Malware Analysis Report

2025-01-22 09:23

Sample ID 240705-f44c4swcrf
Target https://www.mediafire.com/folder/e0figl3wxrksy
Tags
redline discovery evasion infostealer spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/e0figl3wxrksy was found to be: Known bad.

Malicious Activity Summary

redline discovery evasion infostealer spyware stealer themida trojan

RedLine

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Executes dropped EXE

Reads user/profile data of web browsers

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-05 05:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-05 05:26

Reported

2024-07-05 05:29

Platform

win11-20240704-en

Max time kernel

105s

Max time network

111s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/e0figl3wxrksy

Signatures

RedLine

infostealer redline

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings C:\Windows\System32\Taskmgr.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\RobloxSolara.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxSolara (1).rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobloxSolara\Solara.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4160 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4160 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/e0figl3wxrksy

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff855183cb8,0x7ff855183cc8,0x7ff855183cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RobloxSolara\" -spe -an -ai#7zMap22839:86:7zEvent8947

C:\Users\Admin\Downloads\RobloxSolara\Solara.exe

"C:\Users\Admin\Downloads\RobloxSolara\Solara.exe"

C:\Windows\System32\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Downloads\RobloxSolara\Solara.exe

"C:\Users\Admin\Downloads\RobloxSolara\Solara.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 216.58.212.202:443 translate-pa.googleapis.com tcp
NL 18.239.18.40:443 cdn.amplitude.com tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 40.18.239.18.in-addr.arpa udp
IT 157.240.203.2:443 connect.facebook.net tcp
GB 172.217.169.46:443 translate.google.com tcp
US 35.83.84.160:443 api.amplitude.com tcp
GB 142.250.178.10:443 translate.googleapis.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
GB 172.217.16.227:443 www.google.co.uk tcp
IT 157.240.203.35:443 www.facebook.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.227:443 www.google.co.uk udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.178.10:443 translate.googleapis.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 172.217.169.46:443 translate.google.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 104.16.53.110:443 otnolatrnup.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 136.205.157.18.in-addr.arpa udp
NL 18.239.18.12:443 tags.crwdcntrl.net tcp
IE 52.209.249.92:443 ad.crwdcntrl.net tcp
IE 52.16.78.59:443 ad.crwdcntrl.net tcp
NL 18.239.18.12:443 tags.crwdcntrl.net tcp
IE 52.16.78.59:443 ad.crwdcntrl.net tcp
IE 52.209.249.92:443 ad.crwdcntrl.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
FR 13.39.145.251:443 g.ezoic.net tcp
GB 142.250.180.1:443 aab9da290732ab0ebbd54556989c0587.safeframe.googlesyndication.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 18.239.81.23:443 cdn.prod.uidapi.com tcp
GB 2.18.190.81:80 apps.identrust.com tcp
US 34.120.107.143:443 oajs.openx.net tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
US 34.120.107.143:443 oajs.openx.net udp
GB 142.250.180.4:443 www.google.com udp
US 199.91.155.66:443 download2325.mediafire.com tcp
US 199.91.155.66:443 download2325.mediafire.com tcp
US 199.91.155.66:443 download2325.mediafire.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
DE 162.19.138.117:443 id5-sync.com tcp
NL 65.9.86.86:443 sys.ctrackapp.com tcp
NL 65.9.86.86:443 sys.ctrackapp.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
NL 18.239.50.86:443 track.donecperficiam.com tcp
NL 18.239.50.86:443 track.donecperficiam.com tcp
GB 23.214.118.147:443 go.etoro.com tcp
GB 23.214.118.147:443 go.etoro.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 104.103.247.210:443 marketing.etorostatic.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 142.250.178.10:443 translate.googleapis.com udp
DE 18.157.205.136:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
NL 18.238.243.80:443 woreppercomming.com tcp
DE 77.105.164.59:20204 tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 77.105.164.59:20204 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dd3589b97978441d244d4e821fd239da
SHA1 63286c2b1fc75939d6ad4e1176901b5c7dc58143
SHA256 6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9
SHA512 6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2

