c3886d7ee136

                                                                                SHA256

                                                                                008df1128d47a52263510cff368c5be47997ce72689da83b20ce72c67dc866ae

                                                                                SHA512

                                                                                07cad14fba9462694fe7acb9d94e816d2fcdd290d3dae8333334f93b3855cb433d6644343c7a3f64773c3ac89788b8aef81b496244508536db17aa79f940d9bf

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
                                                                                Filesize

                                                                                1.0MB

                                                                                MD5

                                                                                55c1dd8240457c56907255cd086a7bf3

                                                                                SHA1

                                                                                4cec7f24361ac554e8a521bb3b067973c68986f0

                                                                                SHA256

                                                                                f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

                                                                                SHA512

                                                                                9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                                                Filesize

                                                                                4.0MB

                                                                                MD5

                                                                                b3208f47b9b645da26c071555b2eae5d

                                                                                SHA1

                                                                                05e1d25754c4c77f56cb824a20013fed486fd21b

                                                                                SHA256

                                                                                bcf262893d1a20e0543a8f91897d23715d6e78c07a02c82eeb7c22e4a1e0b153

                                                                                SHA512

                                                                                e2fe9f6db1f5d46c8626e17fc254809e4a8588348a1eb9eddb8ef1890ddf5096bcfe3d020f0d5de39408a470c7ef9b07ec5530351b8491a89534ea8332922bd4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                                                                Filesize

                                                                                202KB

                                                                                MD5

                                                                                6a16cbefd2e29c459297b7ccc8d366ad

                                                                                SHA1

                                                                                40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

                                                                                SHA256

                                                                                9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

                                                                                SHA512

                                                                                6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                Filesize

                                                                                24KB

                                                                                MD5

                                                                                1fc15b901524b92722f9ff863f892a2b

                                                                                SHA1

                                                                                cfd0a92d2c92614684524739630a35750c0103ec

                                                                                SHA256

                                                                                da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

                                                                                SHA512

                                                                                5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
                                                                                Filesize

                                                                                24KB

                                                                                MD5

                                                                                e3b6738bb9d0911f9f90c60d1d8ab00d

                                                                                SHA1

                                                                                cfc99af0437930ace419f299442f915d028586c4

                                                                                SHA256

                                                                                9d8f9d8a9d19e4663539843a7b1d9c8131cf3209e6b3b070bc70843300e5900f

                                                                                SHA512

                                                                                7b5b09772d42a63a907d9a06f6afba0b69e0a82458a212612fada31d21ef22036d867c9c00cabaddbdbb387920d336bf51ab16ae2ebd725f82bd9f531abd074a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
                                                                                Filesize

                                                                                43KB

                                                                                MD5

                                                                                5e99f5fa54ddede154b3b707f25e30ad

                                                                                SHA1

                                                                                982b7f4b411bd6e079e00e039a2b43915302e35f

                                                                                SHA256

                                                                                f3f789870aa7543f19fc8f82546c84a56593b73200405ee618114b10ed333bb9

                                                                                SHA512

                                                                                1602ef1c0e70eb71fb0f5740b27e8a81943a1d00ff4f2eaf4cc094a2430c43a53b486469b0aae7f60ea53bb6f224ce86215e37a869c57a918afe5f1592a568fd

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
                                                                                Filesize

                                                                                57KB

                                                                                MD5

                                                                                bbc49a399e1dfd7325763cdad8bc0f70

                                                                                SHA1

                                                                                0a63706e3d9e0065ce805c5ae9059a737c5f55e0

                                                                                SHA256

                                                                                c66dacc1368667ed58a01e096d78ce6130b8d03e91d33e34c9f5535396374b44

                                                                                SHA512

                                                                                d7d180c6403e4b4c462e9ad959af8767fdfdb8d89e5a9d76ea7a66b19e65e5eeaaf4f6ed0dc05cbfa0cc2e4cc423bbb575d386fc3b08b8e6ec556339a9ed4dff

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
                                                                                Filesize

                                                                                33KB

                                                                                MD5

                                                                                b3a346859804d8d466aee19475595a01

                                                                                SHA1

                                                                                1e1211e0aa4087ade1797c8c25356e36dd50156e

                                                                                SHA256

                                                                                86a2e32f8e8d9913d9736a720988737ebde11a98366f61535d03ea2541d051e2

                                                                                SHA512

                                                                                1218fb57b2f4138a5935121848fc7cba6b27e216db736fd4ddaf302ce90a190c396708d5ec570790af2c171b31baa7aa49fe2120949f354c3339707a6d3deb4b

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
                                                                                Filesize

                                                                                35KB

                                                                                MD5

                                                                                43c36f673477b4331deb10e5085e85f7

                                                                                SHA1

                                                                                76b4149f14e53abd4a0dc375ae581313569acfd3

                                                                                SHA256

                                                                                01c80838c9a69f86b7f21f096dc3774f045ac0a5308ce1eff541b608db3c6375

                                                                                SHA512

                                                                                289086938109e658a6575c09fe80adff08f68758fef44955e4b5c477d281ea1eefa588da629b4e90a7a5d9111cf9d53ae487fe27255458d8eb478fcd6d6d53a5

