Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

10

Analysis

  • max time kernel
    862s
  • max time network
    859s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/07/2024, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1258666032768356383/1265308732326416424/Solara_roblox.zip?ex=66a25b96&is=66a10a16&hm=3d3e5e4ac124c3efc5e5011ecfc7ef265924a37331ef7be552c26ac104c33a01&

Score
10/10
rhadamanthysdiscoveryevasionexecutionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 46 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 5 IoCs
    evasiontrojan
  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 16 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 12 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Detects videocard installed 1 TTPs 2 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • GoLang User-Agent 2 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • NTFS ADS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
    1⤵
      PID:2916
      • C:\Windows\SysWOW64\openwith.exe
        "C:\Windows\system32\openwith.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4440
    • C:\Windows\system32\LaunchWinApp.exe
      "C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1258666032768356383/1265308732326416424/Solara_roblox.zip?ex=66a25b96&is=66a10a16&hm=3d3e5e4ac124c3efc5e5011ecfc7ef265924a37331ef7be552c26ac104c33a01&"
      1⤵
        PID:4672
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3740
      • C:\Windows\system32\browser_broker.exe
        C:\Windows\system32\browser_broker.exe -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • NTFS ADS
        PID:1536
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2984
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:5096
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:1108
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        PID:2304
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1208
      • C:\Windows\System32\PickerHost.exe
        C:\Windows\System32\PickerHost.exe -Embedding
        1⤵
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:4600
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:2144
        • C:\Program Files\7-Zip\7zG.exe
          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Solara_roblox\" -spe -an -ai#7zMap5938:88:7zEvent29960
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:2172
        • C:\Users\Admin\Downloads\Solara_roblox\setup.exe
          "C:\Users\Admin\Downloads\Solara_roblox\setup.exe"
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Maps connected drives based on registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of WriteProcessMemory
          PID:352
          • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
            C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
            2⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4528
            • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
              3⤵
              • Event Triggered Execution: Image File Execution Options Injection
              • Executes dropped EXE
              • Loads dropped DLL
              • Checks system information in the registry
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:932
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                4⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:204
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:4196
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  5⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Modifies registry class
                  PID:3776
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  5⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Modifies registry class
                  PID:4288
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.193.5\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  5⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Modifies registry class
                  PID:2208
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezlFMzI2NEUzLTQyNTEtNDVFQS05M0U4LTU3MUJDQTJBMTBDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins5NDczNEY0OS03MjBCLTQ1NzEtQjE4RC1BOUQ0QzQxREJGMER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTkzLjUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwNjc3OTgwMTUiIGluc3RhbGxfdGltZV9tcz0iNjEwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                4⤵
                • Executes dropped EXE
                • Checks system information in the registry
                • System Location Discovery: System Language Discovery
                • System Network Configuration Discovery: Internet Connection Discovery
                PID:4088
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{9E3264E3-4251-45EA-93E8-571BCA2A10CE}"
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                PID:512
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=352.2312.18229975599290880932
            2⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks system information in the registry
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:404
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.113 --initial-client-data=0x12c,0x130,0x134,0x108,0xc0,0x7ffa9f9b0148,0x7ffa9f9b0154,0x7ffa9f9b0160
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1288
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1696,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1692 /prefetch:2
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3488
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1632,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1736 /prefetch:3
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3524
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1476,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:8
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2208
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3188,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:1
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4848
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4348,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:8
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3276
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4356,i,13820260800961185608,4346900571387551876,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1140
          • C:\Windows\System32\Wbem\wmic.exe
            wmic path win32_VideoController get name
            2⤵
            • Detects videocard installed
            • Suspicious use of AdjustPrivilegeToken
            PID:1248
          • C:\Windows\system32\tasklist.exe
            tasklist
            2⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:668
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:3808
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezlFMzI2NEUzLTQyNTEtNDVFQS05M0U4LTU3MUJDQTJBMTBDRX0iIGluc3RhbGxzb3VyY2U9ImxpbWl0ZWQiIHJlcXVlc3RpZD0iezdEOUE1Rjg0LUJEQTQtNEU4OC1CRDkwLTcyRTFDMkM4OTlFQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTUwNjMuMCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJRRU1VIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMTEiIGluc3RhbGxkYXRldGltZT0iMTcxMjIzMzcxMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU2NzA2NTgwMDA5NTc3MCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQzMjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwNzIxNzI5NDciLz48L2FwcD48L3JlcXVlc3Q-
            2⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Modifies data under HKEY_USERS
            PID:1364
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\MicrosoftEdge_X64_126.0.2592.113.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\MicrosoftEdge_X64_126.0.2592.113.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
            2⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2820
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\EDGEMITMP_413BC.tmp\setup.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\EDGEMITMP_413BC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\MicrosoftEdge_X64_126.0.2592.113.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
              3⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              • Suspicious use of WriteProcessMemory
              PID:3556
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\EDGEMITMP_413BC.tmp\setup.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\EDGEMITMP_413BC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B10A3767-5235-46C9-9145-1F2559D52D7A}\EDGEMITMP_413BC.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.113 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff680c3aa40,0x7ff680c3aa4c,0x7ff680c3aa58
                4⤵
                • Executes dropped EXE
                PID:488
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezlFMzI2NEUzLTQyNTEtNDVFQS05M0U4LTU3MUJDQTJBMTBDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins3N0Y2N0M4QS02MkRCLTRDN0YtQUVERi1FRDRGQkU0Q0FCQTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuMTEzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTEzNzM1NTg2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTExMzczNTU4NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTU0MDcxNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzAxYTAyZDBlLTlkOGQtNDdhMy04YzM2LTliZjM4ZGFiZTIxYT9QMT0xNzIyNDYzMzk2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWlOdEV2NnhMbFh2T2t6SWxTUWZwNjRNTHZuOEdNWkVickhhTnNOOEVCV1clMmJvRmJsVG93S2dzaWlFNXU1WFFJNTc4Z0gyWHhlUnNXSEpQamo4THNyRnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMxNDg2MTYiIHRvdGFsPSIxNzMxNDg2MTYiIGRvd25sb2FkX3RpbWVfbXM9IjIzMzk0OCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTU0MDcxNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTA5MDAwODkyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTQyODYyODI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTA3OCIgZG93bmxvYWRfdGltZV9tcz0iMjM4MTUyIiBkb3dubG9hZGVkPSIxNzMxNDg2MTYiIHRvdGFsPSIxNzMxNDg2MTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMzg2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
            2⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Modifies data under HKEY_USERS
            PID:2192
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:600
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4960
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjE5My41IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezc1NkU1N0VFLUYxREEtNEMzQS05RDhELUE5OUZGNTgyNUQ5OH0iIHVzZXJpZD0iezFDQzhGOTE5LUJGODEtNDc4RS05MURCLTcxODI1NjY4RkMzNX0iIGluc3RhbGxzb3VyY2U9InNjaGVkdWxlciIgcmVxdWVzdGlkPSJ7NDdCNkI4QTgtNzlEQy00MzA2LTg1NzEtMDlEMTZCNjBBMzY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDt0eGdVQkhvbzZBUVNBL2Z5RTQ4c3lFWHF4MkorL3FzcWxHV3hpNHVmSFlrPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTkzLjUiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC42MiI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNi4wLjI1OTIuMTEzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0MTIiIGNvaG9ydD0icnJmQDAuMDIiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NjMzMjQ3ODY4MjY2MjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezU4Q0I0NTM2LTIwODgtNDJGRC05MTk5LUM5NkI2QTZDODY0MH0iLz48L2FwcD48L3JlcXVlc3Q-
            2⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            • Modifies data under HKEY_USERS
            PID:2824
        • C:\Users\Admin\Downloads\Solara_roblox\setup.exe
          "C:\Users\Admin\Downloads\Solara_roblox\setup.exe"
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Maps connected drives based on registry
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          PID:3276
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3276.4200.4420819115351108453
            2⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • System policy modification
            PID:2232
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.113 --initial-client-data=0x108,0x10c,0x110,0xe4,0x13c,0x7ffa9f9b0148,0x7ffa9f9b0154,0x7ffa9f9b0160
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2684
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1676,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1672 /prefetch:2
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:648
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1580,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:3
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3452
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1632,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:8
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4384
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3172,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3180 /prefetch:1
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1404
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4056,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:1
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4264
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4104,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:1
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1312
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --webview-exe-name=setup.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4276,i,7120614269795046111,4727378673084858140,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:1
              3⤵
              • Checks computer location settings
              • Executes dropped EXE
              PID:856
          • C:\Windows\System32\Wbem\wmic.exe
            wmic path win32_VideoController get name
            2⤵
            • Detects videocard installed
            • Suspicious use of AdjustPrivilegeToken
            PID:1312
          • C:\Windows\system32\tasklist.exe
            tasklist
            2⤵
            • Enumerates processes with tasklist
            PID:1572
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\";" powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Downloads\Solara_roblox\setup.exe\""
            2⤵
            • Command and Scripting Interpreter: PowerShell
            • Suspicious behavior: EnumeratesProcesses
            PID:1324
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\Solara_roblox\setup.exe
              3⤵
              • Command and Scripting Interpreter: PowerShell
              • Suspicious behavior: EnumeratesProcesses
              PID:2192
          • C:\Windows\System32\Wbem\wmic.exe
            wmic csproduct get uuid
            2⤵
              PID:1248
            • C:\ProgramData\driver1.exe
              C:\ProgramData\driver1.exe
              2⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              PID:4264
              • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                3⤵
                • Suspicious use of NtCreateUserProcessOtherParentProcess
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:3736
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 504
                  4⤵
                  • Program crash
                  PID:1844
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 484
                  4⤵
                  • Program crash
                  PID:2928
            • C:\Windows\system32\schtasks.exe
              schtasks /create /tn WinDriver /tr C:\ProgramData\Microsoft\WinDriver.exe /sc onstart /ru SYSTEM
              2⤵
              • Scheduled Task/Job: Scheduled Task
              PID:4608
          • C:\Users\Admin\Downloads\Solara_roblox\setup.exe
            "C:\Users\Admin\Downloads\Solara_roblox\setup.exe"
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            • Suspicious behavior: EnumeratesProcesses
            PID:4152
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4152.312.15629467191333378583
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4828
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.113 --initial-client-data=0x108,0x10c,0x110,0xe4,0x118,0x7ffa9f9b0148,0x7ffa9f9b0154,0x7ffa9f9b0160
                3⤵
                • Executes dropped EXE
                PID:4588
          • C:\Users\Admin\Downloads\Solara_roblox\setup.exe
            "C:\Users\Admin\Downloads\Solara_roblox\setup.exe"
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            • Suspicious behavior: EnumeratesProcesses
            PID:4460
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4460.1660.1222835832113937993
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1892
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.113 --initial-client-data=0x108,0x10c,0x110,0xe4,0x118,0x7ffa9f9b0148,0x7ffa9f9b0154,0x7ffa9f9b0160
                3⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:236
          • C:\Users\Admin\Downloads\Solara_roblox\setup.exe
            "C:\Users\Admin\Downloads\Solara_roblox\setup.exe"
            1⤵
            • Executes dropped EXE
            • Checks whether UAC is enabled
            • Suspicious behavior: EnumeratesProcesses
            PID:4420
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=setup.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4420.3776.5377145529876442276
              2⤵
              • Executes dropped EXE
              PID:4608
          • C:\Windows\system32\taskmgr.exe
            "C:\Windows\system32\taskmgr.exe" /4
            1⤵
            • Drops file in Windows directory
            • Checks SCSI registry key(s)
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1848
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            1⤵
              PID:4048
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe"
                2⤵
                • Checks processor information in registry
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of SetWindowsHookEx
                PID:3604
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.0.597775733\474771880" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1636 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27aedfc1-bb3b-4d94-94aa-6fee9e76cecd} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 1780 230bc597458 gpu
                  3⤵
                    PID:4348
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.1.1401386184\1593169036" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6996a36-9ce5-4906-a2bd-64b4e9b4eccb} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 2136 230bb2fb058 socket
                    3⤵
                      PID:5088
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.2.1660570128\1050207607" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a488ad67-bb2c-4e6e-8d92-a0ebefde9fae} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 2768 230bb35c358 tab
                      3⤵
                        PID:2156
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.3.817177547\84715578" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34ad3e60-6744-40fa-99b8-ea4271fc2746} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 2820 230b035e858 tab
                        3⤵
                          PID:1968
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.4.2034131582\480435836" -childID 3 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93226c5-37a7-4c26-9e13-2e83a09f0ba2} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 3880 230c09c7d58 tab
                          3⤵
                            PID:1452
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.5.1475079934\1258500520" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5008 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21cb7a8c-9e91-4ec2-9fdc-a134bfc4d959} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5096 230c1cb0058 tab
                            3⤵
                              PID:1332
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.6.1151697990\1664667107" -childID 5 -isForBrowser -prefsHandle 4884 -prefMapHandle 4824 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f33713-cdda-4201-8067-58591e97251f} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5116 230c1cb0c58 tab
                              3⤵
                                PID:1660
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.7.1500148217\1789215777" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50e8a1b2-329c-4a5d-8ee7-28dd8582e1fb} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5236 230c1cb1558 tab
                                3⤵
                                  PID:3484
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.8.1733054611\1979904274" -childID 7 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36a5c850-9599-40a8-8b36-6688d372946d} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5584 230c37aeb58 tab
                                  3⤵
                                    PID:1896
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.9.1721912887\1942485805" -childID 8 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46de5925-db35-447c-acc8-d5095de7ff1b} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5956 230c3d4b558 tab
                                    3⤵
                                      PID:508
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.10.22767224\1010428058" -childID 9 -isForBrowser -prefsHandle 3896 -prefMapHandle 3660 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7444f2b-39d7-46ee-879e-5421a660c906} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 3992 230b0361658 tab
                                      3⤵
                                        PID:4508
                                  • C:\Windows\System32\leoba4.exe
                                    "C:\Windows\System32\leoba4.exe"
                                    1⤵
                                      PID:4188
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /4
                                      1⤵
                                        PID:4152

