Malware Analysis Report

2024-10-10 08:08

Sample ID 240611-bc6a6sxfqf
Target https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip
Tags
discovery evasion persistence themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets file execution options in registry

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Themida packer

Registers COM server for autorun

Loads dropped DLL

Checks BIOS information in registry

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:00

Reported

2024-06-11 01:31

Platform

win10v2004-20240426-en

Max time kernel

1800s

Max time network

1798s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\VirtualCursor\cursorDefault.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\ic-bc.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\CollisionGroupsEditor\rename.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\FaceControlsEditor\checkbox_unchecked.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\ButtonRightDown.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\msedgeupdateres_uk.dll C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\as.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\icon_friendrequestrecieved-16.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Keyboard\close_button_icon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\background.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ViewSelector\right_hover.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\or.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\icon_add.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ManageCollaborators\closeWidget_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainEditor\trianglesmallinverted.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\advClosed-hand.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\ExpandArrowSheet.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Emotes\TenFoot\SegmentedCircle.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\ButtonY.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_20.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar [email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\models\ViewSelector\Corner.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DeveloperFramework\Votes\rating_up_green.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\graphic\Auth\gradient_bg.jpg C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChatV2\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\hr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\clb_robux_20.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\dialog_green.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundLightTheme.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Settings\Slider\SelectedBarLeft.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\es.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\Discord_large.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TerrainEditor\volcano.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\icon_showmore.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\PublishPlaceAs\navigation_pushBack.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\RoactStudioWidgets\slider_bar_light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_key_border.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\fonts\Oswald-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\TagEditor\famfamfam.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\DevConsole\Info.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\sky\indoor512_rt.tex C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Settings\MenuBarIcons\GameSettingsTab.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Trust Protection Lists\Mu\CompatExceptions C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Trust Protection Lists\Mu\TransparentAdvertisers C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\models\MaterialManager\smooth_material_model.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\PlatformContent\pc\textures\wangIndex.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\PerformanceStats\TargetLine.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\AnimationEditor\img_eventGroupMarker_border.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\content\textures\ui\Controls\xboxB.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\Locales\nn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625412874595189" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2452 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2452 wrote to memory of 4576 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/quivings/Solara/raw/main/Files/SolaraB.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4280 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1868,i,15774972159347748676,7645346286627329412,131072 /prefetch:2

C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\Downloads\SolaraB\SolaraB\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1ce8ab58,0x7ffe1ce8ab68,0x7ffe1ce8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5028 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4968 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5104 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4792 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4764 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1924,i,14292444592832875380,4575311064302070082,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU167D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMDFFNkJGMC05NzNELTQ0NTEtOTJGMC04RkI0MkMxNzk1MDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MjkwODY4NDYiIGluc3RhbGxfdGltZV9tcz0iMTE4MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F68DF31B-C820-493B-99A4-C74A7AEB0D7A}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OTFBNDI2Ni1DNEY5LTRFOEUtOTc1QS04ODJBNTg1NDc0Mzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MzUwNDcxNzUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\MicrosoftEdge_X64_125.0.2535.92.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66F0BBDA-83E4-48C5-B030-8B25B98B67E0}\EDGEMITMP_708F9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff668504b18,0x7ff668504b24,0x7ff668504b30

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjY4REYzMUItQzgyMC00OTNCLTk5QTQtQzc0QTdBRUIwRDdBfSIgdXNlcmlkPSJ7RTgwNTU5MzktNjM3MS00RTU1LTg5RTItQ0FFNkM2NTFFMTNDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODVBRkMwMC1BOTE3LTQ3NUMtQkIxNy01ODBFQ0FGRTgwRkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS45MiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc0NDc1NzM2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NDQ4Njc0ODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDE0Nzc2ODgzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xOTlkNmIyMi02ZjhlLTQ2MjAtODAyOS1mN2UzYTJhM2ZkZWE_UDE9MTcxODY3MjgwMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1hN2t5WEIwZ1l3MXRBRkJTNVlrYWtqMTFqcmlnSElweTltcDB3cUklMmJFd0dYZEl3U281dzUyM05BOHJISXglMmZONmlTZVlhdnhac2Myd1FmR1JjN0h4MXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIGRvd25sb2FkX3RpbWVfbXM9IjIwMzcxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAxNDg1NzI4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMjkzMzcxNTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NzM1NjczNTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MDciIGRvd25sb2FkX3RpbWVfbXM9IjI2OTgwIiBkb3dubG9hZGVkPSIxNzM4MTA3NTIiIHRvdGFsPSIxNzM4MTA3NTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0NDIxIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-2f99b302154c4478\RobloxPlayerBeta.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54030 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:54335 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
DE 128.116.123.3:443 www.roblox.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
DE 128.116.123.3:443 ncs.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 3.162.38.51:443 static.rbxcdn.com tcp
FR 3.162.38.51:443 static.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
DE 128.116.123.3:443 ncs.roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
FR 52.222.201.77:443 css.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 apis.roblox.com udp
DE 128.116.123.3:443 apis.roblox.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 77.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 51.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 114.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
DE 128.116.123.3:443 apis.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.213.22:443 i.ytimg.com udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 2.17.107.249:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 249.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 setup.rbxcdn.com udp
FR 3.162.38.106:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 106.38.162.3.in-addr.arpa udp
N/A 127.0.0.1:55084 tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
DE 128.116.123.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
DE 128.116.123.3:443 ecsv2.roblox.com tcp
GB 23.208.251.114:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
FR 3.162.38.38:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:55119 tcp
US 8.8.8.8:53 114.251.208.23.in-addr.arpa udp
US 8.8.8.8:53 38.38.162.3.in-addr.arpa udp
N/A 127.0.0.1:55122 tcp
N/A 127.0.0.1:55126 tcp
FR 3.162.38.38:443 setup.rbxcdn.com tcp
FR 3.162.38.38:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 13.95.26.4:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 4.26.95.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp

Files

\??\pipe\crashpad_2452_YSYVOGCQPHSGMJOX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0ff432ea812156dbb0a939383b8591d6
SHA1 e732ceef2f9f1a420013225d2a223f508db6c927
SHA256 967c09b9ed5b5d66cd0c17df1c071a6604ef3d085f355a44e244f01ccf297c7b
SHA512 c3da8509a9e697e9f419887fc3e29e3f7330227c9cde9ba1800d6178acd9a4c9b22de5c800917b24b215ec96780562d86f63f837cc670d55bb1990882bb29ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 330f1657117a7d803a76f0e64fda17dd
SHA1 13e32a559b89be2a74bc5cd80e14af6b15ee7383
SHA256 5bd02f3e5c6b0b8090877370504920c2c145fcc601a725b266d66c7bcd9215e9
SHA512 0eed7a38a21c5c3e95d0d055e417970ec46d9ce60e38bcfeabf6591b20807380cddf4212c0efe917589aab656151e10b00e207979e878e8674abba2f1e48b603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f31102dd5334e9d5682c64ac56a63a45
SHA1 d3077d38650b0daf732c9fcfbffd9ad56ed14488
SHA256 1958b44356facd74314aca533dab1587d5a2ee2b0048adcc0757467481d0050d
SHA512 96f33b85ef44062f07ccdfe9327648435250904ce332fe190345c9002e107505994b7f11cda5f84cb02c720f3fb67e68f7c9ddd28376a6b6e6761396b91e7182

memory/4996-52-0x000000007539E000-0x000000007539F000-memory.dmp

memory/4996-53-0x00000000001A0000-0x00000000001AA000-memory.dmp

memory/4996-54-0x0000000002580000-0x000000000258A000-memory.dmp

memory/4996-55-0x0000000075390000-0x0000000075B40000-memory.dmp

memory/4996-57-0x0000000005660000-0x0000000005672000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc

MD5 d0104f79f0b4f03bbcd3b287fa04cf8c
SHA1 54f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512 daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc

MD5 c2ab942102236f987048d0d84d73d960
SHA1 95462172699187ac02eaec6074024b26e6d71cff
SHA256 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512 e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrc

MD5 c28b0fe9be6e306cc2ad30fe00e3db10
SHA1 af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA256 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512 e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE

MD5 13babc4f212ce635d68da544339c962b
SHA1 4881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256 bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA512 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe

MD5 f8f4522d11178a26e97e2046f249dfa7
SHA1 8b591d9a37716e235260fb6b3f601e4ccbebf15d
SHA256 3c372a8919c28dc76414b2f30da423c3e1018b1a8444527949ce20cc3fc93ed0
SHA512 52ea881cad501cf1d5e8ac47355e862ac1bd39cb6e1ff3d362d392b6f2d676e74878832505d17a552aaa3bc8f3977da11fa3f9903722eedd23716fb46ddb7492

memory/3088-1523-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmp

memory/4996-1524-0x0000000075390000-0x0000000075B40000-memory.dmp

memory/3088-1525-0x000001C837B90000-0x000001C837BAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dll

MD5 aead90ab96e2853f59be27c4ec1e4853
SHA1 43cdedde26488d3209e17efff9a51e1f944eb35f
SHA256 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512 f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

memory/3088-1527-0x000001C8526E0000-0x000001C852C1C000-memory.dmp

memory/3088-1528-0x000001C852350000-0x000001C85240A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll

MD5 851fee9a41856b588847cf8272645f58
SHA1 ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA256 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512 cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

memory/3088-1530-0x000001C852290000-0x000001C85230E000-memory.dmp

memory/3088-1532-0x000001C8398D0000-0x000001C8398DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll

MD5 34ec990ed346ec6a4f14841b12280c20
SHA1 6587164274a1ae7f47bdb9d71d066b83241576f0
SHA256 1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512 b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dll