\??\pipe\LOCAL\crashpad_4160_GCFLLAGKWHZPGGNL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 be6d8a5227798b38c33128c43f9febf0
SHA1 b5db7c6a1593f45c75ebb6a81e57628d11fcb892
SHA256 7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234
SHA512 e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3e1ac2db1c7ac75f9a680ca916d809d
SHA1 f4c34debe8224decebba4d446359ce4d3b0fbb50
SHA256 80a1d6b4402f211313beb835fee1bfb3a6f26eeb91fc6ea53edf4f14b0c47117
SHA512 7f295256d801b9f7bed227cc9daec7ca9449680cb54a5017d7003fe4960d5c3fb19e5bfde4b6228e80a3cd793cb96e92a28cee1082f42a5518dcd873a469f5e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f7e6ebf13be21b4564fd8f8dc769964
SHA1 2053051c8590f23f9eea8568d4e45b80b340a481
SHA256 e30b2980d4924e834e986a3160f47b4dc23be7a5a332b54f95b91645d5dc752a
SHA512 f3f06979206c845c529acfd3d46969c87aedbdf32d1a8a6ea4b474a64212d8b5c5e42b63ae4e2d8ca9e78529aef5c058fd379061131c55b0f9666ed2b3296496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38e775ef681d63e10b6cb819fa00b025
SHA1 4439b30945c83128a935d7a4542cfbcc65f39299
SHA256 a21dfdaaa11d153402b7971c5105e4c42ce447694509dccf6e9717ae30d8e899
SHA512 42d09c144df8576ec628e9ade3841802a4f03db2f77922a50ca95ad218c262ace265da14d2263144d217cef44362f1d8637403658bf15b3ae02c8c5c445c6d8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 461d00a7193a276fc422ee635446f099
SHA1 643c794bf610ae3222295e99d22b21f4fe231e0f
SHA256 34a972f66f9502352048b9e4edf6af728aa37547a24b9203b4c8092cf1c8ef21
SHA512 193838de150c3b2ea91778c5c9a86d0f17125537a6ba784868d6df7483c8c4ef9120b6702319f21e5e900835d208bd16bc38b5115ee88a369dcebca8d64d9a74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00ffc29bcde45e9500b71bae265d6706
SHA1 15f71614f05fa82aaa66c359ef0304c2f179145a
SHA256 259d51b7c9d5afca818ea54d6ef223bbc210f19eb44c622d42dc2d202e3a4e97
SHA512 0e7d8b35390e5ae097a967f80b121b97ec43bc8102d1b10438e48c50b88567486993aa4fec3d6aca1797b083f2e8bbbac253cfbcc913cdfff80ecaef8ba3cf24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\Downloads\RobloxSolara.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f1a468cc787ec172e43d0c59524828d
SHA1 f24279dc66feb1cbc0e69e944da42c93703c013e
SHA256 a56710e6da3da6a9662c24650581555c9c056efab36931a5a1400b6ece032d94
SHA512 aad22d2c4d6adbc016a1f07b2a69ee6f917eb62631ded5c1b22387e7f37c9d12173eb9051395f414f63ed727bcfd40092b95f33718031628af0fa21431bb0b89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5826dc.TMP

