Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/e0figl3wxrksy was found to be: Known bad.
Malicious Activity Summary
RedLine
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Executes dropped EXE
Reads user/profile data of web browsers
Checks BIOS information in registry
Themida packer
Checks whether UAC is enabled
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies registry class
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 05:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 05:26
Reported
2024-07-05 05:29
Platform
win11-20240704-en
Max time kernel
105s
Max time network
111s
Command Line
Signatures
RedLine
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings | C:\Windows\System32\Taskmgr.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxSolara.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxSolara (1).rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\RobloxSolara\Solara.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/e0figl3wxrksy
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff855183cb8,0x7ff855183cc8,0x7ff855183cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10502279642165018384,6757932762616886503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RobloxSolara\" -spe -an -ai#7zMap22839:86:7zEvent8947
C:\Users\Admin\Downloads\RobloxSolara\Solara.exe
"C:\Users\Admin\Downloads\RobloxSolara\Solara.exe"
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Users\Admin\Downloads\RobloxSolara\Solara.exe
"C:\Users\Admin\Downloads\RobloxSolara\Solara.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.212.202:443 | translate-pa.googleapis.com | tcp |
| NL | 18.239.18.40:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.18.239.18.in-addr.arpa | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 35.83.84.160:443 | api.amplitude.com | tcp |
| GB | 142.250.178.10:443 | translate.googleapis.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| IT | 157.240.203.35:443 | www.facebook.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.178.10:443 | translate.googleapis.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 104.16.53.110:443 | otnolatrnup.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.205.157.18.in-addr.arpa | udp |
| NL | 18.239.18.12:443 | tags.crwdcntrl.net | tcp |
| IE | 52.209.249.92:443 | ad.crwdcntrl.net | tcp |
| IE | 52.16.78.59:443 | ad.crwdcntrl.net | tcp |
| NL | 18.239.18.12:443 | tags.crwdcntrl.net | tcp |
| IE | 52.16.78.59:443 | ad.crwdcntrl.net | tcp |
| IE | 52.209.249.92:443 | ad.crwdcntrl.net | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| GB | 142.250.180.1:443 | aab9da290732ab0ebbd54556989c0587.safeframe.googlesyndication.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 18.239.81.23:443 | cdn.prod.uidapi.com | tcp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 199.91.155.66:443 | download2325.mediafire.com | tcp |
| US | 199.91.155.66:443 | download2325.mediafire.com | tcp |
| US | 199.91.155.66:443 | download2325.mediafire.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| NL | 65.9.86.86:443 | sys.ctrackapp.com | tcp |
| NL | 65.9.86.86:443 | sys.ctrackapp.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| NL | 18.239.50.86:443 | track.donecperficiam.com | tcp |