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Reconnaissance

                                      Resource Development

                                      Initial Access

                                      Execution

                                      Command and Scripting Interpreter

                                      1
                                      T1059

                                      PowerShell

                                      1
                                      T1059.001

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Persistence

                                      Event Triggered Execution

                                      2
                                      T1546

                                      Component Object Model Hijacking

                                      1
                                      T1546.015

                                      Image File Execution Options Injection

                                      1
                                      T1546.012

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Privilege Escalation

                                      Event Triggered Execution

                                      2
                                      T1546

                                      Component Object Model Hijacking

                                      1
                                      T1546.015

                                      Image File Execution Options Injection

                                      1
                                      T1546.012

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Defense Evasion

                                      Modify Registry

                                      3
                                      T1112

                                      Subvert Trust Controls

                                      1
                                      T1553

                                      Install Root Certificate

                                      1
                                      T1553.004

                                      Credential Access

                                      Discovery

                                      Network Share Discovery

                                      1
                                      T1135

                                      Peripheral Device Discovery

                                      2
                                      T1120

                                      Process Discovery

                                      1
                                      T1057

                                      Query Registry

                                      8
                                      T1012

                                      System Information Discovery

                                      9
                                      T1082

                                      System Location Discovery

                                      1
                                      T1614

                                      System Language Discovery

                                      1
                                      T1614.001

                                      System Network Configuration Discovery

                                      1
                                      T1016

                                      Internet Connection Discovery

                                      1
                                      T1016.001

                                      Lateral Movement

                                      Collection

                                      Command and Control

                                      Exfiltration

                                      Impact

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Installer\setup.exe
                                        Filesize

                                        6.5MB

                                        MD5

                                        4dda37fd043902a07a4d46dd8b5bc4aa

                                        SHA1

                                        aeecafae4cca3b4a1e592d93b045de19d09a328e

                                        SHA256

                                        806500bb5e7a3e4a2a84d4d08e97d1872dc7ee8f8c255e3c6c2d39437c9779ac

                                        SHA512

                                        903280cf47888fcd491b5aa70ffc4de60458fe8fce6e164a02118308cbd36ef0d2e6ecd418d19242d605f9c516598fe723908e28baf702c4c65a284fabc60111

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\EdgeUpdate.dat
                                        Filesize

                                        12KB

                                        MD5

                                        369bbc37cff290adb8963dc5e518b9b8

                                        SHA1

                                        de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                        SHA256

                                        3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                        SHA512

                                        4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                        Filesize

                                        181KB

                                        MD5

                                        5679308b2e276bd371798ac8d579b1f9

                                        SHA1

                                        eb01158489726d54ff605a884d77931df40098e4

                                        SHA256

                                        c9aef2d24f1c77a366b327b869e4103ed8276ea83b2b40942718cc134a1e122f

                                        SHA512

                                        9eb5ef48b47444909b10bf7d96d55c47c02814524df6a479e448e9ff50b9a462ac03c99f57258d0ed8fe3665fb286dde0d9be5a47019fb4d9c68da2b2589e898

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeUpdate.exe
                                        Filesize

                                        200KB

                                        MD5

                                        090901ebefc233cc46d016af98be6d53

                                        SHA1

                                        3c78e621f9921642dbbd0502b56538d4b037d0cd

                                        SHA256

                                        7864bb95eb14e0ae1c249759cb44ad746e448007563b7430911755cf17ea5a77

                                        SHA512

                                        5e415dc06689f65155a7ea13c013088808a65afff12fef664178b2ea37e48b4736261564d72e02b898ced58bfb5b3a1fcdd2c7136c0d841868ec7f4f1c32e883

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        Filesize

                                        214KB

                                        MD5

                                        8428e306e866fe7972f05b6be814c1cf

                                        SHA1

                                        84ea90405d8d797a6deba68fd6a8efae5a461ce1

                                        SHA256

                                        855e2f2fab4968261704cab9bae294fb7ec8b9c26e4d1708e29e26c454c7b0af

                                        SHA512

                                        bd40fc5fb4eeca9e1671d0a99a7ccd1d1ab3f84abf62e996827a60e471adecf655b5ed146cdaefcb82d29c563e4eeba7c1b2da243218cbca55009064dcad1f21

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\MicrosoftEdgeUpdateCore.exe
                                        Filesize

                                        260KB

                                        MD5

                                        64f7ff56af334d91a50068271bed5043

                                        SHA1

                                        108209fde87705b03d56759fd41486d22a3e24df

                                        SHA256

                                        a98505367c850b6ef6d2df68d24d83643767a6fab8f0dd22cc60509b3363ce51

                                        SHA512

                                        b70c1d2a26f59e94b31beb3151f69d7eb9de8841399b618730d94263cc5402f391cd5cfc6621c8666e5e073e6f8c340d6fd3511f1cb1cbbf6ee75312598f56d7

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\NOTICE.TXT
                                        Filesize

                                        4KB

                                        MD5

                                        6dd5bf0743f2366a0bdd37e302783bcd

                                        SHA1

                                        e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                        SHA256

                                        91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                        SHA512

                                        f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_af.dll
                                        Filesize

                                        29KB

                                        MD5

                                        3cd709bc031a8d68c10aaa086406a385

                                        SHA1

                                        673fbf3172ec1cee21688423ad49ec3848639d02

                                        SHA256

                                        54dc23402365407bff46318ac0c8cb60c165988f4159a654b5d6013e289f888e

                                        SHA512

                                        04e51aeed7c535616f1db7f92841bcda2bc22f85eb06a7ffc5b626f9f69be0219a042e8ae4a486a2f753b7f65901a082b81f5ba72113d9df9ef123b32367d7d6

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_am.dll
                                        Filesize

                                        24KB

                                        MD5

                                        15abb596e500038ffdf8a1d7d853d979

                                        SHA1

                                        6f8239859ff806c6ad682639ff43cedb6799e6a6

                                        SHA256

                                        19509364513e1849ddc46824c8b3bbc354bfc4b540158e28e18abb10b8537dda

                                        SHA512

                                        c4642146979700898ad3adeb0160c8e9d7bb56c1e224a778d400764750c9d9cbd7c4ee52bec0853cc0e577884515bd40a1b0fd643cc0b66b56d472e0bbb1c23e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ar.dll
                                        Filesize