MD5 d22a5da96af8cd05b9fdf41a12b8e17f
SHA1 1dccd5f985c0ee49e7fee58aa8ce514e2971dda4
SHA256 164bc72e3213f0c99aa3e5925015ff0965b1740af47eda80a458084968cdfc0c
SHA512 185cb052ef1d44b5873082b5541d70c8549b010efc89989695355502eddd51d3740b1c1ac03d0d5e3a2bac72d3a051c0e869bd920d2071a45b519b4fbfa9e3a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4785e8929dd60d35ca13dcf979454afa
SHA1 1b9f0506940bf8adb0e6b09deca888cef55cb8b2
SHA256 04cb01af58b7bcbc0a90708160c09f25787e0827cd383f2f2d9bda646f1774d7
SHA512 7ac3805230543c4dc49d7bdf40eb923d1b590cff39bc9a094a4cf68cecee36fc5b403230defcc0eef78f0dfa855c9d707fde0c12c9272e3aa082da8e446fb3f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c48761e7411340377b2a91edb6b8b948
SHA1 db7018799b98d158489a6f37ebad361856acb77d
SHA256 3a0cbfa75f645a7561305594658d117f84a46371735b10e6e9b2726ecef3d02f
SHA512 7f5625de82662e22fa87c9e06431f328d45bea94b4fdb5ca83afdb2099a99932f6a1b84b9d872ea21d8ce9032c78bc4e5759bddee0eb726f8112c4eb91448ac2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 aad790ee4a31437559fecf100b59078e
SHA1 1727064108247164f127d6b4843408ee91e663dd
SHA256 4e16f1d53116608b9f9f01ea18a2d1d1da9ddb95df7c3a5d0e5b3ed02c58c501
SHA512 5b4a4047494631edce6085bea487a240b9144f36a59628ab090b4808a008d5dd2e79bd77086d225555687a191f47942f7f1692b99bf80b8340fd386e246b9289

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 660c3b546f2a131de50b69b91f26c636
SHA1 70f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256 fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA512 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 20fe0c18194108fe840d7986df387468
SHA1 41154f8c5f9090fd2f96f3863f49320859fde823
SHA256 27f91ffeca542c09c3edf04643fe78dd1ded6fa7320357379a6540cee814b663
SHA512 5b65930cba328d21be028638ca600c6e66e376fbc6ce8bee565e94bf6dc9d099eae8f66b97156c026095befc7bdf452e2e5f40f2fd48e2fd46e563674a9dc9f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 7c63f9af85240de531ecd771bafbd06f
SHA1 8492a55acba5233ab5cb6696e1000cc719d3720b
SHA256 2cc1574aeff145d9c3ef543b833f827e4da9a0eb8c44bbf85d19ba8295c0ea97
SHA512 3eb4fdf441999a552c01f6fb31ce572802737d95c3dd9d13d1e412c051056bfcd497cf80158e7065d0d2f967768ed09343799e66058cb39bba26df4c38d1d534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 da2d260116a68efcef921d4928c25f2c
SHA1 af9f4a51e888052652ebeb5ab1a8907b936ca175
SHA256 962ff5c288838e03222b1c8b94475fd2b9d97f013a83fd7ac2899d42d6f815e6
SHA512 d36b71a6ab0a35d329f744572124eae53aa401efa7298d0fe64abfa91e5bdcedb3b306377b9c8d4a040bca9dc1249a10e626b97e5ec5ab5cab1cb05e2cdf1979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

MD5 3d145b3a4b78eb176aa3906d7926a25e
SHA1 e79a1d6ae21a59c43b1ca9727d638f446dab3dd5
SHA256 1ebc040ed65bc82c6903a5f2bc512560d08a50b59ced539ad1838f6e0fd6cd22
SHA512 be525cdf01a06a814257723486fe45e1058b5b8aca4c0c05a6b9c072553d8334467ca20d6ef4bf2aa6cf6504acb9e4d2367021ff50d6954d443d2cfe0defb404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

MD5 d129a2389e2c58b2a7733ab4f138768c
SHA1 98edd2530d80f3cbbd51eead33f66c7406467158
SHA256 28b98e3b8a02215675f59145d8547e0273a6677cee02ca1967e44975a704de3c
SHA512 635fc05ab5900c34983474d7ba756c616ee3157f55d31c20306e61e9f1c1375ec8823b6ffe4bedc62ee1370d215b27a813e3aa82e81a2a88c793c9f6034e6dad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

MD5 8686d3adcc4252f83c544af6ef5cc9f0
SHA1 c415af63635f0ce1c46d0e320aef746e4a0f0b66
SHA256 2ce76102f1caf4bc2d45158f9db328383058bcd0de9f0dd3525e4acb5acec634
SHA512 445ef1d32d5892db48337dd77942cc17c64907b2a0b17c34a6ada517707f21c8f8d40c0e09df504d7e9a00264b316166b436359f30ec01a7fbeb4c0153dc8008