MD5 a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1 dd109ac34beb8289030e4ec0a026297b793f64a3
SHA256 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA512 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dll

MD5 987175c463ec9a5e76bab033cea9d859
SHA1 ceed36975f4583a34c26150e045a97f5f019e769
SHA256 24fca8dd76effd975d230f55eb107e1be6c03d658410274fe6340a2b3ec9075c
SHA512 9851d254fef3fdfcd7b188893a9a547ed3f08eee82a72c273f13beb7d075beecd32e3c5c51f9e3135d7060fca71a2bf79dbdbb1a136549a9e408a6214feaa000

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\VCRUNTIME140.dll

MD5 7a2b8cfcd543f6e4ebca43162b67d610
SHA1 c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA256 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512 e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dll

MD5 75365924730b0b2c1a6ee9028ef07685
SHA1 a10687c37deb2ce5422140b541a64ac15534250f
SHA256 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512 c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

memory/3088-1543-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dll

MD5 e31f5136d91bad0fcbce053aac798a30
SHA1 ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256 ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512 a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

memory/3088-1546-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1544-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1545-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1548-0x000001C852680000-0x000001C852688000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txt

MD5 be2a7d7f566380c227aee6c9352ba882
SHA1 b8b1236b1ce17f295b2780622cad96f4a1694b46
SHA256 fa95da2b65d081614dc31c4ec93f5443a42fca6f0fec3552d341b7588cd0a0e6
SHA512 771cacef95bf3f9564fa59f72654e269b280b08ed388910c60d911a5a265c3ccdadb75060e502981301c38041eb25d7097731901aa431822f47208d10a73c67b

memory/3088-1550-0x000001C856F10000-0x000001C856F1E000-memory.dmp

memory/3088-1549-0x000001C856F50000-0x000001C856F88000-memory.dmp

memory/3088-1552-0x00007FFE0C760000-0x00007FFE0C784000-memory.dmp

memory/3088-1551-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1562-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 6a16cbefd2e29c459297b7ccc8d366ad
SHA1 40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA256 9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA512 6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

memory/3088-1597-0x00007FFE09A93000-0x00007FFE09A95000-memory.dmp

memory/3088-1598-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6fa2872ef345a916e67d9f9160e10e1c
SHA1 3e06569a3c9b5f96da297e1951f213b3f9758daa
SHA256 a60e376d8cdd96418b83d9da7a549380275439c8e4fed9c42aa76101439be428
SHA512 7b4e09931b2e9c997d114978af5cba54aa484da13c9551bd6974f460221293be1d2e8609e46a8354c5a80d33415f740a63e796628cfed2f0352b31f9b3355287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e48d5359c57726054cf6a7d56335ffb5
SHA1 ca8ae7e9a3d59c77c7c48a35353d765a5cbdff67
SHA256 c48d420849a4c3ff209365c017cb47549aa3d6de37e1e21a3025c94f53e848db
SHA512 d97c8fd590425a656399e211cecabe714d9ca4cc1d0ae97ebb7c1d51cf588b93bb5dcc29c41c2a3d132d0cad3e0c6a879b09ef0d4f8a5b740d550bdb68c8bd16

memory/3088-1620-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1622-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ca1fbe9679f97b39c6339b0037cc723
SHA1 94c6904738564e2dab730721ba88ad4f72844b61
SHA256 38b2965013c9d90652e8611d448f9358f714499be8585388f64846d048fbdd6e
SHA512 fded1fb44f1cbbb1686439d03e8dd060e5469025c700f89b9d381da69e9d3bcf67c17dd30728b98eb25fd26f522049abd9e26e593ca3163d3bdb214dfad1350f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fed61f6b6abae37d01cf56bd02cddbf2
SHA1 11b1c5092821a7d89dadd76579c918c323eba578
SHA256 5d4949873cd5e9123b83d57de02c36cf1586ed06ae003089107c8356766d93a4
SHA512 cedc70afbb5731aaf42c71d8a8aca7db2a523701d9a4dd27202f81f60b84bec83dc49d619a67aa0220072ff2dbad4dd9ac048745655bf0a4eba1f7a466c77174

memory/3088-1645-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1649-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1653-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1665-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/3088-1669-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e2a80ee9d22b378ac69157a5a72e6a5
SHA1 22b496a62a05776e1cda71aaf238eab31f496a07
SHA256 b17d55ffd0467f48b7c31254735f148a714361b5438d4107c9dcdf39c111f1ab
SHA512 134020090d97f139e08118f0fd89a13e5533caf791b48c569da3dfd0a91656c132d75e538435e1f79187ffc67c2c3e9bde6d0db403322c060ca3c7e289202ca9

memory/3088-1690-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/3088-1693-0x000001C857B10000-0x000001C857BC2000-memory.dmp