                                        26KB

                                        MD5

                                        61c48f913b2502e56168cdf475d4766a

                                        SHA1

                                        2bf4c5ffbfa6d5c5eaf84de074f3ad7555b56d5d

                                        SHA256

                                        8fd703a50d9cb19e9249cf4a4409da71104c6a16475b9725306cd13c260cefd1

                                        SHA512

                                        d8ba17df865bff6e2785986d9a8310ec7b0e530e389bf7baa719e95b7effa84b58c7102d5f9711fbaebdd2bbcb3cd66760f9eeed92c1aeef06b85d3724028d2f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_as.dll
                                        Filesize

                                        29KB

                                        MD5

                                        2ba6aaea03cf5f98f63a400a9ca127ab

                                        SHA1

                                        807c98ab6fe2f45fa43a8817f0adf8abeec75641

                                        SHA256

                                        509cb950d7f5d8f99adff84e6e381001f14571529571419fd5452b48e24c7291

                                        SHA512

                                        d4b91512b586dbc1cd0c63aaa7bf82900ba80de2b3e265b0200f0a4e2bf0c0a3916675fb72f9bc0b4eaa5d9cc07ade94c8210ad2156fea6d3d2416a5cbf98c24

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_az.dll
                                        Filesize

                                        29KB

                                        MD5

                                        d624c5abfca9e775c6d27b636ca460c4

                                        SHA1

                                        8726c57cf5887367c8aa32a1de5298521d5fe273

                                        SHA256

                                        7023866e9644a1edb50f0f388bc3f2aeaab561822e6b7d75ec5c66b151f126c0

                                        SHA512

                                        92d0d5605336c329359f7c4aa7eeaf972f21877ac61f377e7a2f3c6d66f5d6882be649b765e4122043212381034b4131d44ae996dfc1df4a2e248babcb076c30

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_bg.dll
                                        Filesize

                                        29KB

                                        MD5

                                        6ff52c5cdc434e4513c4d4b8ec23e02d

                                        SHA1

                                        56b7b73e3cf2cf13fa509593f7c5aebb73639b83

                                        SHA256

                                        414269530f9ecb045e2049266ee0b58df99ac37de75e0e127899eb3218371555

                                        SHA512

                                        adc3b5593a69dcd0a894ed6bc1160fdbb0d0e9e96e83ca4430ef28e9115d6023f54f3e3fac3cba1ff4497e486991dc4e7e40c7b75ce7796a5044f1ccc5411371

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_bn-IN.dll
                                        Filesize

                                        29KB

                                        MD5

                                        c52c76a02dbfbadd6d409fcc9df8dd16

                                        SHA1

                                        d406010ac12ed41e6cdc75eaa2daa231a1d6df6a

                                        SHA256

                                        91843e7eb2f1a9e14f51f2b552d8390cf7846b4406b97ca98b105beb40fc461a

                                        SHA512

                                        28b24bbe03f79a7e4ad51e0e15a664cd783b527255ff0952d43086071e494e7e45ae50d8c378f69abb22942eda2e8dcf8421e2922dcff9ff9cb851745750d2ee

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_bn.dll
                                        Filesize

                                        29KB

                                        MD5

                                        eea17b09a2a3420ee57db365d5a7afae

                                        SHA1

                                        dc43580f87f67a28c6fa0b056f41c2c0c98a054e

                                        SHA256

                                        b86d6df0b608cbab18ea53c31a9a17c09c86e90e8592f3269af0517c9756c07d

                                        SHA512

                                        53a199b1bd82ddde65fd6c9bb007867bfa3b2c39e07817a7aff39b7596f00a76bc5dc23687c7fb41b75b00b30ddfdb38a76c740c38bfe41dc21e1fa2d698469f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_bs.dll
                                        Filesize

                                        28KB

                                        MD5

                                        1a3815be8fc2a375042e271da63aaa8d

                                        SHA1

                                        a831ce72e5fe3c9477dee3defc1e8f1d3a11aaa1

                                        SHA256

                                        e753e2315e26bc7b8334077846dc91a85fd89f1e483b305af8aaac5b596585db

                                        SHA512

                                        9642fdc3cb49c6d0e4b1c4e1d636007234b126f48da1fe77f586cb8f9403bdc786b54d4bcdbc6175214b7d06a1879f2c809d3fb7e1b920ab36b29a12afe92fb4

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                        Filesize

                                        30KB

                                        MD5

                                        253afd1816718afa7fd3af5b7ecf430d

                                        SHA1

                                        36e9d69eb57331a676b0cb71492ab35486b68d95

                                        SHA256

                                        53325e46247a616a84442abbc914b8fa08b67800ab55d5625e43a58b19d44767

                                        SHA512

                                        649b292b80dde95c195b968b51dd168f6f5513b179a35832b5e759795f04e6e6f326a34f6f7db37d12b8c322ccae197455565491c2484b8237c82e1bb2e77ad6

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ca.dll
                                        Filesize

                                        29KB

                                        MD5

                                        7653243e1a6fbb6c643dbc5b32701c74

                                        SHA1

                                        fc537eccc1da0775d145b21db9474ef2996e383d

                                        SHA256

                                        9df1383dfa81c5064acd9130555dbaf2e7413b6e2bc72b1d2340a6013387061c

                                        SHA512

                                        d7834c02a3891afbba040c943ed4255041a6c241d76ac138ad0c04baf589aaa355067395c606e910ef6b91d64042bf9f5c39bd01320d9eaf4ef850a24c17d1d8

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_cs.dll
                                        Filesize

                                        28KB

                                        MD5

                                        a2c7099965d93899ff0373786c8aad20

                                        SHA1

                                        cfb9420e99cc61fb859ccb5d6da9c03332777591

                                        SHA256

                                        1343867f317fe3fc5a2328d427737d41964188aba50a9739fd0ec98319fec192

                                        SHA512

                                        d2d1cd41bc425a1aa4c491d65ba9c4ced9dcb600f1d60af76151216f8eda310049002e5ca360d1df8f59d6334ad87b950c67a20a6d1c7f8a2ea322c9980b6a8f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_cy.dll
                                        Filesize

                                        28KB

                                        MD5

                                        8fc86afdc203086ba9be1286e597881c

                                        SHA1

                                        6515d925fbfb655465061d8ee9d8914cc4f50f63

                                        SHA256

                                        e8dfc22e5a028ad5d423634bf4ed96b90841fda6ff69c35469509f9a988a3269

                                        SHA512

                                        cbfcdea1b4cb5f404553ada87de1240a3746306563f5f200582a21be656b43c0a0e5dcf25cd5ac49bbbe72abcf8147e62aa8a5e0a810bd6fbc7a1eab3e6029eb

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_da.dll
                                        Filesize

                                        29KB

                                        MD5

                                        414adfaec51543500e86dec02ee0f88c

                                        SHA1

                                        0ad5efb3e8b6213a11e71187023193fafc4c3c26

                                        SHA256

                                        32684d2337a351ba37411962710983538341012e6526a9129161507aea0a72bd

                                        SHA512

                                        fddc2123237a9357667bbe6b91f93b5a9ba276533b9c16d98adfa01045fca375a7aef5cf83e175c55382a387a16062661a4797da81f39881ab379c7863e2b054

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_de.dll
                                        Filesize

                                        30KB

                                        MD5

                                        d263b293ee07e95487f63e7190fb6125

                                        SHA1

                                        48020bb9e9f49408c1ce280711aa8f7aaa600fe2

                                        SHA256

                                        c4a3198c15489ed873dde5f8a6df708cfc4a6d8722f3f1f63793863098509af3

                                        SHA512

                                        69a851e77124e55f3ee4e3fde169f647731a514dfd16a22013a0ea520b9d6eb9f2aacc9c48a2a812eb8285f46db1a27d196c409587f4549f4e122fdb59ffe1b6

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_el.dll
                                        Filesize

                                        31KB

                                        MD5

                                        8708b47ba556853c927de474534da5d4

                                        SHA1

                                        a60c932bef60bef01e7015d889e325524666aeff

                                        SHA256

                                        720074fb92fc405dc7a5305e802e2ecb7d948de58c814b0ebb2c02a0052a6894

                                        SHA512

                                        58d7f419b26a95c986009af9e235fbaca67bf6b1883d8c586c802262fd9fbeaff56b051bf8de8e26f2e4ddeb803bbd4f87c84b1e02f5a43b6614231c59ab258a

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_en-GB.dll
                                        Filesize

                                        27KB

                                        MD5

                                        511646c2809c41bcea4431e372bc91fb

                                        SHA1

                                        5b83f1c9de6bfa6f18ccfecf3190a80af310d681

                                        SHA256

                                        719a5c47d3452e3dfda300788aafeba963c588cfea31d1fb1021f846bd6742cc

                                        SHA512

                                        0b45cadd82dd534ba9d4556498817c712bd608b645faee74034c8c48cc39c13c0a8530826690a5c5ef42eb36e3f15f3b97e75625eea8902f12c21291df4cd211

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_en.dll
                                        Filesize

                                        27KB

                                        MD5

                                        ec991a4becce773db11c6f4e640abacc

                                        SHA1

                                        298b5289e2712ab77cecfb727c9c8d47740f6fd3

                                        SHA256

                                        800fc7987f7ac32267e84122eb94d8a21b83c481c2a34b03d832d57debc2b930

                                        SHA512

                                        3e6066cb89abafe963337bbdc371b941ac21b69ceaa19f394512c84c0c06ce9d03141a146144d24172ab6e94f5900071b5b3f38c49f3a079c03bec24bd0418ec

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_es-419.dll
                                        Filesize

                                        29KB

                                        MD5

                                        9309baaa10c227af2773000a793a3540

                                        SHA1

                                        55032c43f7a7eafb19bca097e3de430aad3913a4

                                        SHA256

                                        a35fa7145fd3bfbc0d71cfe1bdefcb506cd02f0939dbeca83644978af8f896ac

                                        SHA512

                                        21a05fe75d6115a7a49e779c9156ec25880393b30f69fdb80dc0dbe1c3bb401790c8e62525c0e6625b141cecb970b8d650527d73d2d86afa5056177957c44c24