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
                                                                                Filesize

                                                                                35KB

                                                                                MD5

                                                                                a81d21a19a84def8fa1677f23e32cf92

                                                                                SHA1

                                                                                8b03d0a32b2acfc0a9f4e59d6d4dcb0a76aa13f7

                                                                                SHA256

                                                                                303a1e1afe228e6ea0ed6434800695f4ffb72116dc4d957bb5806ae0ce3fe446

                                                                                SHA512

                                                                                a60cefc2663a9791f3f410b0b1c7a91e18e36cbcca75902531f55da8289f9052e3d3a516b17a805c21397802be1873f320acfb584442dbf385ddd3f98a389d35

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
                                                                                Filesize

                                                                                34KB

                                                                                MD5

                                                                                211eb522e1bb0d8f41ab7d026fac7f50

                                                                                SHA1

                                                                                ba1c4aed63ad2903b561c149d3e1de84f150ef87

                                                                                SHA256

                                                                                04163201d4ace3396e9a264604d7394bcfb9199c679a21ab28eb23b294c18ef7

                                                                                SHA512

                                                                                c1c075752350bdc8a5c986109f00dea451a0cddacdca71e64c73b1ddd43a1cfc0afbf166e1554818b58fc452edd9b80d2bd813374f3ebd8df251c0b7d678eeeb

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
                                                                                Filesize

                                                                                38KB

                                                                                MD5

                                                                                7b83640b9b17601fa91384c903488b0e

                                                                                SHA1

                                                                                96f03aff69f6dd77d3731f71a73c4b35542cf4f4

                                                                                SHA256

                                                                                47a68818e0bb722ba86007127ae8c8c14258380696757c9fee22278b88c55a23

                                                                                SHA512

                                                                                f33a5fd6eb6c7561c0f7eb314a5bf64e33ed742d43f0fc0f373a5018c760665bbbcf5db670476a2d7fe3656b64c684c2a081f2e1b5b365bebb998b009aa5b855

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                168B

                                                                                MD5

                                                                                5e2a80ee9d22b378ac69157a5a72e6a5

                                                                                SHA1

                                                                                22b496a62a05776e1cda71aaf238eab31f496a07

                                                                                SHA256

                                                                                b17d55ffd0467f48b7c31254735f148a714361b5438d4107c9dcdf39c111f1ab

                                                                                SHA512

                                                                                134020090d97f139e08118f0fd89a13e5533caf791b48c569da3dfd0a91656c132d75e538435e1f79187ffc67c2c3e9bde6d0db403322c060ca3c7e289202ca9

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                168B

                                                                                MD5

                                                                                2ca1fbe9679f97b39c6339b0037cc723

                                                                                SHA1

                                                                                94c6904738564e2dab730721ba88ad4f72844b61

                                                                                SHA256

                                                                                38b2965013c9d90652e8611d448f9358f714499be8585388f64846d048fbdd6e

                                                                                SHA512

                                                                                fded1fb44f1cbbb1686439d03e8dd060e5469025c700f89b9d381da69e9d3bcf67c17dd30728b98eb25fd26f522049abd9e26e593ca3163d3bdb214dfad1350f

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                cbc13b1d5e44e15e6379a3749e4d5c32

                                                                                SHA1

                                                                                e5510276e63c9511a5e60dd0a5052c21931c1980

                                                                                SHA256

                                                                                b2f0631f61f5fbcd99d42ab07d715eb103d31cd9966b84c64b7b43a0c6d99244

                                                                                SHA512

                                                                                d25df547cac6f0cc88e1138835d58d9fad9323cef77f7fd994478b1e396b07287df4fa968891080cbe3edf13c2bc1132b64634b05359057580fa50f003b3032d

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                168B

                                                                                MD5

                                                                                8d9b4efd799b97e7d7fbb09010318413

                                                                                SHA1

                                                                                25e090a590172dd284eeb3954c1d04e08c0e3c93

                                                                                SHA256

                                                                                b16c76ae05701af63f6245864ffb8626f14b144a35e85d83d7d62beaf9d32cd0

                                                                                SHA512

                                                                                08d4598157e9cb50a55388c8b786563754a413adcc0fa0588c5b9acf87a71f0b14fa5ce95ecf7f6513414ae31d50821fd4e7ec9404e7747b53f2ec47427fb5a3

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
                                                                                Filesize

                                                                                152KB

                                                                                MD5

                                                                                52f33e51cf6cf0689e7cf610361a5e0a

                                                                                SHA1

                                                                                8b9f3870ef153f4a0d827639b8a1a73908292cdc

                                                                                SHA256

                                                                                f248d0fff48a1f6c285d47d311a0df3b6146bae82625bd3a169c74de78e854ee

                                                                                SHA512

                                                                                f00cbb23d8a29231e071c8e44716beae66308ab529697d08ed18728d156a2f08d7a9d03bf4dcca15cbfe4e8d2fd79dafd91550a1991d50be17d5fe9129749e53