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

MD5 5ce9a89b72bcfbd956b2df6c3ac980ee
SHA1 737326909777290c31c32f20a289ad24eab63db4
SHA256 1347568cdd813fd4f71bd7651a2f3f1e2df3249872d8c63deaf72918b3d7a823
SHA512 1c276506ffd11cedec01df8dea4d0e0a0bea918c866fa167572f5f923972f1dd46a7578f41bfbe750e3dbab0626d10247e13162ca53991d47ea79e24d38f4a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

MD5 6485da0552db4a79bd2a5a6782a9fefc
SHA1 6f6c652afd500524c8e191aadddb3f5b6a85ee3c
SHA256 e114cad24b9bb6165cedeadc05b049f140d958fa61dbb9d2462e7987233eedcd
SHA512 b9eeb571afa74917611d63df18c194f9965ec64b6fe21be116f755908084e3accb56d3a1584df0a29ab845d7137c8269c4d9209456f4a6fdb76a068236d42f80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\Downloads\74845376-6ed8-43ae-94ee-c33e450e083e.tmp

MD5 d01b260a55b4caf5dee965793a124de8
SHA1 eabe2c8ee1063a34e2bb7e844fbc4cd9a81dfe5c
SHA256 425e8779322cfd3f12d0a35b7d8c4683f71c344ab9a1a02a08361ad7bd50b134
SHA512 cf4cd14eda3812fbdab461b2aca8f2ee3e1b54c7a328a70c7e8558e6e2abb3af6e75f36da4810732423c82ec4f681c12f6d7256d62944dcca9904c709a353143

C:\Users\Admin\Downloads\RobloxSolara (1).rar:Zone.Identifier

MD5 9d85fd80656a6b8716fbe5405f916efe
SHA1 d0dd7f71ccf51092750a259b677f81e1ef3e6bfc
SHA256 00d70ff3748f68c272bb1748cf92635f580866dcbaca4ce2bd1e20f3633898d8
SHA512 69ab9e4425b4921b99a58019ad13632f8c519d473bfa9590a49ce7ca1c752fe4c9c219f1b6fbb277ed7e648a0bad8fd79a7d89f5d084d6a381d55d35d993b701

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbe43d0c0f659cbbec09e25a206ca417
SHA1 401a3f1d5be34414b01086e140fc1096fab14886
SHA256 4f88260a6cbbfbbcb6141bbc534d746fee2e17000f4efff22f86cb32b1835a38
SHA512 ec7a54b2f4073390a74ae75c4bc14ccccdcdb62eae543d597131d94d6fdfe8ed02a3e439f94d52d9804c82c38fb78d91d1f50a1dfa1dcc848802eb99d3c27d77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94386de4b45490ec4cb2ab10c927b15e
SHA1 7d44ac5bf606a4bbf81c649b6fa22a0e167efabe
SHA256 49f7ed6cd25296400b99bd884945b6b9250d5e3ed5132a2f7bb8ea4b095d34cb
SHA512 1b893abe31710642be3a7598ef6adb94e869a80ebceca95125f55be6797fcbdd2d44d91a8d26cdc97104d0e0e4b64c7565d192f88d8352c316489f0d868b4bf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b33de202f18425b85f0afe654c4487cb
SHA1 1e3df3950e680a0a7c1e602893a8a18064587a12
SHA256 d8cecc33e646092b13cc1a4be4cef6e335412fa6fe99503e5e3eac136eedcae9
SHA512 382ba287526e702c3219c351340ed8f4c6eec36c36bd87b1da9f10fcd5a007c0ea47588cce5ef412132a6cc49b7ca64d82d11bc6c5c3ae35190dd764b2612b4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ed1e902c501bfd20abdf03dcfb240383
SHA1 336b9d3d92512eb5d4fb9b07729a77f107b5200a
SHA256 fa9436db6f3b85878e711d69c43fbeb0cd0a7ee30215b73977e6819744425d7d
SHA512 ac5f91b7e31e523dbd6bfae29163abb264b96fae4e4ee251bb5c7924b26b12edfb0f0fdf3c02bc92f4436a94efa0086b2fc38ce6dde376419474240b5a0495bf