memory/3088-1696-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 47d4b33320084fb9ef739510dc347716
SHA1 8cd6ce284fafd0f4328e58f225aa3dbc2f1f1a08
SHA256 909682b6db22b6a68d7bbc97f31491b6a97b5fe1ed1c6c5797fd016f3ddaa2a8
SHA512 b58b60cf0e4e0995ec186e872fd65de26c4541863f6e0d1256913feab89692ff5e6e2ff7c31c62650a537cccec31084ae3c4ea51ab8fff9ab93ef8e846a896b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d9b4efd799b97e7d7fbb09010318413
SHA1 25e090a590172dd284eeb3954c1d04e08c0e3c93
SHA256 b16c76ae05701af63f6245864ffb8626f14b144a35e85d83d7d62beaf9d32cd0
SHA512 08d4598157e9cb50a55388c8b786563754a413adcc0fa0588c5b9acf87a71f0b14fa5ce95ecf7f6513414ae31d50821fd4e7ec9404e7747b53f2ec47427fb5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b4014d431521e3af64aa1843946b09c
SHA1 7f3fe89d37748e939c0110ee6560220e80ff33e5
SHA256 24d74173c1bbcd9fd0cadf68e3ab5c85dc54ab12195255cd74fcc387e694dc53
SHA512 471eddc55a5d35bf5f52d87a87af4ba3a2573f2add53940e75a747fca84106b94f41e07e41b85612c77b577ccabdd8487650ade88f6304b5516756f88af22269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09cdd6328eabc63ff15796d3678c7a10
SHA1 4693cbc9cf8365bdd1ad3c6e5fde89fc937b2eb5
SHA256 098e5cc6eaa8ea33818fa6711f6e2f8c10d2d215aca81770d6ca04e2704b46ba
SHA512 2d7cd2993d918a5e177fa4b637800d9e0c9f09e46200e1cfbb0fb1bc5344136f8921deb9232ab93b09c5b9f059a8f5fb13450f86cec41fa6663a31b61eb1b817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 3fabe1cca558cd14c1867ec4cef3b140
SHA1 4dc3202bf955041b4e33760f63e66c651c823aee
SHA256 427a1bb28f052d2b4602a79e23d32e7d32b08291d46820e722eb8617c4a56e79
SHA512 21d337f33485655e6a3c8dbd3daeaa22dbc4d336433f1d11710c69a318282b6a2e27d75f308f3b22dd274c354b31c5093ace38dab9e853070b32282c53649431

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.log

MD5 d76ce66bbfab518b30bcb3a830f64c43
SHA1 1b9b1bffa29afff9168964ea3ffdc7fbca1edd1d
SHA256 8b07738c3c9471baeb55c105c2b8a89af24192952930fe0335d939ec95d6db3e
SHA512 7edcc8e20a4fcce906ae2958594a7813b574cde139a37f4da1ee94fc2c81b9d32df63b9f73c1446bc4fb2cefea9069e6e3ff536305145844fac22214e9a0453c

C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\version.txt

MD5 4de75b5a999e9b1724852304ef16ed2e
SHA1 399b71c8641cfd5cf6a3f4008386df2887e29ceb
SHA256 1934821343f916f643d45d73f68723602c7da45e2599781b740903d4cfa4746e
SHA512 6eeb1c478d442dae79a85a978743a68c055a91108aa8bbeb1eb82154cfa40433b1d24e89c639ca879f2b2b4d1dfd1578d2cd7a16f7553d9c146f70bba00b8a7b

memory/1416-1831-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1834-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1832-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1833-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1837-0x00007FFE24F40000-0x00007FFE24F64000-memory.dmp

memory/1416-1836-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1838-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1840-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1842-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1843-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1845-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1847-0x0000000180000000-0x0000000180E54000-memory.dmp