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_es.dll
                                        Filesize

                                        29KB

                                        MD5

                                        1c48f6a58fabc2b115dab7dccfae763a

                                        SHA1

                                        c60db12b55074013293dd332d2736d251beaeb8e

                                        SHA256

                                        0f6775450c40baea4e72d1eb45cff7c1daf2ac1210006bf7afcc91975467c086

                                        SHA512

                                        a84a0ffba4f389698941a497ca6e63c6c632d2eeca788bcf970ea35f1083076950b59b9baeecab7ae17d06847f4675f748cc25b904b03f679801dfb3e2755c13

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_et.dll
                                        Filesize

                                        28KB

                                        MD5

                                        d591a3987492132f6ccd7968a8176290

                                        SHA1

                                        78a79e0e3935dee509938c9a3b095ef486283793

                                        SHA256

                                        02380099a6a942004b0b0042f071108f4896884d19ec7c4cc1264200a8e0aa6f

                                        SHA512

                                        7487a0e63a17cca85a127c8880e33c30fb192fb83bd05dad67cb4a3b9ad6ba84b594194f7126acbfb22ead2c00d3bb776557a0fa012ee1b7d43d88de2c7eabb1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_eu.dll
                                        Filesize

                                        28KB

                                        MD5

                                        67624d2a8017a9c5fbaa22c02fb6d1b4

                                        SHA1

                                        b39c26cb632d6e9cbdbe6f0490e80c11a94782e4

                                        SHA256

                                        eb0033a91d64a80aaa66bd088692a8d089169524253b6286b5604ea1aaf0bc8f

                                        SHA512

                                        f2fb8edb244d781a77c67ab85c40f0521ee80f0349ce897860542b6f32e134043afdccd50cd17e86c234000493f5c3b1b75950d1eb12e4d088b9fc7e012f06d0

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_fa.dll
                                        Filesize

                                        27KB

                                        MD5

                                        0b3cbfb6bc674960c6da5c47689e45d0

                                        SHA1

                                        f91aa435a0bb4fefa3f7568d8f7b0e2022fc95f4

                                        SHA256

                                        eca2354e58a321a78bcb21c24beefa050758c08e86218c55c12434c8ce715942

                                        SHA512

                                        3a0e819ec96ec05bf0eb7119687be1a408330703a3c888e49a19fc0bb8ee62f45b1c9a9f24d7593e0355177445e566d6cba62d0b7d437b139eb08b274d3bf13e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_fi.dll
                                        Filesize

                                        28KB

                                        MD5

                                        73650ec3b5bf0ac418d06ff2cad961c5

                                        SHA1

                                        5580915cc24402c72c49834cd9bfbd7c845de468

                                        SHA256

                                        6817e994def058448407b6320f325f75dea6e2e561ffc747d0486a716d08384d

                                        SHA512

                                        c08b069993790440f1baed5fbfc07368e9564d9bf0c16007968569b433b0b18ae6e8184f3073d522e92b6a7b4454ac21998b8f4fe80946273710097c659e2639

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_fil.dll
                                        Filesize

                                        29KB

                                        MD5

                                        6f2865bdc505a8216aadea20c0a0c6a6

                                        SHA1

                                        a93b8db9aa8f2b2887ad43fa050f98584e3db06b

                                        SHA256

                                        95b158fd84806d0dadb3d9a90f7b8a78040c1ecee5ff4dd266d407848c9f3a77

                                        SHA512

                                        fc9ccad02d6c04e6d2e76b06d5cd60c486b4a2ffcca1cdc638cbeceabfeaf258c8dbcd5ea7fd3f7e2d288577c90565de7005c88638531ff24bfbaf2fba704c69

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_fr-CA.dll
                                        Filesize

                                        30KB

                                        MD5

                                        93aa56aa0165d137e497c4b77965a6b5

                                        SHA1

                                        5e1396c24c76dcf8dad5d97e57cfed7372e7b8be

                                        SHA256

                                        aaeaff8fae26262cdb2ccf1faf84bd202ff2a90d9fc95575770bc53bccee2c54

                                        SHA512

                                        adb8e9aaf493a62a930398682522b8e9411a645d85493ba4e601d6f4eebd48fba982c6df8c5d01a78cc135d03bd3aa912fb71c3c8e26d1d99feb898e0a422a42

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_fr.dll
                                        Filesize

                                        30KB

                                        MD5

                                        a4aa60f4891441bd2522d577f14164f9

                                        SHA1

                                        19f8a517c449b65967a1ae8b1b6a7f492ad0199e

                                        SHA256

                                        7768c2b03810cdb491986f349992d32717c4c14df6266d5f70fa89aeb01c5a60

                                        SHA512

                                        0a26fc4bddbcb0078f9ad0c5c9417b74f7c30c6a20e1272edbc20a3b0db29ea17dbc3c9224d2f131570444ce4fbf6f20b0b96e720d2b53c882b8735f444091c5

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ga.dll
                                        Filesize

                                        29KB

                                        MD5

                                        302403f155be43251104dadaf07f1c1a

                                        SHA1

                                        2f4a21b1e7aed5792b269ebe7a81dd29c3a6182f

                                        SHA256

                                        3b6dd91cdb5cd4abedff8940c8a9e0f38cb3f8c49084ecbfcd59b788229f3230

                                        SHA512

                                        742c2bd0cd9bc7fb75ee1fea45e434fcb40aed839f2854e17267382278269dcca640b3599823b0e4d04350bef0a0450bfad627586ee49f031d1922d73bc74fd9

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_gd.dll
                                        Filesize

                                        30KB

                                        MD5

                                        47fcec572a8eea3510596c079c431412

                                        SHA1

                                        732395d8698191610bfb751e1466a868bca9b839

                                        SHA256

                                        4a8c39680f188b75691e80ab5938e34aff83639c06a9722e30555c1cb8a927c7

                                        SHA512

                                        1f18528128b6675f51a91c137e328ea06009636ef5c1970a8a4816437f445bdbf96428a3d310b04cfaf61d0a4adea7a4efd4f9bbd4dadb3f320366f39e40fc7e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_gl.dll
                                        Filesize

                                        29KB

                                        MD5

                                        492d2c11ad558129c9c687641bfafb33

                                        SHA1

                                        c713926e13f062106937419975defd7e69228b35

                                        SHA256

                                        0879c36a3c750ac9bdc4d73ed0ffb23d9c67e6d486291d56d3c5bb60073677c4

                                        SHA512

                                        08d0e4664f07f05f3dea2dfa3d64815067b41cd63701b948b43016369a64151ae515f8c877460037b0f5306c8b080756321d2d6195fd392d86d0e9cc61bc1856

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_gu.dll
                                        Filesize

                                        28KB

                                        MD5

                                        fae86d2dc9b09f0d8c0192e2bb53d929

                                        SHA1

                                        e5d0dc95449d533785367d088ef5a357ebb7dc08

                                        SHA256

                                        5d0f9f75e78fa5c0b0bd2406d6c671675492d92d3dc2515314bc79ba3132e540

                                        SHA512

                                        01c7ae01172d98fc6cbc92510b2bafdc56f794f290139e3bf87952bc98b27b338e31899dafcd36f965e7240133183c5dfd6cf6085468fa779813121a27d7cbbe

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_hi.dll
                                        Filesize

                                        28KB

                                        MD5

                                        8d88faed698fbd4895ad6786acdea245

                                        SHA1

                                        88cea6fe82ac4970a2dafd971277d458b5aef61d

                                        SHA256

                                        c1b2203965c8fb10f6faf65d591400a2da7443d0cba36aa8bde147e1ff6aa0a1

                                        SHA512

                                        0a6eacb240a75135a7c651e524888462be350116ec19522c079fccca31a26904266e38add42eec5ef1036dcaa05ccdf9faf9d3b91923018d1aefbe8d63d1a27f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_hr.dll
                                        Filesize

                                        29KB

                                        MD5

                                        d9f0084ca7d58e6cbc12b7111b9f4be1

                                        SHA1

                                        e96bd472daffd3569551f15eb602a7ce66da8935

                                        SHA256

                                        2d45ff287b4dfe4db12cf83a88ddca14b560d991ef28dc6f5078b44d2603fd90

                                        SHA512

                                        ba7e017b6cfb11a7e1f4a22c28ac8b4d4dc571a91c32ab6d63a87ef9dec334fee0062c5c764c662b6f8f89b80758a7dc1781858d0455ab3eba455c8d83134418

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_hu.dll
                                        Filesize

                                        29KB

                                        MD5

                                        aace1b6afd05113ffe736206e32e8544

                                        SHA1

                                        48fe1f61e565f99ecf6365ddc6c2c24b2f38db5d

                                        SHA256

                                        e395b29108a3a93fcf7411311d4f478f847f0d8337d4a2cefd64ae6bbfd21110

                                        SHA512

                                        be7ae77ce69e6ada5a6169a0efb858723428084f9b7818482f2eaf7d5243d24b9c8131ea01e3f94cc9766d7462e5dae0ce5437247907f764ecff011c866bfd81

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_id.dll
                                        Filesize

                                        28KB

                                        MD5

                                        469423bc5ecca0db996ad9fe789fd58e

                                        SHA1

                                        dc68d62d25ed917f836036911efd5067f9062c18

                                        SHA256

                                        a25d798ed22ad51682aa90f66e5cca638ae095f4141eba6ef7ca45eb1ef217f6

                                        SHA512

                                        360717c97b2f582843de19d819a5dda2cb2f8090c6542c0d87ae1a27cbf154cfd0b845d7f816ca236e65ce17013bb8ca640a5af2c9e5fe4fef05e94405491df7

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_is.dll
                                        Filesize

                                        28KB

                                        MD5

                                        5dbbd22cda9cd2e19aae769dc7b083b0

                                        SHA1

                                        53fd1812647e5e413531d8e67e7970d3e22dac03

                                        SHA256

                                        973c96fdecc4a157782414eebb1b17a94b146efe1a97b707043953d0ff1d03aa

                                        SHA512

                                        774a5873117c98096e8826f7b03a8ddfd2cd7a1f815ee855a591f86f68bfd6bdf537ed49c9d4094fe931aa592da3eeefe0ded3625a9b811aa2a55a129dd7d9ec