| NL | 18.239.50.86:443 | track.donecperficiam.com | tcp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| GB | 23.214.118.147:443 | go.etoro.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 104.103.247.210:443 | marketing.etorostatic.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.10:443 | translate.googleapis.com | udp |
| DE | 18.157.205.136:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| NL | 18.238.243.80:443 | woreppercomming.com | tcp |
| DE | 77.105.164.59:20204 | tcp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| DE | 77.105.164.59:20204 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dd3589b97978441d244d4e821fd239da |
| SHA1 | 63286c2b1fc75939d6ad4e1176901b5c7dc58143 |
| SHA256 | 6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9 |
| SHA512 | 6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2 |
\??\pipe\LOCAL\crashpad_4160_GCFLLAGKWHZPGGNL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | be6d8a5227798b38c33128c43f9febf0 |
| SHA1 | b5db7c6a1593f45c75ebb6a81e57628d11fcb892 |
| SHA256 | 7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234 |
| SHA512 | e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3e1ac2db1c7ac75f9a680ca916d809d |
| SHA1 | f4c34debe8224decebba4d446359ce4d3b0fbb50 |
| SHA256 | 80a1d6b4402f211313beb835fee1bfb3a6f26eeb91fc6ea53edf4f14b0c47117 |
| SHA512 | 7f295256d801b9f7bed227cc9daec7ca9449680cb54a5017d7003fe4960d5c3fb19e5bfde4b6228e80a3cd793cb96e92a28cee1082f42a5518dcd873a469f5e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f7e6ebf13be21b4564fd8f8dc769964 |
| SHA1 | 2053051c8590f23f9eea8568d4e45b80b340a481 |
| SHA256 | e30b2980d4924e834e986a3160f47b4dc23be7a5a332b54f95b91645d5dc752a |
| SHA512 | f3f06979206c845c529acfd3d46969c87aedbdf32d1a8a6ea4b474a64212d8b5c5e42b63ae4e2d8ca9e78529aef5c058fd379061131c55b0f9666ed2b3296496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38e775ef681d63e10b6cb819fa00b025 |
| SHA1 | 4439b30945c83128a935d7a4542cfbcc65f39299 |
| SHA256 | a21dfdaaa11d153402b7971c5105e4c42ce447694509dccf6e9717ae30d8e899 |
| SHA512 | 42d09c144df8576ec628e9ade3841802a4f03db2f77922a50ca95ad218c262ace265da14d2263144d217cef44362f1d8637403658bf15b3ae02c8c5c445c6d8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 461d00a7193a276fc422ee635446f099 |
| SHA1 | 643c794bf610ae3222295e99d22b21f4fe231e0f |
| SHA256 | 34a972f66f9502352048b9e4edf6af728aa37547a24b9203b4c8092cf1c8ef21 |
| SHA512 | 193838de150c3b2ea91778c5c9a86d0f17125537a6ba784868d6df7483c8c4ef9120b6702319f21e5e900835d208bd16bc38b5115ee88a369dcebca8d64d9a74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00ffc29bcde45e9500b71bae265d6706 |
| SHA1 | 15f71614f05fa82aaa66c359ef0304c2f179145a |
| SHA256 | 259d51b7c9d5afca818ea54d6ef223bbc210f19eb44c622d42dc2d202e3a4e97 |
| SHA512 | 0e7d8b35390e5ae097a967f80b121b97ec43bc8102d1b10438e48c50b88567486993aa4fec3d6aca1797b083f2e8bbbac253cfbcc913cdfff80ecaef8ba3cf24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\Downloads\RobloxSolara.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f1a468cc787ec172e43d0c59524828d |
| SHA1 | f24279dc66feb1cbc0e69e944da42c93703c013e |
| SHA256 | a56710e6da3da6a9662c24650581555c9c056efab36931a5a1400b6ece032d94 |
| SHA512 | aad22d2c4d6adbc016a1f07b2a69ee6f917eb62631ded5c1b22387e7f37c9d12173eb9051395f414f63ed727bcfd40092b95f33718031628af0fa21431bb0b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5826dc.TMP
| MD5 | d22a5da96af8cd05b9fdf41a12b8e17f |
| SHA1 | 1dccd5f985c0ee49e7fee58aa8ce514e2971dda4 |