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                                                                Filesize

                                                                                20KB

                                                                                MD5

                                                                                2e46c951b072088d4217dbee733ceb63

                                                                                SHA1

                                                                                1c9dc00cda65ed9ec61ad81397de6d13055c6206

                                                                                SHA256

                                                                                aff654153608a38ad3923ea3dc997fdecc591cae3ec67a2af7f55e88fc1bd3b3

                                                                                SHA512

                                                                                de11b95173299c96e28db3abef20d3c0b654e0e8117763d1904b9f4d841a35edb7da9bbd1c20085af372a8fe44ec68e1399876d4c297a7e137633b36c10b4f88

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                09cdd6328eabc63ff15796d3678c7a10

                                                                                SHA1

                                                                                4693cbc9cf8365bdd1ad3c6e5fde89fc937b2eb5

                                                                                SHA256

                                                                                098e5cc6eaa8ea33818fa6711f6e2f8c10d2d215aca81770d6ca04e2704b46ba

                                                                                SHA512

                                                                                2d7cd2993d918a5e177fa4b637800d9e0c9f09e46200e1cfbb0fb1bc5344136f8921deb9232ab93b09c5b9f059a8f5fb13450f86cec41fa6663a31b61eb1b817

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                fed61f6b6abae37d01cf56bd02cddbf2

                                                                                SHA1

                                                                                11b1c5092821a7d89dadd76579c918c323eba578

                                                                                SHA256

                                                                                5d4949873cd5e9123b83d57de02c36cf1586ed06ae003089107c8356766d93a4

                                                                                SHA512

                                                                                cedc70afbb5731aaf42c71d8a8aca7db2a523701d9a4dd27202f81f60b84bec83dc49d619a67aa0220072ff2dbad4dd9ac048745655bf0a4eba1f7a466c77174

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                34aa2375d9e5a2a43e286ad8b142e37e

                                                                                SHA1

                                                                                aee00acaef33047f515d48c515985015a0c09f2d

                                                                                SHA256

                                                                                ad3ea68b887799f08e83b678cb5f86b5071052902fb175e5810f2f540ec6fbe8

                                                                                SHA512

                                                                                6dee6ed6f5d49bc79e548b9dcad2b1b2fe7b49b9355f7e1b23879ad616ef677e9642c32fb62948f63f0b52f7df539d9556710b1d8d957482a4a36239797c1ff1

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                d751713988987e9331980363e24189ce

                                                                                SHA1

                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                SHA256

                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                SHA512

                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                689B

                                                                                MD5

                                                                                f31102dd5334e9d5682c64ac56a63a45

                                                                                SHA1

                                                                                d3077d38650b0daf732c9fcfbffd9ad56ed14488

                                                                                SHA256

                                                                                1958b44356facd74314aca533dab1587d5a2ee2b0048adcc0757467481d0050d

                                                                                SHA512

                                                                                96f33b85ef44062f07ccdfe9327648435250904ce332fe190345c9002e107505994b7f11cda5f84cb02c720f3fb67e68f7c9ddd28376a6b6e6761396b91e7182

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                689B

                                                                                MD5

                                                                                bbe440b11d35f762efcaf9ac61c380f0

                                                                                SHA1

                                                                                4d8aef277c5aeab27ead446831aca999acea21ab

                                                                                SHA256

                                                                                75f704b58d57758a556f776c7fdf0ef021b0f4bd9ed2ebac145f1bcd9b3049d7

                                                                                SHA512

                                                                                82796d83421893b518615a79f6569ef99d7155beee50f965e8c35a8d63a8de7389b54aa6bd4721dbed1fc19c851d3d4740ea6feacefc1025562355a1b2fabd29

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                689B

                                                                                MD5

                                                                                6fa2872ef345a916e67d9f9160e10e1c

                                                                                SHA1

                                                                                3e06569a3c9b5f96da297e1951f213b3f9758daa

                                                                                SHA256

                                                                                a60e376d8cdd96418b83d9da7a549380275439c8e4fed9c42aa76101439be428

                                                                                SHA512

                                                                                7b4e09931b2e9c997d114978af5cba54aa484da13c9551bd6974f460221293be1d2e8609e46a8354c5a80d33415f740a63e796628cfed2f0352b31f9b3355287

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                2f91f3fa311d695c33a5a17dfcadb95b

                                                                                SHA1

                                                                                358ea47ead4cde33b6a84c161e30c145c3bb447f

                                                                                SHA256

                                                                                624a36ef2c76469fe0d1ff4698ea340dd17fd92a8c976cc403d037eabb7c15a8

                                                                                SHA512

                                                                                5b257676c61f8f2ed3feb583ad7ac45050bc4439131266551fa5f232fb26b3e027cf6023d6b1a67bda7df7f7f77b921e070e9c856c774d3ac9fef98ed1ffd5ad

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                174633537d11987067c354e2971744d5