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_it.dll
                                        Filesize

                                        30KB

                                        MD5

                                        2f7b11cd7db9f173d040519ef0336ac3

                                        SHA1

                                        95e753d8bf61ef56dba6807bf730a42d390da401

                                        SHA256

                                        8f7b44e60f4450655d963cec393fff3fab4f283672a8dbc8109d1ad967671171

                                        SHA512

                                        ea60bff57fd53ab2cad475d753066d108c2108e41e7e4abb6b1bca153d04e07dfbba386ba73efe9b8a84032c9bb4b35b3c655280b43ee93637c5b388d1dd187f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_iw.dll
                                        Filesize

                                        25KB

                                        MD5

                                        54519f24fcf06916c6386f642ebaf8a5

                                        SHA1

                                        2a33c7770c49bb3046a2a78a0457d6dcb3a23f02

                                        SHA256

                                        1b0adf22a09097ce9ac5d102e0f102e6d3f2238c21b6d38fbec3c269bbf87c44

                                        SHA512

                                        704684c706c9a40cdae8a68615a8a9782b29d177bb5c58e8c01e37c139296d6f1d48a446ec211d746aaf341b06a9148e246dd79b0a8a9098de0f66c68ae74eef

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ja.dll
                                        Filesize

                                        24KB

                                        MD5

                                        12de274382418dd99d1125101d1d63b6

                                        SHA1

                                        4a9b0be76a7136f3b64c7bc53724dc2acc798c23

                                        SHA256

                                        7e4f333b20f272bd86182fb3fa191e8ac6bc84c301e28886edbcb92e6e5e1eb2

                                        SHA512

                                        9b05f97ca079d30560b09ca22efdb314dc7e36cf601d672a260f4c064d7841776891374a18d8ba1fcb4238fb854187b95c2d5643f428277e076b734ff477267c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ka.dll
                                        Filesize

                                        29KB

                                        MD5

                                        e0eacb57da5404523e0351b0cc24c648

                                        SHA1

                                        49ce11a94c2751b7c44914ceda1627fb63651199

                                        SHA256

                                        1a269d41990cc81b01b77f0981ff4e9ee31fab50cbe9f0ef437044b40ff72c79

                                        SHA512

                                        735c37d267091491f55d80837bc4879a7a2d6dfaec6c3d2873770cd7706a39f29672eefa2f8a27c6038f84069517a8172cf929f48e637a9c65803e5f49525d54

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_kk.dll
                                        Filesize

                                        28KB

                                        MD5

                                        f1c5f5604f5c2c0cfdc696866f60c6c3

                                        SHA1

                                        25643fc3eef898f4288205c711b693daaf8e78ee

                                        SHA256

                                        e46eb23160f9e87a0d5aab8fee0e1d1aafe7299964864a2c59e9b9f718105406

                                        SHA512

                                        0b562af8b178af10af225649e6c043bb848cfff81a5fa19cac9614eb8f793a97de25aab302bba69c7c35353dfd62baa0cadcc3635c773be1fc10d180241dab44

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_km.dll
                                        Filesize

                                        27KB

                                        MD5

                                        64ad801a1ae3d24396147603cd5e8b41

                                        SHA1

                                        e9bade01b12321017c450990294b40232c3f7e92

                                        SHA256

                                        43dc5c7067bf4af7e8b67b472ee73143b74f4e65efa51e9049476b5bec568645

                                        SHA512

                                        37c761400fbade30b06cbb036a288fa9585ed2e067834ff62230097151a4c923118811a79b126a775a15f08238fc957582b3ac41c30d2834d2a7d2ca6dd449a1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_kn.dll
                                        Filesize

                                        29KB

                                        MD5

                                        b772db9d925f936765055000bb2a4467

                                        SHA1

                                        3c85a28a6dc67e376cb72e25064a5e775b8fef87

                                        SHA256

                                        df7dc4e535280090722edfea9f3de3197d1e35d3c8913ecc33285aeb00977e5b

                                        SHA512

                                        00c732875c30a4d8dab0582fd9255d9963fdeb0e334f75394b6992c9a0620a7a549ef58076f75bc13b41855b356db08b49959d65695ae859b64f4c3caf6c4b0a

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_ko.dll
                                        Filesize

                                        23KB

                                        MD5

                                        149ebf8a4922f050b73f3fb40519d0d3

                                        SHA1

                                        141e3cff4b20cce5e3d667d9b56826a5947b040d

                                        SHA256

                                        6d42d10a0e2f8cdfcc5fedeb52ac351c2a28e80d2e9e4c59b5a68ff5c258f418

                                        SHA512

                                        65b5488070c58b5593ba8415c3d6834a6aa7bd17f39fe8120b509762860a5386a1a2a975b740bbdd9abcd3477e6ca9bc98eb35ea46cb148eed0527f504f1e737

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_kok.dll
                                        Filesize

                                        28KB

                                        MD5

                                        b618d09cdf4473a17d9041fdf3309682

                                        SHA1

                                        7a36cee82849e2beadc82b88640ad25bf6eeb0f6

                                        SHA256

                                        cf5af46c9f3f5103c291b80754703d7c4f90a34b5a178631b6b018ae737608c7

                                        SHA512

                                        788adae6cebf5cbb8502453655f4e09ed22b8176bc071e4af5e82cc52ba34cc11fc6a60e1e5085a6ddeb7d16e4f342c991125c08dc6b1e7b630f65b4a567d346

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_lb.dll
                                        Filesize

                                        30KB

                                        MD5

                                        2098457eb957f51e0a4d01c0f7742483

                                        SHA1

                                        5259907d75441a249d7831739a3e425de7a95fac

                                        SHA256

                                        aa0b46a2131033a170b893e95a2daf4fc66d0d9bf30dca2e6e22a4aabab51b51

                                        SHA512

                                        a014dd1e4d3433c9eba9e98cd3b491a4b9e227cf414d37cae197d5992c57d4583452a1676828b0a44ece02be373dd2a44f6708943c3b6aa1a99dedea9aeb832b

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdateres_lo.dll
                                        Filesize

                                        27KB

                                        MD5

                                        f05c5afd8fba163d63a0eadc15ead729

                                        SHA1

                                        37a09e16164761234dbb12a0ff05051d21dee28f

                                        SHA256

                                        8b9e0b55dbbeffb8cfa9b14cc172e8257597aa52414acf6e08392fa5aa1bce70

                                        SHA512

                                        44d469976e09694f12335b5c66f49873c75d5caa181b1bb2e0b2cc174c630143cb3f067c5937e020794cdd2a940d86e45ecd8672fb44e3c4a20193c41aa43f4a

                                        Download Submit

                                      • C:\Program Files\MsEdgeCrashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        3c733cc58757d7b5b2abd34b00a14812

                                        SHA1

                                        aa0e6ffea5a7dc6ca8127c327c14f7121e47c83a

                                        SHA256

                                        2944f57d088694e6643c13214a0826a22d07adc94fc15d12ef7e5c87902c426c

                                        SHA512

                                        a00b5eb81e8f44ccab76170567f436edc8c0a10f1eca8b19033a87560888affa14659cbbb3639118ef1fdaf51b83af0f75ebe1540ed97db1f198941f55b99bb5

                                        Download Submit

                                      • C:\Program Files\chrome_Unpacker_BeginUnzipping404_163591275\keys.json
                                        Filesize

                                        6KB

                                        MD5

                                        bb86e4469b9c5ea6baaad91546cbf4b8

                                        SHA1

                                        d210117dad7ece681e361c6954c9649c22a3fcb5

                                        SHA256

                                        e89fe09a44987c549ebf481585ea1ba508c4595230ed1cd91b31b9c30fc10737

                                        SHA512

                                        bfdc722e92d3e821a9efb897bff780373fcb2624dfef7a7706ddc5c82fb2740527aa5050dd8c3c05157ad9229e57dd54f5af2e66a25ce4fceb1424858a4f1aa0

                                        Download Submit

                                      • C:\Program Files\chrome_Unpacker_BeginUnzipping404_163591275\manifest.json
                                        Filesize

                                        79B

                                        MD5

                                        fe3d03203a2336b462933d8b285d7ec3

                                        SHA1

                                        04503d737746bc3caf0df0e343ac443da46ee0ca

                                        SHA256

                                        9569f61631720c376f3bab7c0d78b985c8babb06ccc302ac96eefa3ab35a72c1

                                        SHA512

                                        8a9ee8adc3395d54bb5cc100387e45d3c49afb75e648f0844160a700386bd669f76a36f4152a418128ac40700c5829403a8d746fd80909f5f1b0baa04bf6d696

                                        Download Submit

                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                        Filesize

                                        16KB

                                        MD5

                                        9e2f5affb23eb384f8bf13fa3debf13d

                                        SHA1

                                        5cd8171950b964688a7377266b39181c286a5ac8

                                        SHA256

                                        e616f84cdbfaf07cdb477956649a5b2a9702654b35939307d638d25a164c275a

                                        SHA512

                                        c5dbe5e851f554959ca159e0e4eaf3eae037d6e9b50e732046f814208269cec522c1ec697c384dcc88eddbae584fff0047cf22848fa0aac88b0dd55299577599

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
                                        Filesize

                                        74KB

                                        MD5

                                        d4fc49dc14f63895d997fa4940f24378

                                        SHA1

                                        3efb1437a7c5e46034147cbbc8db017c69d02c31

                                        SHA256

                                        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                        SHA512

                                        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\32170
                                        Filesize

                                        99KB

                                        MD5

                                        be80673feb846190635e9d265b694ec5

                                        SHA1

                                        24e89197d5a48244ad8dc58858156f836ce03b2a

                                        SHA256

                                        104cb2fefedbdc7e5ac1639110055468721413e7b3bbb5b2ba243ba8dbe2ecf0

                                        SHA512

                                        caecd29f049f0063c0cfa933578f6a6bead21447cbef12233403fa5376c775c29ce2347c1a965e590a11a55fa91acd2f687c96a58e38e2e9d0ec43a1aca86691