| SHA256 | 164bc72e3213f0c99aa3e5925015ff0965b1740af47eda80a458084968cdfc0c |
| SHA512 | 185cb052ef1d44b5873082b5541d70c8549b010efc89989695355502eddd51d3740b1c1ac03d0d5e3a2bac72d3a051c0e869bd920d2071a45b519b4fbfa9e3a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4785e8929dd60d35ca13dcf979454afa |
| SHA1 | 1b9f0506940bf8adb0e6b09deca888cef55cb8b2 |
| SHA256 | 04cb01af58b7bcbc0a90708160c09f25787e0827cd383f2f2d9bda646f1774d7 |
| SHA512 | 7ac3805230543c4dc49d7bdf40eb923d1b590cff39bc9a094a4cf68cecee36fc5b403230defcc0eef78f0dfa855c9d707fde0c12c9272e3aa082da8e446fb3f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c48761e7411340377b2a91edb6b8b948 |
| SHA1 | db7018799b98d158489a6f37ebad361856acb77d |
| SHA256 | 3a0cbfa75f645a7561305594658d117f84a46371735b10e6e9b2726ecef3d02f |
| SHA512 | 7f5625de82662e22fa87c9e06431f328d45bea94b4fdb5ca83afdb2099a99932f6a1b84b9d872ea21d8ce9032c78bc4e5759bddee0eb726f8112c4eb91448ac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | aad790ee4a31437559fecf100b59078e |
| SHA1 | 1727064108247164f127d6b4843408ee91e663dd |
| SHA256 | 4e16f1d53116608b9f9f01ea18a2d1d1da9ddb95df7c3a5d0e5b3ed02c58c501 |
| SHA512 | 5b4a4047494631edce6085bea487a240b9144f36a59628ab090b4808a008d5dd2e79bd77086d225555687a191f47942f7f1692b99bf80b8340fd386e246b9289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 20fe0c18194108fe840d7986df387468 |
| SHA1 | 41154f8c5f9090fd2f96f3863f49320859fde823 |
| SHA256 | 27f91ffeca542c09c3edf04643fe78dd1ded6fa7320357379a6540cee814b663 |
| SHA512 | 5b65930cba328d21be028638ca600c6e66e376fbc6ce8bee565e94bf6dc9d099eae8f66b97156c026095befc7bdf452e2e5f40f2fd48e2fd46e563674a9dc9f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 7c63f9af85240de531ecd771bafbd06f |
| SHA1 | 8492a55acba5233ab5cb6696e1000cc719d3720b |
| SHA256 | 2cc1574aeff145d9c3ef543b833f827e4da9a0eb8c44bbf85d19ba8295c0ea97 |
| SHA512 | 3eb4fdf441999a552c01f6fb31ce572802737d95c3dd9d13d1e412c051056bfcd497cf80158e7065d0d2f967768ed09343799e66058cb39bba26df4c38d1d534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | da2d260116a68efcef921d4928c25f2c |
| SHA1 | af9f4a51e888052652ebeb5ab1a8907b936ca175 |
| SHA256 | 962ff5c288838e03222b1c8b94475fd2b9d97f013a83fd7ac2899d42d6f815e6 |
| SHA512 | d36b71a6ab0a35d329f744572124eae53aa401efa7298d0fe64abfa91e5bdcedb3b306377b9c8d4a040bca9dc1249a10e626b97e5ec5ab5cab1cb05e2cdf1979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0
| MD5 | 3d145b3a4b78eb176aa3906d7926a25e |
| SHA1 | e79a1d6ae21a59c43b1ca9727d638f446dab3dd5 |
| SHA256 | 1ebc040ed65bc82c6903a5f2bc512560d08a50b59ced539ad1838f6e0fd6cd22 |
| SHA512 | be525cdf01a06a814257723486fe45e1058b5b8aca4c0c05a6b9c072553d8334467ca20d6ef4bf2aa6cf6504acb9e4d2367021ff50d6954d443d2cfe0defb404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0
| MD5 | d129a2389e2c58b2a7733ab4f138768c |
| SHA1 | 98edd2530d80f3cbbd51eead33f66c7406467158 |
| SHA256 | 28b98e3b8a02215675f59145d8547e0273a6677cee02ca1967e44975a704de3c |
| SHA512 | 635fc05ab5900c34983474d7ba756c616ee3157f55d31c20306e61e9f1c1375ec8823b6ffe4bedc62ee1370d215b27a813e3aa82e81a2a88c793c9f6034e6dad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0
| MD5 | 8686d3adcc4252f83c544af6ef5cc9f0 |
| SHA1 | c415af63635f0ce1c46d0e320aef746e4a0f0b66 |
| SHA256 | 2ce76102f1caf4bc2d45158f9db328383058bcd0de9f0dd3525e4acb5acec634 |