                                                                                SHA1

                                                                                7ad451af6807eefd572e3cf3f94a53ac9dfc1dee

                                                                                SHA256

                                                                                28c01a96fa625ff1a480afd2ab8f4da07af7a61d7fa77615c6dc680414be917c

                                                                                SHA512

                                                                                beaca296d20acefed29363b909cf7469829f7e3d578cd55cfdc9bf9a31df1e5c53bbcab3f679abcf14c2fc5eecf946826213de4dd0a0090e9bfdd4b9294d146a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                6d23898e25008a63c2fd1261751c7009

                                                                                SHA1

                                                                                42c89fec5f1c2a3adb511312b365f39720889217

                                                                                SHA256

                                                                                f3af96545ea312ba0e74bb4c7e61cfa6f957c224c28a6812db1c394f1aae4797

                                                                                SHA512

                                                                                5a441cd6ada8039f189d20f45ec87efa89d25bdd363f0add0ccbd6f47797c860b4104bcfeb8b5f3e09f97937f1f09e870c2416d6dafd19d95c996a79c0a3fc6f

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                4181a6b3d15081ebc44b1baaeef01be4

                                                                                SHA1

                                                                                1e3bc3784dc59e2b42b5eb7f2aa8c3bea841aa45

                                                                                SHA256

                                                                                29b85df8e4819352dcf1375917be483fdbbec764e99021dd6cbe48c13cc8fe8a

                                                                                SHA512

                                                                                7e5ae7b9f15ec2a82692ad1c765b77ef470c96a08a61cccedc9f1114de6b2bbb2cb077d27b735e889f12a7c85893de09b05112fffc256d68f713ff58c0d7e31d

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                330f1657117a7d803a76f0e64fda17dd

                                                                                SHA1

                                                                                13e32a559b89be2a74bc5cd80e14af6b15ee7383

                                                                                SHA256

                                                                                5bd02f3e5c6b0b8090877370504920c2c145fcc601a725b266d66c7bcd9215e9

                                                                                SHA512

                                                                                0eed7a38a21c5c3e95d0d055e417970ec46d9ce60e38bcfeabf6591b20807380cddf4212c0efe917589aab656151e10b00e207979e878e8674abba2f1e48b603

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                7b4014d431521e3af64aa1843946b09c

                                                                                SHA1

                                                                                7f3fe89d37748e939c0110ee6560220e80ff33e5

                                                                                SHA256

                                                                                24d74173c1bbcd9fd0cadf68e3ab5c85dc54ab12195255cd74fcc387e694dc53

                                                                                SHA512

                                                                                471eddc55a5d35bf5f52d87a87af4ba3a2573f2add53940e75a747fca84106b94f41e07e41b85612c77b577ccabdd8487650ade88f6304b5516756f88af22269

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                e48d5359c57726054cf6a7d56335ffb5

                                                                                SHA1

                                                                                ca8ae7e9a3d59c77c7c48a35353d765a5cbdff67

                                                                                SHA256

                                                                                c48d420849a4c3ff209365c017cb47549aa3d6de37e1e21a3025c94f53e848db

                                                                                SHA512

                                                                                d97c8fd590425a656399e211cecabe714d9ca4cc1d0ae97ebb7c1d51cf588b93bb5dcc29c41c2a3d132d0cad3e0c6a879b09ef0d4f8a5b740d550bdb68c8bd16

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                50ae16ba8d7e92cc7dd7b5e2744f2dd5

                                                                                SHA1

                                                                                aa572ce2e2944e31fd8d7b3873bff135810f377f

                                                                                SHA256

                                                                                3d3aac9da64619a864c80d58c2f159dc7166fee2c94eb219369477b5881bb094

                                                                                SHA512

                                                                                b20e0b376a81a09017d73e97f792c8befe326bb9e86fdefd87817bf4f9879cb43dcf6b95eef8a7dc8603ff9f505bd48b097b1c5d55337578aa7d4f8713065daf

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                2e5fa4bc4a29611e59c903c67b95f585

                                                                                SHA1

                                                                                af94601175a397bacaf912a11b10d8b6a2234180

                                                                                SHA256

                                                                                c323f7d695218ece960401a37946d11c2201d0ebd1252f9c234868f066be6ac6

                                                                                SHA512

                                                                                c8bb6c67a9df54f45e3e859a980260175e147eda943894254ad1913989cb7f41c118a21b0a347be69ac2f9c1a0e3dee8ef1f2036ab782f03078524280e1ceed8

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                9f5db8860f49a14f86e60658ff9ee7ef

                                                                                SHA1

                                                                                d7aae506a4b2a10077776c32f5bcde4204e03fb3

                                                                                SHA256

                                                                                1a0ac8a7050a7a8243aefaf2b4f687809ba60e253880f5e4171d7eb05476c588

                                                                                SHA512

                                                                                3c6d5217690982e3836c3136989f822ad9366a74a16b26e3276ccfa5cd86ed05498a417f71ba2c43fb2fcc3d3c57c6578d4ba28994d69b8c406575fe9fcfae57

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                4be068866383b407e977074d26160e35