memory/1416-1849-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d0df793c4e281659228b2837846ace2d
SHA1 ece0a5b1581f86b175ccbc7822483448ec728077
SHA256 4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9
SHA512 400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 c83f6709eab16798c87a1ce41080b0f9
SHA1 aec29a6b8530f35c1da4bb2d43e547d08bec409a
SHA256 4fe334a79225de318c8e492e0e9827092b2628dc0b54d91d927ce7bdfd4916ba
SHA512 c2427e9c137dba70f3ebb2aa4097c41b7a6dbe4088544cda0a05e8592f1d089aa2dc69ddf939d85b8c5464d20d669ffa30e2c2efc44d3a61a4cc14650a9aa0f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 1e08f3b7c8591208c309311d4df12d45
SHA1 2cdeffe954c12666ae8f103ff1c79ec97c678853
SHA256 1de398df8d707cd36d3c6e2287237c4d5595d232d3d85533cf08e18fa07a1106
SHA512 b7b4fe99bb62508b9642132317cf404ba2e76e5341c9a780a255c20923cdfb86007936b464c81ebc1af1212fb7f3ce837c8c1ca096a4210181f29b1e1a2b46f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 2e46c951b072088d4217dbee733ceb63
SHA1 1c9dc00cda65ed9ec61ad81397de6d13055c6206
SHA256 aff654153608a38ad3923ea3dc997fdecc591cae3ec67a2af7f55e88fc1bd3b3
SHA512 de11b95173299c96e28db3abef20d3c0b654e0e8117763d1904b9f4d841a35edb7da9bbd1c20085af372a8fe44ec68e1399876d4c297a7e137633b36c10b4f88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 d661e15e428e80c45aae7c0f472b1998
SHA1 771b5b36a95017e935e3a86d6dae62bda97d4794
SHA256 3b4a5ca18fe7c414d24940c276d578e1a7f821d22bcae9ca66f9e4a851fe480a
SHA512 172ad0e361d7081839a046a951309b31c11601c05648c5a684450bc2dd10f466a36275b61d9e4d083ffbcb27e460d4521cb9e19a9c25f857afa748e1a3736b8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 7b83640b9b17601fa91384c903488b0e
SHA1 96f03aff69f6dd77d3731f71a73c4b35542cf4f4
SHA256 47a68818e0bb722ba86007127ae8c8c14258380696757c9fee22278b88c55a23
SHA512 f33a5fd6eb6c7561c0f7eb314a5bf64e33ed742d43f0fc0f373a5018c760665bbbcf5db670476a2d7fe3656b64c684c2a081f2e1b5b365bebb998b009aa5b855

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 211eb522e1bb0d8f41ab7d026fac7f50
SHA1 ba1c4aed63ad2903b561c149d3e1de84f150ef87
SHA256 04163201d4ace3396e9a264604d7394bcfb9199c679a21ab28eb23b294c18ef7
SHA512 c1c075752350bdc8a5c986109f00dea451a0cddacdca71e64c73b1ddd43a1cfc0afbf166e1554818b58fc452edd9b80d2bd813374f3ebd8df251c0b7d678eeeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 a81d21a19a84def8fa1677f23e32cf92
SHA1 8b03d0a32b2acfc0a9f4e59d6d4dcb0a76aa13f7
SHA256 303a1e1afe228e6ea0ed6434800695f4ffb72116dc4d957bb5806ae0ce3fe446
SHA512 a60cefc2663a9791f3f410b0b1c7a91e18e36cbcca75902531f55da8289f9052e3d3a516b17a805c21397802be1873f320acfb584442dbf385ddd3f98a389d35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 43c36f673477b4331deb10e5085e85f7
SHA1 76b4149f14e53abd4a0dc375ae581313569acfd3
SHA256 01c80838c9a69f86b7f21f096dc3774f045ac0a5308ce1eff541b608db3c6375
SHA512 289086938109e658a6575c09fe80adff08f68758fef44955e4b5c477d281ea1eefa588da629b4e90a7a5d9111cf9d53ae487fe27255458d8eb478fcd6d6d53a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 b3a346859804d8d466aee19475595a01
SHA1 1e1211e0aa4087ade1797c8c25356e36dd50156e
SHA256 86a2e32f8e8d9913d9736a720988737ebde11a98366f61535d03ea2541d051e2
SHA512 1218fb57b2f4138a5935121848fc7cba6b27e216db736fd4ddaf302ce90a190c396708d5ec570790af2c171b31baa7aa49fe2120949f354c3339707a6d3deb4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 bbc49a399e1dfd7325763cdad8bc0f70
SHA1 0a63706e3d9e0065ce805c5ae9059a737c5f55e0
SHA256 c66dacc1368667ed58a01e096d78ce6130b8d03e91d33e34c9f5535396374b44
SHA512 d7d180c6403e4b4c462e9ad959af8767fdfdb8d89e5a9d76ea7a66b19e65e5eeaaf4f6ed0dc05cbfa0cc2e4cc423bbb575d386fc3b08b8e6ec556339a9ed4dff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 5e99f5fa54ddede154b3b707f25e30ad
SHA1 982b7f4b411bd6e079e00e039a2b43915302e35f
SHA256 f3f789870aa7543f19fc8f82546c84a56593b73200405ee618114b10ed333bb9
SHA512 1602ef1c0e70eb71fb0f5740b27e8a81943a1d00ff4f2eaf4cc094a2430c43a53b486469b0aae7f60ea53bb6f224ce86215e37a869c57a918afe5f1592a568fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 e3b6738bb9d0911f9f90c60d1d8ab00d
SHA1 cfc99af0437930ace419f299442f915d028586c4
SHA256 9d8f9d8a9d19e4663539843a7b1d9c8131cf3209e6b3b070bc70843300e5900f
SHA512 7b5b09772d42a63a907d9a06f6afba0b69e0a82458a212612fada31d21ef22036d867c9c00cabaddbdbb387920d336bf51ab16ae2ebd725f82bd9f531abd074a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 1fc15b901524b92722f9ff863f892a2b
SHA1 cfd0a92d2c92614684524739630a35750c0103ec
SHA256 da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA512 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 b3208f47b9b645da26c071555b2eae5d
SHA1 05e1d25754c4c77f56cb824a20013fed486fd21b
SHA256 bcf262893d1a20e0543a8f91897d23715d6e78c07a02c82eeb7c22e4a1e0b153
SHA512 e2fe9f6db1f5d46c8626e17fc254809e4a8588348a1eb9eddb8ef1890ddf5096bcfe3d020f0d5de39408a470c7ef9b07ec5530351b8491a89534ea8332922bd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 55c1dd8240457c56907255cd086a7bf3
SHA1 4cec7f24361ac554e8a521bb3b067973c68986f0
SHA256 f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617
SHA512 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 53edc02ca5b0a735d6f70d60c6b1b16d
SHA1 7331326644655c726d72cf310331c3886d7ee136
SHA256 008df1128d47a52263510cff368c5be47997ce72689da83b20ce72c67dc866ae
SHA512 07cad14fba9462694fe7acb9d94e816d2fcdd290d3dae8333334f93b3855cb433d6644343c7a3f64773c3ac89788b8aef81b496244508536db17aa79f940d9bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 3eedd3b5538ed7c9bc5b86270e48d608
SHA1 0f281e898e33f5ce5bd639ab58ecdc7dc5259dcc
SHA256 ccd68a3536a8dc2555177dbd37f65dde93b8338f01971fde5ccc5f09347d9bca
SHA512 b1d34094f3ea10ac8a448445c8ad746f754fd3107544ac91cd1a5891b03fb5aa3c8ee5ed6f515f2b15d6baf556c12ce1e29944a775dd99492573e83a8921e7ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 52f33e51cf6cf0689e7cf610361a5e0a
SHA1 8b9f3870ef153f4a0d827639b8a1a73908292cdc
SHA256 f248d0fff48a1f6c285d47d311a0df3b6146bae82625bd3a169c74de78e854ee
SHA512 f00cbb23d8a29231e071c8e44716beae66308ab529697d08ed18728d156a2f08d7a9d03bf4dcca15cbfe4e8d2fd79dafd91550a1991d50be17d5fe9129749e53