| SHA512 | 445ef1d32d5892db48337dd77942cc17c64907b2a0b17c34a6ada517707f21c8f8d40c0e09df504d7e9a00264b316166b436359f30ec01a7fbeb4c0153dc8008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0
| MD5 | 5ce9a89b72bcfbd956b2df6c3ac980ee |
| SHA1 | 737326909777290c31c32f20a289ad24eab63db4 |
| SHA256 | 1347568cdd813fd4f71bd7651a2f3f1e2df3249872d8c63deaf72918b3d7a823 |
| SHA512 | 1c276506ffd11cedec01df8dea4d0e0a0bea918c866fa167572f5f923972f1dd46a7578f41bfbe750e3dbab0626d10247e13162ca53991d47ea79e24d38f4a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0
| MD5 | 6485da0552db4a79bd2a5a6782a9fefc |
| SHA1 | 6f6c652afd500524c8e191aadddb3f5b6a85ee3c |
| SHA256 | e114cad24b9bb6165cedeadc05b049f140d958fa61dbb9d2462e7987233eedcd |
| SHA512 | b9eeb571afa74917611d63df18c194f9965ec64b6fe21be116f755908084e3accb56d3a1584df0a29ab845d7137c8269c4d9209456f4a6fdb76a068236d42f80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\Downloads\74845376-6ed8-43ae-94ee-c33e450e083e.tmp
| MD5 | d01b260a55b4caf5dee965793a124de8 |
| SHA1 | eabe2c8ee1063a34e2bb7e844fbc4cd9a81dfe5c |
| SHA256 | 425e8779322cfd3f12d0a35b7d8c4683f71c344ab9a1a02a08361ad7bd50b134 |
| SHA512 | cf4cd14eda3812fbdab461b2aca8f2ee3e1b54c7a328a70c7e8558e6e2abb3af6e75f36da4810732423c82ec4f681c12f6d7256d62944dcca9904c709a353143 |
C:\Users\Admin\Downloads\RobloxSolara (1).rar:Zone.Identifier
| MD5 | 9d85fd80656a6b8716fbe5405f916efe |
| SHA1 | d0dd7f71ccf51092750a259b677f81e1ef3e6bfc |
| SHA256 | 00d70ff3748f68c272bb1748cf92635f580866dcbaca4ce2bd1e20f3633898d8 |
| SHA512 | 69ab9e4425b4921b99a58019ad13632f8c519d473bfa9590a49ce7ca1c752fe4c9c219f1b6fbb277ed7e648a0bad8fd79a7d89f5d084d6a381d55d35d993b701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dbe43d0c0f659cbbec09e25a206ca417 |
| SHA1 | 401a3f1d5be34414b01086e140fc1096fab14886 |
| SHA256 | 4f88260a6cbbfbbcb6141bbc534d746fee2e17000f4efff22f86cb32b1835a38 |
| SHA512 | ec7a54b2f4073390a74ae75c4bc14ccccdcdb62eae543d597131d94d6fdfe8ed02a3e439f94d52d9804c82c38fb78d91d1f50a1dfa1dcc848802eb99d3c27d77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94386de4b45490ec4cb2ab10c927b15e |
| SHA1 | 7d44ac5bf606a4bbf81c649b6fa22a0e167efabe |
| SHA256 | 49f7ed6cd25296400b99bd884945b6b9250d5e3ed5132a2f7bb8ea4b095d34cb |
| SHA512 | 1b893abe31710642be3a7598ef6adb94e869a80ebceca95125f55be6797fcbdd2d44d91a8d26cdc97104d0e0e4b64c7565d192f88d8352c316489f0d868b4bf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b33de202f18425b85f0afe654c4487cb |
| SHA1 | 1e3df3950e680a0a7c1e602893a8a18064587a12 |
| SHA256 | d8cecc33e646092b13cc1a4be4cef6e335412fa6fe99503e5e3eac136eedcae9 |
| SHA512 | 382ba287526e702c3219c351340ed8f4c6eec36c36bd87b1da9f10fcd5a007c0ea47588cce5ef412132a6cc49b7ca64d82d11bc6c5c3ae35190dd764b2612b4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed1e902c501bfd20abdf03dcfb240383 |
| SHA1 | 336b9d3d92512eb5d4fb9b07729a77f107b5200a |
| SHA256 | fa9436db6f3b85878e711d69c43fbeb0cd0a7ee30215b73977e6819744425d7d |
| SHA512 | ac5f91b7e31e523dbd6bfae29163abb264b96fae4e4ee251bb5c7924b26b12edfb0f0fdf3c02bc92f4436a94efa0086b2fc38ce6dde376419474240b5a0495bf |
C:\Users\Admin\Downloads\RobloxSolara\Solara.exe
| MD5 | 0982c7668e3d697214e640f21898db0e |
| SHA1 | 51fdae25fca51af87e04c29dd7d28a1f2bb93013 |
| SHA256 | a314a53a2bcae1032e130a4bfc8bb4050c1ab095f736a076540feddf686a0c08 |
| SHA512 | 5fa748967ef71ac080efe999fb19829e9a0ff5bb906da06d82f128f61a5c8e1946d968d45ab6cdaeaf047cc10e28f796b1d2c857c09e766e5bf018c602103c3f |