                                                                                SHA1

                                                                                e3c39ee69eaa12b2ee9099535ac8048f552b8028

                                                                                SHA256

                                                                                4564a58829517750274aa4863af19e1a1ce113bc2f56f4cc67bc1a39418c72bb

                                                                                SHA512

                                                                                3abcc3b3beb7d12a22592d424c9a22f0fe812df12c7d0c350efcddc64e4ab7f26b381cdb2b88e5960a0d44d948ff6513ecd37d57e43f6f0574e94f6e84494d8e

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                ffaf1ec6cd0637c33c6d0e1186e0c0fe

                                                                                SHA1

                                                                                cf4183ea02878227762a41f3bafa7e499335da53

                                                                                SHA256

                                                                                bf7735a2fa695ed2ca615b716608a97fcbdcbfbc06e0f0af4d653b13d4c6fe44

                                                                                SHA512

                                                                                453f3494ebf8a0ba143dfc0e5fc47bb5f7285a3efc317099595d8a9561826c0151cb77afe359722db0630df66cbab649b40be31fde76928bdeb3d1ec506bf17f

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                d6b64567b46a981d2c72bd443e256f9f

                                                                                SHA1

                                                                                d9ef8b28b13f39fde5886ccfba05feebe1bf1463

                                                                                SHA256

                                                                                e1e5d3326c520c5a2185ce4175d39bfaceff6f491707ea7ebc8eb48200ccd26a

                                                                                SHA512

                                                                                e72630a29b02fafe481251ca7d0f7f58aa83239714b347a19cfa6fb26bad20fba84da458b4bf679be957185d259d7f27e754949bbd5fa0305703eaed9a5d4a6a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                Filesize

                                                                                56B

                                                                                MD5

                                                                                94275bde03760c160b707ba8806ef545

                                                                                SHA1

                                                                                aad8d87b0796de7baca00ab000b2b12a26427859

                                                                                SHA256

                                                                                c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

                                                                                SHA512

                                                                                2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b3c69.TMP
                                                                                Filesize

                                                                                120B

                                                                                MD5

                                                                                24aa91724f5f406e3581534f1e0f2c6d

                                                                                SHA1

                                                                                05f77cc11f23dd5860c448e09724f876ffc1b4c9

                                                                                SHA256

                                                                                08587de8e931bcb8df8ba66171295cf8f689ba942008377c0fbc7cb68b0dd404

                                                                                SHA512

                                                                                bb5f887e92669a5a66b7b4e9094f0c31eb2bfa3bf66b74b4da92f4c30c0eadb3554a6256a888203d394288a09b7913271166115030940495260afbf9e459a008

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                                Filesize

                                                                                348B

                                                                                MD5

                                                                                c83f6709eab16798c87a1ce41080b0f9

                                                                                SHA1

                                                                                aec29a6b8530f35c1da4bb2d43e547d08bec409a

                                                                                SHA256

                                                                                4fe334a79225de318c8e492e0e9827092b2628dc0b54d91d927ce7bdfd4916ba

                                                                                SHA512

                                                                                c2427e9c137dba70f3ebb2aa4097c41b7a6dbe4088544cda0a05e8592f1d089aa2dc69ddf939d85b8c5464d20d669ffa30e2c2efc44d3a61a4cc14650a9aa0f4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                                Filesize

                                                                                324B

                                                                                MD5

                                                                                d661e15e428e80c45aae7c0f472b1998

                                                                                SHA1

                                                                                771b5b36a95017e935e3a86d6dae62bda97d4794

                                                                                SHA256

                                                                                3b4a5ca18fe7c414d24940c276d578e1a7f821d22bcae9ca66f9e4a851fe480a

                                                                                SHA512

                                                                                172ad0e361d7081839a046a951309b31c11601c05648c5a684450bc2dd10f466a36275b61d9e4d083ffbcb27e460d4521cb9e19a9c25f857afa748e1a3736b8a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
                                                                                Filesize

                                                                                128KB

                                                                                MD5

                                                                                1e08f3b7c8591208c309311d4df12d45

                                                                                SHA1

                                                                                2cdeffe954c12666ae8f103ff1c79ec97c678853

                                                                                SHA256

                                                                                1de398df8d707cd36d3c6e2287237c4d5595d232d3d85533cf08e18fa07a1106

                                                                                SHA512

                                                                                b7b4fe99bb62508b9642132317cf404ba2e76e5341c9a780a255c20923cdfb86007936b464c81ebc1af1212fb7f3ce837c8c1ca096a4210181f29b1e1a2b46f5

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                Filesize

                                                                                14B

                                                                                MD5

                                                                                009b9a2ee7afbf6dd0b9617fc8f8ecba

                                                                                SHA1

                                                                                c97ed0652e731fc412e3b7bdfca2994b7cc206a7

                                                                                SHA256

                                                                                de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

                                                                                SHA512

                                                                                6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                130KB

                                                                                MD5

                                                                                0ff432ea812156dbb0a939383b8591d6

                                                                                SHA1

                                                                                e732ceef2f9f1a420013225d2a223f508db6c927

                                                                                SHA256

                                                                                967c09b9ed5b5d66cd0c17df1c071a6604ef3d085f355a44e244f01ccf297c7b

                                                                                SHA512

                                                                                c3da8509a9e697e9f419887fc3e29e3f7330227c9cde9ba1800d6178acd9a4c9b22de5c800917b24b215ec96780562d86f63f837cc670d55bb1990882bb29ef6