C:\Users\Admin\Downloads\RobloxSolara\Solara.exe

MD5 0982c7668e3d697214e640f21898db0e
SHA1 51fdae25fca51af87e04c29dd7d28a1f2bb93013
SHA256 a314a53a2bcae1032e130a4bfc8bb4050c1ab095f736a076540feddf686a0c08
SHA512 5fa748967ef71ac080efe999fb19829e9a0ff5bb906da06d82f128f61a5c8e1946d968d45ab6cdaeaf047cc10e28f796b1d2c857c09e766e5bf018c602103c3f

memory/4300-639-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4300-642-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4300-643-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4300-644-0x0000000006BB0000-0x0000000007156000-memory.dmp

memory/4300-645-0x0000000006600000-0x0000000006692000-memory.dmp

memory/4300-646-0x0000000006790000-0x000000000679A000-memory.dmp

memory/4300-647-0x0000000007780000-0x0000000007D98000-memory.dmp

memory/4300-648-0x0000000006970000-0x0000000006A7A000-memory.dmp

memory/4300-649-0x0000000006880000-0x0000000006892000-memory.dmp

memory/4300-650-0x00000000068E0000-0x000000000691C000-memory.dmp

memory/4300-651-0x0000000006A80000-0x0000000006ACC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f9c36aeb0bcb358bc34fa4c5a91907f2
SHA1 297859061597eaec3ddc46f1f225bb5dd6ea305f
SHA256 e132b9d2539f77519972eaf5e9b3d50f29ec1ad9bf62444c4421913aef9b1da6
SHA512 5234ffadd23dc1793b587271f4d04cffecc9c0949084ce96524044b71f77536df6f453f68ec7cbeca30da3752abe01ef23572f8d8fe0f6a67db7fdbd9be21aa8

memory/4300-675-0x00000000072D0000-0x0000000007336000-memory.dmp

memory/4300-676-0x00000000080F0000-0x0000000008140000-memory.dmp

memory/4228-678-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-679-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-680-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-690-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-689-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-688-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-687-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-686-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-685-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4228-684-0x000001EF82730000-0x000001EF82731000-memory.dmp

memory/4300-691-0x0000000008310000-0x00000000084D2000-memory.dmp

memory/4300-692-0x0000000008A10000-0x0000000008F3C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 f287e26c01528e3145d02fccca69d017
SHA1 3eb532f11f480e6e7900db54e812022492c6a515
SHA256 5a2b93e9f7f3d492891307bc23c64f5a160568206b8bf9a96458c43e87f465dc
SHA512 34332238f0da5a6c25c001f313dc18b9a07094bd20998edd178b4ed522a0b4576b40fe7c78d99772dfaefb2f9a6462dae40587d454b76e2f171833c2f3d5282c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 284d3f7550086df36ef995f85ad07659
SHA1 3cb79f7efc5448e66924b266add2914f32cac175
SHA256 bb9cae3e54c7b497019293d78c0dfb0731e60986fa35a3def2fc5caa0d1d5c23
SHA512 288a70b6b3b81e44676cfb984fbdc87384275a4663daba7620c8246b84bc98042a307519bb4664116811ea6b9e64a9926049b54b0cf6497d2a9c10de8db1981b

memory/4300-704-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4112-706-0x0000000000ED0000-0x00000000019BE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Solara.exe.log

MD5 47b3bb3bf3bd31854ef77da134dc534f
SHA1 79f7ee98bfce765215cb9bc54d6c27a748af50f3
SHA256 27bd7f1def6afae36983285feba3f689c7a006617a7d48cdac752bbd8ca39683
SHA512 f0d52c49fe5de3abd83875dc52755fbdd7d70aa92d31abae733a8104742372cee2f2e59c5b71f6d667144e52c97c543b095a718ea63410e1709f55b73b4953d0

memory/4112-710-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4112-711-0x0000000000ED0000-0x00000000019BE000-memory.dmp

memory/4112-712-0x0000000006470000-0x00000000064BC000-memory.dmp

memory/4112-715-0x0000000000ED0000-0x00000000019BE000-memory.dmp