memory/4300-639-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4300-642-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4300-643-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4300-644-0x0000000006BB0000-0x0000000007156000-memory.dmp
memory/4300-645-0x0000000006600000-0x0000000006692000-memory.dmp
memory/4300-646-0x0000000006790000-0x000000000679A000-memory.dmp
memory/4300-647-0x0000000007780000-0x0000000007D98000-memory.dmp
memory/4300-648-0x0000000006970000-0x0000000006A7A000-memory.dmp
memory/4300-649-0x0000000006880000-0x0000000006892000-memory.dmp
memory/4300-650-0x00000000068E0000-0x000000000691C000-memory.dmp
memory/4300-651-0x0000000006A80000-0x0000000006ACC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f9c36aeb0bcb358bc34fa4c5a91907f2 |
| SHA1 | 297859061597eaec3ddc46f1f225bb5dd6ea305f |
| SHA256 | e132b9d2539f77519972eaf5e9b3d50f29ec1ad9bf62444c4421913aef9b1da6 |
| SHA512 | 5234ffadd23dc1793b587271f4d04cffecc9c0949084ce96524044b71f77536df6f453f68ec7cbeca30da3752abe01ef23572f8d8fe0f6a67db7fdbd9be21aa8 |
memory/4300-675-0x00000000072D0000-0x0000000007336000-memory.dmp
memory/4300-676-0x00000000080F0000-0x0000000008140000-memory.dmp
memory/4228-678-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-679-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-680-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-690-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-689-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-688-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-687-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-686-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-685-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4228-684-0x000001EF82730000-0x000001EF82731000-memory.dmp
memory/4300-691-0x0000000008310000-0x00000000084D2000-memory.dmp
memory/4300-692-0x0000000008A10000-0x0000000008F3C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | f287e26c01528e3145d02fccca69d017 |
| SHA1 | 3eb532f11f480e6e7900db54e812022492c6a515 |
| SHA256 | 5a2b93e9f7f3d492891307bc23c64f5a160568206b8bf9a96458c43e87f465dc |
| SHA512 | 34332238f0da5a6c25c001f313dc18b9a07094bd20998edd178b4ed522a0b4576b40fe7c78d99772dfaefb2f9a6462dae40587d454b76e2f171833c2f3d5282c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 284d3f7550086df36ef995f85ad07659 |
| SHA1 | 3cb79f7efc5448e66924b266add2914f32cac175 |
| SHA256 | bb9cae3e54c7b497019293d78c0dfb0731e60986fa35a3def2fc5caa0d1d5c23 |
| SHA512 | 288a70b6b3b81e44676cfb984fbdc87384275a4663daba7620c8246b84bc98042a307519bb4664116811ea6b9e64a9926049b54b0cf6497d2a9c10de8db1981b |
memory/4300-704-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4112-706-0x0000000000ED0000-0x00000000019BE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Solara.exe.log
| MD5 | 47b3bb3bf3bd31854ef77da134dc534f |
| SHA1 | 79f7ee98bfce765215cb9bc54d6c27a748af50f3 |
| SHA256 | 27bd7f1def6afae36983285feba3f689c7a006617a7d48cdac752bbd8ca39683 |
| SHA512 | f0d52c49fe5de3abd83875dc52755fbdd7d70aa92d31abae733a8104742372cee2f2e59c5b71f6d667144e52c97c543b095a718ea63410e1709f55b73b4953d0 |
memory/4112-710-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4112-711-0x0000000000ED0000-0x00000000019BE000-memory.dmp
memory/4112-712-0x0000000006470000-0x00000000064BC000-memory.dmp
memory/4112-715-0x0000000000ED0000-0x00000000019BE000-memory.dmp