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                263KB

                                                                                MD5

                                                                                4e03f9b53c4e81c62b6dd61b11aa9d9c

                                                                                SHA1

                                                                                f143665ec29503e06d090760838efd099db7b4e7

                                                                                SHA256

                                                                                77fd58c2d3b75be389ea3437cbe8168331573c649e4959308dfa957cb39cbe65

                                                                                SHA512

                                                                                1f712b9cb70a468c5785922484c4f3c4adbf91b9e75dcb8e1a335d1400a52cb5fbb19881d1067dbde7aa84b1b4fc7e965fed2bb24230f4991596dae1e39c22d3

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                130KB

                                                                                MD5

                                                                                47d4b33320084fb9ef739510dc347716

                                                                                SHA1

                                                                                8cd6ce284fafd0f4328e58f225aa3dbc2f1f1a08

                                                                                SHA256

                                                                                909682b6db22b6a68d7bbc97f31491b6a97b5fe1ed1c6c5797fd016f3ddaa2a8

                                                                                SHA512

                                                                                b58b60cf0e4e0995ec186e872fd65de26c4541863f6e0d1256913feab89692ff5e6e2ff7c31c62650a537cccec31084ae3c4ea51ab8fff9ab93ef8e846a896b5

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                263KB

                                                                                MD5

                                                                                681c94ec8518645b76816cb741d1a47f

                                                                                SHA1

                                                                                7e45bb9b000c0230443e831e402b3daff10e8cbe

                                                                                SHA256

                                                                                f16a8a9d81359971f48deb0df20af616d6b57f191a0ad684ce52ce66644c5015

                                                                                SHA512

                                                                                03374ef282f497971a4a75974d3571f6634906a3b022dadd484dc52f8226f096be898a5211469bb21911c7dc5ef1fc6b39bcc8eb890d205de1ee1e33f7c49156

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                Filesize

                                                                                99KB

                                                                                MD5

                                                                                32abc5578c6806c888625f297a9a011a

                                                                                SHA1

                                                                                07b0bb906cc28d79ee11d1957555ee0cdb2c281a

                                                                                SHA256

                                                                                fd5482cfdd1ad68c5edc2d45e837dba978faac2bdf6fd07768ee6a4ccf4d0970

                                                                                SHA512

                                                                                8ea636072154779856b777b90c234c7f39c19e95ec6fca30da1fdd5adf992b031dbf89844d5068e62811630cf3bb18094549d1afbb05bf3232ba0baeff401778

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                Filesize

                                                                                104KB

                                                                                MD5

                                                                                4170540f70fc82c0e771ceace9ef65ba

                                                                                SHA1

                                                                                e012836d70fec6d5b27f20b5691a993253d3b5a2

                                                                                SHA256

                                                                                38ef182f19ce35b4f99ca7855ede38d87006b6c0b16f5e93aa6a9ec8c0bc20df

                                                                                SHA512

                                                                                e7b260849da072bf282719822a73611e0ef9b3b8c5b77957136fe5111d941adf36a83b600213382538770a93a0d142f8aee9be9f4bc914e82a7eefc9fabcd0db

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                3fabe1cca558cd14c1867ec4cef3b140

                                                                                SHA1

                                                                                4dc3202bf955041b4e33760f63e66c651c823aee

                                                                                SHA256

                                                                                427a1bb28f052d2b4602a79e23d32e7d32b08291d46820e722eb8617c4a56e79

                                                                                SHA512

                                                                                21d337f33485655e6a3c8dbd3daeaa22dbc4d336433f1d11710c69a318282b6a2e27d75f308f3b22dd274c354b31c5093ace38dab9e853070b32282c53649431

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                                                Filesize

                                                                                86B

                                                                                MD5

                                                                                961e3604f228b0d10541ebf921500c86

                                                                                SHA1

                                                                                6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                SHA256

                                                                                f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                SHA512

                                                                                535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.log
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                d76ce66bbfab518b30bcb3a830f64c43

                                                                                SHA1

                                                                                1b9b1bffa29afff9168964ea3ffdc7fbca1edd1d

                                                                                SHA256

                                                                                8b07738c3c9471baeb55c105c2b8a89af24192952930fe0335d939ec95d6db3e

                                                                                SHA512

                                                                                7edcc8e20a4fcce906ae2958594a7813b574cde139a37f4da1ee94fc2c81b9d32df63b9f73c1446bc4fb2cefea9069e6e3ff536305145844fac22214e9a0453c

                                                                              • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d711fadf1919a05ac8eccb48c397156c
                                                                                Filesize