memory/1416-1886-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4e03f9b53c4e81c62b6dd61b11aa9d9c
SHA1 f143665ec29503e06d090760838efd099db7b4e7
SHA256 77fd58c2d3b75be389ea3437cbe8168331573c649e4959308dfa957cb39cbe65
SHA512 1f712b9cb70a468c5785922484c4f3c4adbf91b9e75dcb8e1a335d1400a52cb5fbb19881d1067dbde7aa84b1b4fc7e965fed2bb24230f4991596dae1e39c22d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50ae16ba8d7e92cc7dd7b5e2744f2dd5
SHA1 aa572ce2e2944e31fd8d7b3873bff135810f377f
SHA256 3d3aac9da64619a864c80d58c2f159dc7166fee2c94eb219369477b5881bb094
SHA512 b20e0b376a81a09017d73e97f792c8befe326bb9e86fdefd87817bf4f9879cb43dcf6b95eef8a7dc8603ff9f505bd48b097b1c5d55337578aa7d4f8713065daf

memory/1416-1939-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bbe440b11d35f762efcaf9ac61c380f0
SHA1 4d8aef277c5aeab27ead446831aca999acea21ab
SHA256 75f704b58d57758a556f776c7fdf0ef021b0f4bd9ed2ebac145f1bcd9b3049d7
SHA512 82796d83421893b518615a79f6569ef99d7155beee50f965e8c35a8d63a8de7389b54aa6bd4721dbed1fc19c851d3d4740ea6feacefc1025562355a1b2fabd29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d6b64567b46a981d2c72bd443e256f9f
SHA1 d9ef8b28b13f39fde5886ccfba05feebe1bf1463
SHA256 e1e5d3326c520c5a2185ce4175d39bfaceff6f491707ea7ebc8eb48200ccd26a
SHA512 e72630a29b02fafe481251ca7d0f7f58aa83239714b347a19cfa6fb26bad20fba84da458b4bf679be957185d259d7f27e754949bbd5fa0305703eaed9a5d4a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 32abc5578c6806c888625f297a9a011a
SHA1 07b0bb906cc28d79ee11d1957555ee0cdb2c281a
SHA256 fd5482cfdd1ad68c5edc2d45e837dba978faac2bdf6fd07768ee6a4ccf4d0970
SHA512 8ea636072154779856b777b90c234c7f39c19e95ec6fca30da1fdd5adf992b031dbf89844d5068e62811630cf3bb18094549d1afbb05bf3232ba0baeff401778

memory/1416-2101-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b3c69.TMP

MD5 24aa91724f5f406e3581534f1e0f2c6d
SHA1 05f77cc11f23dd5860c448e09724f876ffc1b4c9
SHA256 08587de8e931bcb8df8ba66171295cf8f689ba942008377c0fbc7cb68b0dd404
SHA512 bb5f887e92669a5a66b7b4e9094f0c31eb2bfa3bf66b74b4da92f4c30c0eadb3554a6256a888203d394288a09b7913271166115030940495260afbf9e459a008