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\506
                                        Filesize

                                        15KB

                                        MD5

                                        4f07d9cc53ccedcae558bebbd708d7de

                                        SHA1

                                        29a5a1e3261d52cad0ea284b98127422b541ec8a

                                        SHA256

                                        eefb2870ad12d991639ae7a293449917fd5c13fc45e0147c4d958471411d55e9

                                        SHA512

                                        59234effdba1e5b6639291e552dc3b69dd2c283af724a39d685959ef8e734ea2840d12bc99130fdeb318c58d0a66997dec5fb061a343e34ec4c3654dc3c91cf6

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\6890
                                        Filesize

                                        15KB

                                        MD5

                                        133fd4497230854ae71ebd459e580138

                                        SHA1

                                        6f55b9a1767902b578bab0e3958f0690cff8e6af

                                        SHA256

                                        2e7da02d474f5b742337c89376019143708edcc25e19d9853af91389f665edba

                                        SHA512

                                        6323fb0a5d5003bf626ed63f4046b520ff5b43bdfc261c703c3bff9125e81aa016fa0f3c6492b2ffe1e6f54d2433b8b50aa5864a83fb2458aafdb6777298b168

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\7315
                                        Filesize

                                        9KB

                                        MD5

                                        34b01213237b1de0c670a90a023ee3e2

                                        SHA1

                                        980c0d9fdaff273369c965c3a4975d25d5fc06e3

                                        SHA256

                                        705c9e2d36ab77f655aef128a4c3dbc1813ac186d1d87f6043c4a245101b0a33

                                        SHA512

                                        13c805e70840c54391c27d9ba872fbb9c3ea0b310e6c564576181c21b8b0c5e60bb6952317c4a1d6db286cbe8af7c5c7a60f254569fc1cb66787524374ded7df

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\7876
                                        Filesize

                                        13KB

                                        MD5

                                        2792a25302856ec3c195589da4840203

                                        SHA1

                                        0afb1aaef34ae4d539591285367320c8a6c5f27e

                                        SHA256

                                        8ee675ae096ad222bcaf2611572724d218124b15b209870d04775dd791f280a6

                                        SHA512

                                        89c11b8fb1c37eb433aea8fda63744f7b04d9b58da3ab7850a4330e0a4708ff7368e54ba481220f04b461f32ac2a69ca417a12fe8b0230554d9a5b8f343d7c5e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\DBE06BB4945B21647DEE613CC77274277E61A7A7
                                        Filesize

                                        218KB

                                        MD5

                                        8dc001c732af48e4c07dec636438c942

                                        SHA1

                                        bed9f6b8480de8c37c9ea0ac8376064566a01ea4

                                        SHA256

                                        b15b6f8c6fcab9398fb4f6566b0b3c81791bfd5357647f00ac9f8375971d8de6

                                        SHA512

                                        b37a2546e2f88ddba8f30448b54c0102be37103039f82016e63060041b98354d83691971c5eca6782bc232db65d6bb0e2619eccd74956e50d5429d540c85d676

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PBGY1W0M\suggestions[1].en-US
                                        Filesize

                                        17KB

                                        MD5

                                        5a34cb996293fde2cb7a4ac89587393a

                                        SHA1

                                        3c96c993500690d1a77873cd62bc639b3a10653f

                                        SHA256

                                        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                        SHA512

                                        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF04C3CA0B0D8282F.TMP
                                        Filesize

                                        24KB

                                        MD5

                                        2e3969bd25a47c92a644dbffdef7e925

                                        SHA1

                                        d91a3450b3598ab9859729fa371d51c6ce5a8e39

                                        SHA256

                                        5a41c6faf1918b3df36573a620ee0b2a2ced0519541ffc06756bb7335e4d5047

                                        SHA512

                                        a91572456633ab4135c6d9ca35c53a2f3b5e2fd6300513aafc1241b6dbb2c1d0edc45daf4d6ee46628d793f4cce3a64499a9c4b7862b57a3171190b88a5a819e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GLC6RDC9\Solara_roblox[1].zip
                                        Filesize

                                        238KB

                                        MD5

                                        75823bdcf6e8ce3111c443d797264766

                                        SHA1

                                        9bc0e3168d26d9f35bfca0863799c271af7b7ff3

                                        SHA256

                                        577b31f0fd9bb13114c5fbb79beae2356617244d664570e8bc5a7a8f86dc690e

                                        SHA512

                                        10ed20840408e6512e65e4bff863f67569e924f3a29b03c006272c26af7192dd3f12dc169f22874d24e9dd582238c52dac47f02cb8f6b04646aa21a0d6128bf7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VXVDFK17.cookie
                                        Filesize

                                        222B

                                        MD5

                                        a7b554752c5605b40ea4e164254f3527

                                        SHA1

                                        0cbe24e231b4ab3cfffb5f1f1ccab0d24e7366f1

                                        SHA256

                                        6d01d08605894a1aa957fb86baebd77033067b3d039dcb6d68e69f2d561e0f0a

                                        SHA512

                                        ed9d9e0da7ebdb542deed0b4a3879ab09aa4023768f4d20da0f26ec7c35a066f4b5414d62583bad91b5f088d3e74cb937bfd7c87266c7a0ed8d9e80de17b8480

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                        Filesize

                                        1.6MB

                                        MD5

                                        2aeb55b75f68b4ea3f949cae0ceba066

                                        SHA1

                                        daf6fe3b0cb87b4e0ad28d650fc9a190ad192b1c

                                        SHA256

                                        22484fdf3008a593e7ca188863d423b8b2a345391120ed296ce8b156cfa983ab

                                        SHA512

                                        3b6a6d6c87b8d9ab06fac72fa38067df4c7d4385d37d391d7ad58a623215681fc0366621ce3ce5c08af25e11cc468b18844ea5f7c8ccb71473c956c29d20188c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_szrj4xtx.qam.ps1
                                        Filesize

                                        1B

                                        MD5

                                        c4ca4238a0b923820dcc509a6f75849b

                                        SHA1

                                        356a192b7913b04c54574d18c28d46e6395428ab

                                        SHA256

                                        6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                        SHA512

                                        4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
                                        Filesize

                                        2KB

                                        MD5

                                        d53db8ed18d68534878a944a98325f1e

                                        SHA1

                                        cbbc6763e922396773b51bb794864d29f607d808

                                        SHA256

                                        c87045b5512c5682b4ce157bc42fb8c670099be6b5a5f417da8af47a08a1caa3

                                        SHA512

                                        6d6ebd19e84dc1d4f33e89b880d9358dc1c2828d0804e0694f525f7363c57f391420b552a7ee06f813907cb49531833814acd0724765cfdbdf52e5942e39a7b1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\1bbe9d43-d505-4464-8102-4f158f330230
                                        Filesize

                                        746B

                                        MD5

                                        c26ebb4b1dbd319afb03422c98d14ad9

                                        SHA1

                                        56b0caa97f2d937153e6911b6ebe2beb7309844c

                                        SHA256

                                        f3485f6818ae8b13cc76ee1a30af442d19cebe26081bb5b5d9d403e6e51a1c1a

                                        SHA512

                                        c1b2ba3dd473c9bbbd1ae41cdbe91f20273f0dcb65111751892fa00191e0dc41c65a03d75b658ab5a2a0e301222c969cbc83c010077da04d897d44d3edf90e2d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\f63ac7b1-1a73-4116-a7b7-71a358337df0
                                        Filesize

                                        11KB

                                        MD5

                                        12bbe3534043caffa811fb2f3c046b5d

                                        SHA1

                                        42b33cc3c7bd1a72423a6654ad83109db2aca4f1

                                        SHA256

                                        64af84fda98c8c7e1ad7c4a91ce2e508f67e4111a4b4571fc9615a03a3eaae93

                                        SHA512

                                        a6a0ab6dc0ab4de81648877178309e6fa47c19f2df18e88e6e3820b9babcfb5a6ecba5026569f8eaea1ebac9c95e0335b867579cb834c7d9383f98f31d98036a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
                                        Filesize

                                        6KB

                                        MD5

                                        8d06ae1b4dd8f88331991e9618ddf914

                                        SHA1

                                        6be6db5571005379b1ad6ab28289601fdc44f801

                                        SHA256

                                        81002d9f22944b228b9a7706b01443ad731944eaf4f29d655310d67bafaaf9a9

                                        SHA512

                                        b1b5ac5c7b62199fa9ceb4e4f9032c0a38007bdce63bb1aae9915d0fb96306db1d1004a105d1b4e2818ddfb53367325c4e3fb3e84a3c92a6a8c1084956111d8c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
                                        Filesize

                                        6KB

                                        MD5

                                        65a9c187feb27d77c7a34de0eab6e598

                                        SHA1

                                        dd8bc95dfe7851281fe7415ec67c79856991b422

                                        SHA256

                                        60966ad8864c038683cf61d130183eeabdaed383adee161dab00d381a3eba8d5

                                        SHA512

                                        30abc30111c3c9dc19500ca37c716e63377ff388ffe03fbe36b07aaac6ce9b84f987662d08f77de7e7b61a2b8b784cdef4342d8714cfd318a3487d8dbb2b5ba2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
                                        Filesize

                                        6KB

                                        MD5

                                        6cc161010b2fd5fdb5710d706f550a7b

                                        SHA1

                                        acb4348e2c29edd09b2c1d0ce8537806b155c4ca

                                        SHA256

                                        39e0557251e0d5a40c29b0eb21489d2f8c09b514173a60221232c53cf1fd0802

                                        SHA512

                                        b8e7f1a465129f251c157f07a9b6cf5260b4b7d90f17e971f3e4a19251fbecd8de21482458f11787bc825c36e42dd212429914cb4e056a2aa153baa1e8597943

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        1KB

                                        MD5

                                        3341cd2fcc100644c550878368e19933

                                        SHA1

                                        5b9757bce7566fb5bfa9eef2d6e61db11e18b745

                                        SHA256

                                        d6b529fdcef8bd2e6df4faaad73e811da866929110ba6701b183b57f90d6662e

                                        SHA512

                                        4eaf462e3f6cb067d299792c03955a0f650c825399deb76ddc01ab620d4667e95a95aae9a9b901300d2967785c34708afd44058004c096b8c3194cf03b24c66b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        2KB