                                                                                5.8MB

                                                                                MD5

                                                                                d711fadf1919a05ac8eccb48c397156c

                                                                                SHA1

                                                                                d316ed33dda1b7170d56e086e53d280854f301ec

                                                                                SHA256

                                                                                b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834

                                                                                SHA512

                                                                                dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll
                                                                                Filesize

                                                                                488KB

                                                                                MD5

                                                                                851fee9a41856b588847cf8272645f58

                                                                                SHA1

                                                                                ee185a1ff257c86eb19d30a191bf0695d5ac72a1

                                                                                SHA256

                                                                                5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

                                                                                SHA512

                                                                                cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
                                                                                Filesize

                                                                                43KB

                                                                                MD5

                                                                                34ec990ed346ec6a4f14841b12280c20

                                                                                SHA1

                                                                                6587164274a1ae7f47bdb9d71d066b83241576f0

                                                                                SHA256

                                                                                1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

                                                                                SHA512

                                                                                b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
                                                                                Filesize

                                                                                139B

                                                                                MD5

                                                                                d0104f79f0b4f03bbcd3b287fa04cf8c

                                                                                SHA1

                                                                                54f9d7adf8943cb07f821435bb269eb4ba40ccc2

                                                                                SHA256

                                                                                997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

                                                                                SHA512

                                                                                daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc
                                                                                Filesize

                                                                                43B

                                                                                MD5

                                                                                c28b0fe9be6e306cc2ad30fe00e3db10

                                                                                SHA1

                                                                                af79c81bd61c9a937fca18425dd84cdf8317c8b9

                                                                                SHA256

                                                                                0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

                                                                                SHA512

                                                                                e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
                                                                                Filesize

                                                                                216B

                                                                                MD5

                                                                                c2ab942102236f987048d0d84d73d960

                                                                                SHA1

                                                                                95462172699187ac02eaec6074024b26e6d71cff

                                                                                SHA256

                                                                                948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

                                                                                SHA512

                                                                                e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                13babc4f212ce635d68da544339c962b

                                                                                SHA1

                                                                                4881ad2ec8eb2470a7049421047c6d076f48f1de

                                                                                SHA256

                                                                                bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

                                                                                SHA512

                                                                                40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll
                                                                                Filesize

                                                                                695KB

                                                                                MD5

                                                                                195ffb7167db3219b217c4fd439eedd6

                                                                                SHA1

                                                                                1e76e6099570ede620b76ed47cf8d03a936d49f8

                                                                                SHA256

                                                                                e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                                                                SHA512

                                                                                56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll
                                                                                Filesize

                                                                                99KB

                                                                                MD5

                                                                                7a2b8cfcd543f6e4ebca43162b67d610

                                                                                SHA1

                                                                                c1c45a326249bf0ccd2be2fbd412f1a62fb67024

                                                                                SHA256

                                                                                7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

                                                                                SHA512

                                                                                e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll
                                                                                Filesize

                                                                                133KB

                                                                                MD5

                                                                                a0bd0d1a66e7c7f1d97aedecdafb933f

                                                                                SHA1

                                                                                dd109ac34beb8289030e4ec0a026297b793f64a3

                                                                                SHA256

                                                                                79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

                                                                                SHA512

                                                                                2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll
                                                                                Filesize

                                                                                5.2MB

                                                                                MD5

                                                                                aead90ab96e2853f59be27c4ec1e4853

                                                                                SHA1

                                                                                43cdedde26488d3209e17efff9a51e1f944eb35f

                                                                                SHA256

                                                                                46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

                                                                                SHA512

                                                                                f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt
                                                                                Filesize

                                                                                48B

                                                                                MD5

                                                                                be2a7d7f566380c227aee6c9352ba882

                                                                                SHA1

                                                                                b8b1236b1ce17f295b2780622cad96f4a1694b46

                                                                                SHA256

                                                                                fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6

                                                                                SHA512

                                                                                771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\version.txt
                                                                                Filesize

                                                                                4B

                                                                                MD5

                                                                                4de75b5a999e9b1724852304ef16ed2e

                                                                                SHA1

                                                                                399b71c8641cfd5cf6a3f4008386df2887e29ceb

                                                                                SHA256

                                                                                1934821343f916f643d45d73f68723602c7da45e2599781b740903d4cfa4746e

                                                                                SHA512

                                                                                6eeb1c478d442dae79a85a978743a68c055a91108aa8bbeb1eb82154cfa40433b1d24e89c639ca879f2b2b4d1dfd1578d2cd7a16f7553d9c146f70bba00b8a7b

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
                                                                                Filesize

                                                                                5.9MB

                                                                                MD5

                                                                                987175c463ec9a5e76bab033cea9d859

                                                                                SHA1

                                                                                ceed36975f4583a34c26150e045a97f5f019e769

                                                                                SHA256

                                                                                24fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c

                                                                                SHA512

                                                                                9851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
                                                                                Filesize