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2f91f3fa311d695c33a5a17dfcadb95b
SHA1 358ea47ead4cde33b6a84c161e30c145c3bb447f
SHA256 624a36ef2c76469fe0d1ff4698ea340dd17fd92a8c976cc403d037eabb7c15a8
SHA512 5b257676c61f8f2ed3feb583ad7ac45050bc4439131266551fa5f232fb26b3e027cf6023d6b1a67bda7df7f7f77b921e070e9c856c774d3ac9fef98ed1ffd5ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f5db8860f49a14f86e60658ff9ee7ef
SHA1 d7aae506a4b2a10077776c32f5bcde4204e03fb3
SHA256 1a0ac8a7050a7a8243aefaf2b4f687809ba60e253880f5e4171d7eb05476c588
SHA512 3c6d5217690982e3836c3136989f822ad9366a74a16b26e3276ccfa5cd86ed05498a417f71ba2c43fb2fcc3d3c57c6578d4ba28994d69b8c406575fe9fcfae57

memory/1416-2471-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 174633537d11987067c354e2971744d5
SHA1 7ad451af6807eefd572e3cf3f94a53ac9dfc1dee
SHA256 28c01a96fa625ff1a480afd2ab8f4da07af7a61d7fa77615c6dc680414be917c
SHA512 beaca296d20acefed29363b909cf7469829f7e3d578cd55cfdc9bf9a31df1e5c53bbcab3f679abcf14c2fc5eecf946826213de4dd0a0090e9bfdd4b9294d146a

C:\Users\Admin\Downloads\Unconfirmed 693054.crdownload

MD5 84e67989f7ccd11c2b7db38f3d3443b8
SHA1 c3e821de715aa7508b3273de16c9156014d81922
SHA256 5eac06573fb9289a5ad1dfa8b88d2d7b79f1bd89e61c53247f8cae50143e7a2c
SHA512 d0ea7235f591f31edeb7183c91fb0bb1347a9386c170c43b21e2c5fd93b7040e73e1a1a9f3ef6f83d097b1af0f9e2a9938dd59ae47588940491da25248eb7d99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e5fa4bc4a29611e59c903c67b95f585
SHA1 af94601175a397bacaf912a11b10d8b6a2234180
SHA256 c323f7d695218ece960401a37946d11c2201d0ebd1252f9c234868f066be6ac6
SHA512 c8bb6c67a9df54f45e3e859a980260175e147eda943894254ad1913989cb7f41c118a21b0a347be69ac2f9c1a0e3dee8ef1f2036ab782f03078524280e1ceed8

memory/1416-2505-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4181a6b3d15081ebc44b1baaeef01be4
SHA1 1e3bc3784dc59e2b42b5eb7f2aa8c3bea841aa45
SHA256 29b85df8e4819352dcf1375917be483fdbbec764e99021dd6cbe48c13cc8fe8a
SHA512 7e5ae7b9f15ec2a82692ad1c765b77ef470c96a08a61cccedc9f1114de6b2bbb2cb077d27b735e889f12a7c85893de09b05112fffc256d68f713ff58c0d7e31d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cbc13b1d5e44e15e6379a3749e4d5c32
SHA1 e5510276e63c9511a5e60dd0a5052c21931c1980
SHA256 b2f0631f61f5fbcd99d42ab07d715eb103d31cd9966b84c64b7b43a0c6d99244
SHA512 d25df547cac6f0cc88e1138835d58d9fad9323cef77f7fd994478b1e396b07287df4fa968891080cbe3edf13c2bc1132b64634b05359057580fa50f003b3032d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4be068866383b407e977074d26160e35
SHA1 e3c39ee69eaa12b2ee9099535ac8048f552b8028
SHA256 4564a58829517750274aa4863af19e1a1ce113bc2f56f4cc67bc1a39418c72bb
SHA512 3abcc3b3beb7d12a22592d424c9a22f0fe812df12c7d0c350efcddc64e4ab7f26b381cdb2b88e5960a0d44d948ff6513ecd37d57e43f6f0574e94f6e84494d8e

memory/1416-2550-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 4170540f70fc82c0e771ceace9ef65ba
SHA1 e012836d70fec6d5b27f20b5691a993253d3b5a2
SHA256 38ef182f19ce35b4f99ca7855ede38d87006b6c0b16f5e93aa6a9ec8c0bc20df
SHA512 e7b260849da072bf282719822a73611e0ef9b3b8c5b77957136fe5111d941adf36a83b600213382538770a93a0d142f8aee9be9f4bc914e82a7eefc9fabcd0db

memory/1416-2564-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 d6ec3ffe6c3b16f94d459947f56cab5f
SHA1 f6a05ce1e412ac4273ad362ab9ff8c314bb80747
SHA256 87eb356a07a15634ab05fd847c70f26fcd9ff745dc62afaa4404d6fc5206eaf9
SHA512 9a3c46f18b8527bdc02e5a0a442b9bd08326e2f59e40e80e555f3193dac5e649526e27259f1dee7260b9b66642a0aefeac9d7854a2024451db398cb078ffa484