                                        MD5

                                        2b7164323c2c5c19be86cf38aea651de

                                        SHA1

                                        e5d05a8ac155eadf0dc0afb82da668a12671f2fc

                                        SHA256

                                        0414f88b1a5b35ea9fb9b4e119d1e753c0cbea0a0987d8c296ab5a7582aaafa7

                                        SHA512

                                        43011abeb3f2c541577597b5588ab14ed038409a16773aa523b255e22253749e5abd41776f1491c95532a307e2b43325d12487b98ccc49a3f10fd72545993c22

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        3KB

                                        MD5

                                        f86a603baee18c2365f9cb4c393f0c53

                                        SHA1

                                        0c6ea03d5e7f26c7003493445ef24c8c7ec6e361

                                        SHA256

                                        d5468eaa694a0a30f99a977ba7bad999c8d370c2ad54136edd4b77aa0d56f22f

                                        SHA512

                                        83aa5aebf905d138282bdbebe6f52fba5cd00ad1164987388d0de42500180169e375071e972f87b8377c18e381822e52ea6e9389347679847d8842b0c76c15c5

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        3KB

                                        MD5

                                        cf47e6ee249efbc14d6e143d5902d62d

                                        SHA1

                                        0761aa4c0e6db6f31fd0134720c535667e8f84be

                                        SHA256

                                        cdcf9d4c76c254ba32249eb06bab453958ee10add24b991bce27c7466882d15d

                                        SHA512

                                        5372e83f56f5bf7d4747f507fd3ac27026c286d0e4e00ddbf702d0d98ca16dd51ca9f0522d65dabe83370ff8be9f3d8f6ce080b962a19be62fb414143f50ac18

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        3KB

                                        MD5

                                        9b53bfb2a4a07c116866a9a1e4c7a4c1

                                        SHA1

                                        064b14eeca55d4e4d4195e2610ec7ca7fea00f53

                                        SHA256

                                        23c246b80cbe19bd0d480def640425819a2148331b3fec61154efa5f5b7a8c11

                                        SHA512

                                        dfc78d114a78882c7cf74708f45334f14944e0f26b6786adba554b7482a93f2f4f28e85013bd99801b1107dec56d78076bd74ae4844ae4b87418987189915c82

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        2KB

                                        MD5

                                        8de964f83646bfdf19bc61ebd1c30316

                                        SHA1

                                        19ff49e5b1b722c7f7d3cc0845805a4c54bf9de5

                                        SHA256

                                        5db0149e9a3aeabf38b4f27bbcba5361d5b24cf4f25a521eb475900e92cddeaf

                                        SHA512

                                        81aa56848d5730aba71a3427b1e642f80a1323b10864294c33ddbe3bc8b414446ba35bd42b684fc745cdeea288d586094f04142a8ce016dbc741e6fa740278ff

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.virustotal.com\cache\morgue\110\{44348886-5587-43b3-b42f-7ed7455b836e}.final
                                        Filesize

                                        49KB

                                        MD5

                                        85cca4130c90f494757b02210efeaff4

                                        SHA1

                                        fe93d9d6aa35abf1f9db299d860bafe753e8ed43

                                        SHA256

                                        3880c62c58a36314c998fb0912827e4e172ded10f34b50e73905ac15d287d33b

                                        SHA512

                                        3f582355962e2d07d12d07ebe5360c577eb49c4f1071e17c7b0d6f875d64cd4b7c7fa489c91a1ef65cd5e6ca5cd67e65a57122eb5b5d2f8712fde81839e7f0e2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                        Filesize

                                        184KB

                                        MD5

                                        0ed2663971e8051b2bcb574926400fa8

                                        SHA1

                                        467756bf41c377bdb07c8be10d5391f1df1d80a7

                                        SHA256

                                        0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

                                        SHA512

                                        e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        65991626068fea8d34d2ed6797b34e87

                                        SHA1

                                        b31ea8992db8b90795e1213b6d765070456631f3

                                        SHA256

                                        2056d56bd64199c9386841b14d3c535e62761c7367194bd36ba43cb7b9af2116

                                        SHA512

                                        039d42f4481e7c614ecaf7923a4b2ea09b90872b20a8d8d636afd7c0ffaca39999c8d55951a1dc096deac5e7f600670014562e72d47f8e593fd55cb5e7b73268

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        f46264fc658c032953d2d9c01e35a077

                                        SHA1

                                        8ac84e7e09a93d1fbc38895e1716bf5fd0b4e7b7

                                        SHA256

                                        928571488abc83deaddd2fefa4b07d9052e7710f4299f2d9d4a3441f0a04a70f

                                        SHA512

                                        322c6e4ce2f21a5ab2ad19c42d54892181f7047a4c2c2a8b6651f0e5ac7fdeedb119eded3f6faed0ac85abc3424572851dae006e69569a399955b17de29d824a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        adc5c6e65851b7dbb6aad99fd307f393

                                        SHA1

                                        ef9e406c54c5c73e5d4c03dcf46fb201f33f1877

                                        SHA256

                                        5808254cdeab3504b2bdc961d00565a18ad7d07a32240383ce4b148e706a062d

                                        SHA512

                                        e7cafac05c4f254e4b4f159f6cdadb7f4580733ed0cba73e591c7c4b39d9e28d10718abd12eeacd659c389021ef80ba41dd6daf987a7bf404154ddaaa9e9d8ac

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        192ca8cf7b850e7d08b8d5a973c35dd5

                                        SHA1

                                        547913fecf7fd76619e89644216789c8bec160bf

                                        SHA256

                                        9ca37b179fed8140e1200f62815e563a0cc69817da09ff025639837bd5c2d762

                                        SHA512

                                        217765d480bbdbf7662a3bede923dafaefda6fe486d13b9bb47d9bab4f822c5e2c8a44b524f4a84d6a1e7146cc9dae598262db1783bc39d2289fd5a465e2cdf1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\9d2bd53f-1175-4b98-bf12-c52b9ddc5b78.tmp
                                        Filesize

                                        6KB

                                        MD5

                                        b2801dca08523c3bbceea933d91913d5

                                        SHA1

                                        d0828eebad6709384005679c9614fea1fc371615

                                        SHA256

                                        f57849e8a2745f64649e80f76769f36475937793c1da4f69976fb9ad91ed0ed8

                                        SHA512

                                        43f3de204a257d1ff81cb6f1b044f7ac6f183ce97ad35bafc3de6d6b15a5c037e820cb1108d5e5a5546b0a1ea92212afb23217c4e331adf1fba44c56b543598a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        96B

                                        MD5

                                        cfb43d56695b6700f96ce2343a6b1a66

                                        SHA1

                                        c7d6bd47d8724f4e24f26f0cd77be3159fcaf51c

                                        SHA256

                                        ced70ff614a3451ea35ff39a0be143527ff14c9bd168ccd6c69d003d1f2431d7

                                        SHA512

                                        d2cd1606bc891374932c29b24e4d6c01c11e2969a2860cc63864f32a8c672536f2995ad4a291e6d5d0d80c697d9d85d0c4e1917f2a1e9311daa70d748d7eb42b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        120B

                                        MD5

                                        88eaa33f8e98eeb73a584a7035022da6

                                        SHA1

                                        a69ed1739ac82a07dae237c6cf66c232049163b0

                                        SHA256

                                        5aa895451f42df6093df8c23461fe0bc19cc4a5df443f9249d27d004023c73b6

                                        SHA512

                                        28f481012e43642ae309d9433094a44d11263693a41dfb9e11f622588ac07e06322af412b429feaafff1ae6e1ff08f0d48ffd015a9f1c1d902f607c4e327d58e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5cc3a5.TMP
                                        Filesize

                                        48B

                                        MD5

                                        98572ef77fff0dff080a139870997c70

                                        SHA1

                                        b8ef8e3926dea29c132529def49e98ab90c6f063

                                        SHA256

                                        2696fae3cb48526bb9d3b55cb92ffc5854222d43dd33110b8a6edd2755529dd6

                                        SHA512

                                        a24519d144f62acccf739fdf9124fff6b718ad6b5ab2423f35e9ff87058050d7586fd7ece14c13ad0268d52f543a3f41c3ce752165dc16661b301569a4142928

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Network\Network Persistent State
                                        Filesize

                                        111B

                                        MD5

                                        285252a2f6327d41eab203dc2f402c67

                                        SHA1

                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                        SHA256

                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                        SHA512

                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Network\Network Persistent State~RFe5d9a6e.TMP
                                        Filesize

                                        59B

                                        MD5

                                        2800881c775077e1c4b6e06bf4676de4

                                        SHA1

                                        2873631068c8b3b9495638c865915be822442c8b

                                        SHA256

                                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                        SHA512

                                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Network\TransportSecurity
                                        Filesize

                                        188B

                                        MD5

                                        2069e1a8234fadb0ef793181cc1e91d8

                                        SHA1

                                        be7901e21137d5702696e9e8ac7fc5271ff6a493

                                        SHA256

                                        1c48cad1bd9bfea5e22e065bb7c2f8aad9126b2c98d8c5d202df03b7b5238f05

                                        SHA512

                                        0be6a4b31aa4cc7ac846cb239d9b132634aba3ed8ced62ca9be7a996cace8cb6cb7d9e3378f77d9b496a2a25f960aefe4f2df0fa5f9154027fb615ce401349fa

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Network\a3b1acba-30fd-4aa4-bb56-e68a3eba3b67.tmp
                                        Filesize

                                        40B

                                        MD5

                                        20d4b8fa017a12a108c87f540836e250

                                        SHA1

                                        1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                        SHA256

                                        6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                        SHA512

                                        507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Preferences
                                        Filesize

                                        7KB

                                        MD5

                                        bd6761d821f1911c4af84c7c3841c9cd

                                        SHA1

                                        f2d4cb662acf4521fe54e70d52e9545663549671

                                        SHA256

                                        22870b289762afd7919073e3dff4a4df5196c148d537e5d623a66f8ab599d5a8

                                        SHA512

                                        7f1533b6276ed2ae9ba10be9306f2020f33abd736b4932084013d121b8c636fe79f9c82c182686999d7e66a331dae103c7e0935fba7ee1ddb8e89be33c96f561