                                                                                85KB

                                                                                MD5

                                                                                f8f4522d11178a26e97e2046f249dfa7

                                                                                SHA1

                                                                                8b591d9a37716e235260fb6b3f601e4ccbebf15d

                                                                                SHA256

                                                                                3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0

                                                                                SHA512

                                                                                52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll
                                                                                Filesize

                                                                                522KB

                                                                                MD5

                                                                                e31f5136d91bad0fcbce053aac798a30

                                                                                SHA1

                                                                                ee785d2546aec4803bcae08cdebfd5d168c42337

                                                                                SHA256

                                                                                ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

                                                                                SHA512

                                                                                a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

                                                                              • C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll
                                                                                Filesize

                                                                                113KB

                                                                                MD5

                                                                                75365924730b0b2c1a6ee9028ef07685

                                                                                SHA1

                                                                                a10687c37deb2ce5422140b541a64ac15534250f

                                                                                SHA256

                                                                                945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

                                                                                SHA512

                                                                                c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 693054.crdownload
                                                                                Filesize

                                                                                5.4MB

                                                                                MD5

                                                                                84e67989f7ccd11c2b7db38f3d3443b8

                                                                                SHA1

                                                                                c3e821de715aa7508b3273de16c9156014d81922

                                                                                SHA256

                                                                                5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c

                                                                                SHA512

                                                                                d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99

                                                                              • \??\pipe\crashpad_2452_YSYVOGCQPHSGMJOX
                                                                                MD5

                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                SHA1

                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                SHA256

                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                SHA512

                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                              • memory/544-2870-0x0000000073D00000-0x0000000073F10000-memory.dmp
                                                                                Filesize

                                                                                2.1MB

                                                                              • memory/544-2869-0x0000000000C80000-0x0000000000CB5000-memory.dmp
                                                                                Filesize

                                                                                212KB

                                                                              • memory/1416-1833-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1849-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1847-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1845-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1843-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1842-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1840-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1838-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1836-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1837-0x00007FFE24F40000-0x00007FFE24F64000-memory.dmp
                                                                                Filesize

                                                                                144KB

                                                                              • memory/1416-1832-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1834-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1831-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1886-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-1939-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2101-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2471-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2505-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-3117-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2867-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2854-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2709-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2564-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/1416-2550-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1597-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmp
                                                                                Filesize

                                                                                8KB

                                                                              • memory/3088-1665-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1622-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1620-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1598-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1649-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1562-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1551-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1552-0x00007FFE0C760000-0x00007FFE0C784000-memory.dmp
                                                                                Filesize

                                                                                144KB

                                                                              • memory/3088-1549-0x000001C856F50000-0x000001C856F88000-memory.dmp
                                                                                Filesize

                                                                                224KB

                                                                              • memory/3088-1550-0x000001C856F10000-0x000001C856F1E000-memory.dmp
                                                                                Filesize

                                                                                56KB

                                                                              • memory/3088-1548-0x000001C852680000-0x000001C852688000-memory.dmp
                                                                                Filesize

                                                                                32KB

                                                                              • memory/3088-1545-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1544-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1546-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1653-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1543-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1645-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1532-0x000001C8398D0000-0x000001C8398DE000-memory.dmp
                                                                                Filesize

                                                                                56KB

                                                                              • memory/3088-1530-0x000001C852290000-0x000001C85230E000-memory.dmp
                                                                                Filesize

                                                                                504KB

                                                                              • memory/3088-1528-0x000001C852350000-0x000001C85240A000-memory.dmp
                                                                                Filesize

                                                                                744KB

                                                                              • memory/3088-1527-0x000001C8526E0000-0x000001C852C1C000-memory.dmp
                                                                                Filesize

                                                                                5.2MB

                                                                              • memory/3088-1525-0x000001C837B90000-0x000001C837BAA000-memory.dmp
                                                                                Filesize

                                                                                104KB

                                                                              • memory/3088-1669-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1696-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1523-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmp
                                                                                Filesize

                                                                                8KB

                                                                              • memory/3088-1690-0x0000000180000000-0x0000000180E54000-memory.dmp
                                                                                Filesize

                                                                                14.3MB

                                                                              • memory/3088-1693-0x000001C857B10000-0x000001C857BC2000-memory.dmp
                                                                                Filesize

                                                                                712KB

                                                                              • memory/4996-55-0x0000000075390000-0x0000000075B40000-memory.dmp
                                                                                Filesize

                                                                                7.7MB

                                                                              • memory/4996-54-0x0000000002580000-0x000000000258A000-memory.dmp
                                                                                Filesize

                                                                                40KB

                                                                              • memory/4996-57-0x0000000005660000-0x0000000005672000-memory.dmp
                                                                                Filesize

                                                                                72KB

                                                                              • memory/4996-53-0x00000000001A0000-0x00000000001AA000-memory.dmp
                                                                                Filesize

                                                                                40KB

                                                                              • memory/4996-52-0x000000007539E000-0x000000007539F000-memory.dmp
                                                                                Filesize

                                                                                4KB

                                                                              • memory/4996-1524-0x0000000075390000-0x0000000075B40000-memory.dmp
                                                                                Filesize

                                                                                7.7MB