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 34aa2375d9e5a2a43e286ad8b142e37e
SHA1 aee00acaef33047f515d48c515985015a0c09f2d
SHA256 ad3ea68b887799f08e83b678cb5f86b5071052902fb175e5810f2f540ec6fbe8
SHA512 6dee6ed6f5d49bc79e548b9dcad2b1b2fe7b49b9355f7e1b23879ad616ef677e9642c32fb62948f63f0b52f7df539d9556710b1d8d957482a4a36239797c1ff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d23898e25008a63c2fd1261751c7009
SHA1 42c89fec5f1c2a3adb511312b365f39720889217
SHA256 f3af96545ea312ba0e74bb4c7e61cfa6f957c224c28a6812db1c394f1aae4797
SHA512 5a441cd6ada8039f189d20f45ec87efa89d25bdd363f0add0ccbd6f47797c860b4104bcfeb8b5f3e09f97937f1f09e870c2416d6dafd19d95c996a79c0a3fc6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffaf1ec6cd0637c33c6d0e1186e0c0fe
SHA1 cf4183ea02878227762a41f3bafa7e499335da53
SHA256 bf7735a2fa695ed2ca615b716608a97fcbdcbfbc06e0f0af4d653b13d4c6fe44
SHA512 453f3494ebf8a0ba143dfc0e5fc47bb5f7285a3efc317099595d8a9561826c0151cb77afe359722db0630df66cbab649b40be31fde76928bdeb3d1ec506bf17f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 681c94ec8518645b76816cb741d1a47f
SHA1 7e45bb9b000c0230443e831e402b3daff10e8cbe
SHA256 f16a8a9d81359971f48deb0df20af616d6b57f191a0ad684ce52ce66644c5015
SHA512 03374ef282f497971a4a75974d3571f6634906a3b022dadd484dc52f8226f096be898a5211469bb21911c7dc5ef1fc6b39bcc8eb890d205de1ee1e33f7c49156

memory/1416-2709-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d711fadf1919a05ac8eccb48c397156c

MD5 d711fadf1919a05ac8eccb48c397156c
SHA1 d316ed33dda1b7170d56e086e53d280854f301ec
SHA256 b17555f65d11b29752665637a871d3cc2ad874076d2bee06a8dabd3520e34834
SHA512 dd5ec72eeb0e5fc28f122e46deb8a6c8464cbc2d8c74f545b27296b14c8b133fe009b38eace44e76af07a3db3fedbc6069b638348e550dffce84314674a01282

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

memory/1416-2854-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 c5c924179838003e01ad5c7f4f730b9d
SHA1 18eb04a048d05bae88fe03eae42adbe5c953ef4f
SHA256 93c370b788be1619c57e28d80454f89dfe03020e3b31c40055e76fb70835aff8
SHA512 16dfb2313ce5b5ee62a859653d3581586c983e94d96bce330cd014e5a7210735b891f3bd3dcdc08f2d4c283757188beb36418c797a52a54acc3c9278c7891bf5

memory/544-2870-0x0000000073D00000-0x0000000073F10000-memory.dmp

memory/544-2869-0x0000000000C80000-0x0000000000CB5000-memory.dmp

memory/1416-2867-0x0000000180000000-0x0000000180E54000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 86fd4e8c269df6b0d1104e0668eadae2
SHA1 fcf7f9289bf151a4ac99f0ca8d9af1170d01b018
SHA256 e2cc44c9724aaba3e03a8fdeb9af10e4c28e65e79ed81f15a90de3fadd83c07c
SHA512 99986f5d036133d373218f26a22aab7ff6b616a3e6839b8b0a840426dd42fe9fa05e255b7019d833d300d374f5d1115ef2e3725cd134416eb407cbad83b2d076

C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\Installer\setup.exe

MD5 d42926508ba6626be0143a2aa5275ba9
SHA1 ca2b45426611211dcd47fe66c9255ab81b843943
SHA256 9595008f51be8ca7c82618c84d30f0a7fdac9fe7433b806af504da0d38aef10a
SHA512 53aabfbf20389f4d28746c41109b5a194ed5d21521fa67042bd5a0fb38407e877bed5481a7502bec848a54d0fd4e33b09e3c6bc47a576f8e14a4458c64bc14e2

memory/1416-3117-0x0000000180000000-0x0000000180E54000-memory.dmp