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        ad0ab213ce9b25434ec368fb3aaf49bf

                                        SHA1

                                        085ad870422ec04cbf8da4d5ab4a76f0cfaec785

                                        SHA256

                                        60d666cb159e322264404331d3da6c826e7e52b03482c1a67937a60cdbcea9b6

                                        SHA512

                                        f9498f5bc93e3f67519944b4e63d8dc5edcd9924be56e62aa8bae531005fe7f8827d06c11fc0569d4951ee2f1c233a1235cf7f9d060953bf3dc51b655b4efb3c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Preferences
                                        Filesize

                                        7KB

                                        MD5

                                        fb8cc091536b6ccb7518352538079625

                                        SHA1

                                        4d10e068ef03ac93a104ef08cf8c211656d33934

                                        SHA256

                                        187f690b505d485a30061250586b80e26f916c979402f3ee62a8f984e3134d1d

                                        SHA512

                                        8b5ca9811bf13a8e4c1768b1272f49114834182040c3580251ec391fdd01ef342d630c58c9c26190e9efcb81ba15f081767cc8ae25dc879f968432126cd312a9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        a5c8f613df5a355b0a7454a46cad363d

                                        SHA1

                                        502bbc37868197be073f16115326b6ce6b15e7e2

                                        SHA256

                                        1b3c59add4e2b3befbf0233800442edace1ae61fbf653f746515cef75fbeabe4

                                        SHA512

                                        61b606c5f5f767c2af86fae35b0d7fd20c7f16e2b8daf1cc08e019500c5e7997185e7c5dbc242f1a051527dad008c62d70aa0e04fea719c6da46269a7e715a93

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\Site Characteristics Database\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001
                                        Filesize

                                        41B

                                        MD5

                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                        SHA1

                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                        SHA256

                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                        SHA512

                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\GrShaderCache\data_0
                                        Filesize

                                        8KB

                                        MD5

                                        cf89d16bb9107c631daabf0c0ee58efb

                                        SHA1

                                        3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                        SHA256

                                        d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                        SHA512

                                        8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\GrShaderCache\data_1
                                        Filesize

                                        264KB

                                        MD5

                                        d0d388f3865d0523e451d6ba0be34cc4

                                        SHA1

                                        8571c6a52aacc2747c048e3419e5657b74612995

                                        SHA256

                                        902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                        SHA512

                                        376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\GrShaderCache\data_2
                                        Filesize

                                        8KB

                                        MD5

                                        0962291d6d367570bee5454721c17e11

                                        SHA1

                                        59d10a893ef321a706a9255176761366115bedcb

                                        SHA256

                                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                        SHA512

                                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\GrShaderCache\data_3
                                        Filesize

                                        8KB

                                        MD5

                                        41876349cb12d6db992f1309f22df3f0

                                        SHA1

                                        5cf26b3420fc0302cd0a71e8d029739b8765be27

                                        SHA256

                                        e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                        SHA512

                                        e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        1KB

                                        MD5

                                        b86df5f9425a4a5efc36e6f807488372

                                        SHA1

                                        1fd7a3fa2aaeaa793f50cfa2752c686128ddf318

                                        SHA256

                                        8d9f61d448d2d6cdf7a072ef507f695319148d0910bed3668267909feb4c3e2f

                                        SHA512

                                        a0afd7e845791777d69f803589f1ea04cb9eef1102c09aca311982934c564e58c337efabf390b2f973226b462306495d8aab56addb9df7b9c8b7b40ddcc6da90

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        3KB

                                        MD5

                                        2d928afe8dccbaafec9c33a07b254839

                                        SHA1

                                        a3533066a0d204948394914f81cfae5cd6f41beb

                                        SHA256

                                        00da0ddc7942d77ca1c10e737eded2c10c833d8be8d59f69fec4254b1c3f6b69

                                        SHA512

                                        7881568fc3f170554221fe6e3c5aa3b9f87386efa95246cedbb9a9efebf25f981c606b9ef4b53f3340c4150f9a20b5d483b68457f26605cedb790f461aae6498

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        4KB

                                        MD5

                                        b51dd233afd2e4107adcd136d5997b26

                                        SHA1

                                        2c9111e2fce553057997e63a2e52f6f7bdb91ba0

                                        SHA256

                                        b57fb7f1faf29f65517a7c0698c2c702ed995cdb4b44030d32754a42c293dce9

                                        SHA512

                                        1e2d982b04d78bff22759db47bf5278d94662de7e13b377491944736e694efb1539f937a1fb7113f426c3c6540bee6a18dbf86a720fb3e91a1cbd340494890c9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        16KB

                                        MD5

                                        43f2a94af6ec433da85d0154bbd33d6d

                                        SHA1

                                        bd076beee1097983654cd05a6490c26aa25d895f

                                        SHA256

                                        03ea053ddc9018dd8517eb443f2f974861683870e9f05b976c7c7415be8dcd1f

                                        SHA512

                                        35e912fe4cbd23a7ed0ef66289a2de30861f30161e6ac39eea7b35429c3b142e86fde9f27a0eddad1440ed5c66a28d5f4cf643a5ee695cf84d05b633f836bbab

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        36KB

                                        MD5

                                        5c016162eb9d5357fb7dca3601ca8200

                                        SHA1

                                        075ac78a62d5f4a5980b069b4acfb125af9cc425

                                        SHA256

                                        21cf6ee6cbdd20f1439e993bd207c669aafd24d38328b85451d7ada8ffc9882f

                                        SHA512

                                        c677609c7364f0e6c436b0484b51fc9505fca3f1afeaaa7476c3d0d7f01e10d98668576d27bc8d2a382adbc97dbfc44c7121df0ae4e075cb533e333972bf947c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State
                                        Filesize

                                        17KB

                                        MD5

                                        2ed181740f961b1bbe09c97a62440f6c

                                        SHA1

                                        0e996fa211a22301e74a41bd91b8f1fbd4721e19

                                        SHA256

                                        4ad62f83f2c27dcc3d5b707acf2b302c11b5e250d90b57231d397a463692e282

                                        SHA512

                                        cbe7850918386f1c28cf6008501267443b416958583edca064ffb12ba2694037042db9f8d292efd2b4d8e954db348354e9460c4e76e083a1a4c18af1b3d2c37d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\setup.exe\EBWebView\Local State~RFe5c73e0.TMP
                                        Filesize

                                        1KB

                                        MD5

                                        e59f14deee7b6f7ecc3e53ab4d548b8e

                                        SHA1

                                        8f767311f89ec9da2cd8b4d0e33517abfbe7449c

                                        SHA256

                                        9a8eeefa618e03680b10bded44e9c03dbb46dd81a1b752107f0e2edec95ecf69

                                        SHA512

                                        8acfb62c9c97e069d0ab65527e9ca78e9e3094b2cb290e2771ebedd6b8983b98d32f558441c722dcd8dbe7fa203cb7a8553c03141239935456dc9c22f177aa91

                                        Download Submit

                                      • C:\Users\Admin\Downloads\Solara_roblox.zip.pwsstum.partial
                                        Filesize

                                        15.2MB

                                        MD5

                                        325eaa719d119aa8a559410b7af339fd

                                        SHA1

                                        3fcad09ac80ab0e9c056eab70b55887ea4245df3

                                        SHA256

                                        3f767ffe96383bc3850ccecde867a3d4395b647947c9a3f004fbbc4894302136

                                        SHA512

                                        d76e0fd995621f9267aa5dd25e23bdcd2247fd3732f268f8afc2e382f703e009e97fbfa1022f3d69aa851a1e261267614d923ae2a311fe1177ea3b4036f77e35

                                        Download Submit

                                      • \Program Files (x86)\Microsoft\Temp\EU7BB.tmp\msedgeupdate.dll
                                        Filesize

                                        2.1MB

                                        MD5

                                        d1175f877ab160902113b3a2250d0d78

                                        SHA1

                                        7fc668cd9ed31d093f7c88dc4803ce3f3f833796

                                        SHA256

                                        5ccf3eedf6f1f57d386cef188f070c72583d9a96ff674ce91e8776ced8e989b5

                                        SHA512

                                        ba1fa4f61c3ed3766e6bd0ae95e36d7505774c463ff81b989e64acaf878cfd59fa41109c696ed16a122e68edc2e0c9f96afd9cfbe92bd7351583719b028c1604

                                        Download Submit

                                      • memory/512-344-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/932-376-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/932-342-0x0000000000820000-0x0000000000854000-memory.dmp

                                        Filesize

                                        208KB

                                        Download

                                      • memory/932-343-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/1108-60-0x000001DBE4770000-0x000001DBE4772000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/1108-63-0x000001DBE47A0000-0x000001DBE47A2000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/1108-65-0x000001DBE47C0000-0x000001DBE47C2000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/1108-58-0x000001DBD4600000-0x000001DBD4700000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/1324-1209-0x000001B96E2E0000-0x000001B96E356000-memory.dmp

                                        Filesize

                                        472KB

                                        Download

                                      • memory/1324-1204-0x000001B96DFC0000-0x000001B96DFE2000-memory.dmp

                                        Filesize

                                        136KB

                                        Download

                                      • memory/2304-74-0x000001A953D40000-0x000001A953E40000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3740-353-0x000001F74ECB0000-0x000001F74ECB1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3740-35-0x000001F745070000-0x000001F745072000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/3740-354-0x000001F74ECC0000-0x000001F74ECC1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3740-16-0x000001F747D20000-0x000001F747D30000-memory.dmp

                                        Filesize

                                        64KB

                                        Download

                                      • memory/3740-0-0x000001F747C20000-0x000001F747C30000-memory.dmp

                                        Filesize

                                        64KB

                                        Download

                                      • memory/3808-345-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/3808-349-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/3808-378-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/3808-382-0x00000000737A0000-0x00000000739C5000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/5096-43-0x000002245D980000-0x000002245DA80000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/5096-44-0x000002245D980000-0x000002245DA80000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download