hxxps://wearedevs[.]net/d/Solara

Analysis

max time kernel
579s
max time network
581s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/09/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/Solara

Score

9^/10

credential_access defense_evasion discovery evasion persistence privilege_escalation stealer themida trojan

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 25 IoCs

pid	Process
4760	Bootstrapper.exe
2076	BootstrapperV1.19.exe
3320	BootstrapperV1.19.exe
4596	node.exe
2056	Solara.exe
960	node.exe
10072	RobloxPlayerInstaller.exe
8112	MicrosoftEdgeWebview2Setup.exe
4416	MicrosoftEdgeUpdate.exe
712	MicrosoftEdgeUpdate.exe
8512	MicrosoftEdgeUpdate.exe
8352	MicrosoftEdgeUpdateComRegisterShell64.exe
6400	MicrosoftEdgeUpdateComRegisterShell64.exe
8316	MicrosoftEdgeUpdateComRegisterShell64.exe
8592	MicrosoftEdgeUpdate.exe
6140	MicrosoftEdgeUpdate.exe
8520	MicrosoftEdgeUpdate.exe
6880	MicrosoftEdgeUpdate.exe
9352	MicrosoftEdge_X64_128.0.2739.79.exe
9552	setup.exe
5696	setup.exe
9944	setup.exe
9996	setup.exe
5928	MicrosoftEdgeUpdate.exe
8980	RobloxPlayerBeta.exe

Loads dropped DLL 30 IoCs

pid	Process
2512	MsiExec.exe
2512	MsiExec.exe
3612	MsiExec.exe
3612	MsiExec.exe
3612	MsiExec.exe
3612	MsiExec.exe
3612	MsiExec.exe
4708	MsiExec.exe
4708	MsiExec.exe
4708	MsiExec.exe
2512	MsiExec.exe
2056	Solara.exe
2056	Solara.exe
4416	MicrosoftEdgeUpdate.exe
712	MicrosoftEdgeUpdate.exe
8512	MicrosoftEdgeUpdate.exe
8352	MicrosoftEdgeUpdateComRegisterShell64.exe
8512	MicrosoftEdgeUpdate.exe
6400	MicrosoftEdgeUpdateComRegisterShell64.exe
8512	MicrosoftEdgeUpdate.exe
8316	MicrosoftEdgeUpdateComRegisterShell64.exe
8512	MicrosoftEdgeUpdate.exe
8592	MicrosoftEdgeUpdate.exe
6140	MicrosoftEdgeUpdate.exe
8520	MicrosoftEdgeUpdate.exe
8520	MicrosoftEdgeUpdate.exe
6140	MicrosoftEdgeUpdate.exe
6880	MicrosoftEdgeUpdate.exe
5928	MicrosoftEdgeUpdate.exe
8980	RobloxPlayerBeta.exe

Themida packer 50 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000100000002b799-3527.dat	themida
behavioral1/memory/2056-3534-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-3533-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-3535-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-3532-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-3847-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-4010-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-4053-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-4074-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-4130-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-6936-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7266-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7523-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7578-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7674-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7683-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7707-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7714-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7747-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7759-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7765-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7831-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7839-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7893-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7911-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7925-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7941-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7974-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7990-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-7993-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-8016-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-8019-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-8400-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-8578-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-9410-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-9504-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-9571-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10317-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10861-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10921-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10942-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10953-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10980-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-10988-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11013-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11107-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11285-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11310-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11327-0x0000000180000000-0x0000000181099000-memory.dmp	themida
behavioral1/memory/2056-11383-0x0000000180000000-0x0000000181099000-memory.dmp	themida

Blocklisted process makes network request 3 IoCs

flow	pid	Process
85	4724	msiexec.exe
86	4724	msiexec.exe
87	4724	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
78	pastebin.com
81	pastebin.com
106	pastebin.com
109	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
8980	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 19 IoCs

pid	Process
2056	Solara.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe
8980	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-init.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\run-script\lib\is-windows.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npx.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\rimraf\bin.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\LayeredClothingEditor\WorkspaceIcons\Cage Mode.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\Emotes\Large\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\which\README.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\glob\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\LegacyRbxGui\Aluminium.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\avatar\meshes\rightarm.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmversion\lib\commit.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\vendor\QRCode\QRPolynomial.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\are-we-there-yet\lib\tracker-group.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\VR\Radial\Icons\Backpack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\metavuln-calculator\lib\advisory.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promzard\LICENSE	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-collect\node_modules\minipass\index.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\advClosed-hand-no-weld.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\vuln.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\configs\OtaPatchConfigs\DiscoveryOtaPatchConfig.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7AC7.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\ca-Es-VALENCIA.pak	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\encoding\LICENSE	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\fonts\zekton_rg.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\DeveloperStorybook\Storybook.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\docs\Linking-to-OpenSSL.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\win_tool.py	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\StudioSharedUI\dot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\Controls\DefaultController\Thumbstick1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\Input\DashedLine.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\_stream_transform.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\VoiceChat\New\Unmuted100.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\metadata.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\build-ideal-tree.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\sky\sun.jpg	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\localizationTestingIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\TextureViewer\confirm.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\PurchasePrompt\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\read-cmd-shim\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\glob\sync.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\tlog\verify\body.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\fonts\AccanthisADFStd-Regular.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\CollisionGroupsEditor\rename-hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-12x12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\err-code\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\fonts\families\Nunito.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\AnimationEditor\img_forwardslash.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\RobloxNameIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\git\lib\errors.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\StudioToolbox\AssetPreview\hierarchy.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e5896cc.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A77.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9EEE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB8B4.tmp	msiexec.exe
File created	C:\Windows\Installer\e5896d0.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF4E0E2E15D8EDE899.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7D8B5E7149C70B03.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB923.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9FBA.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\~DF4FB113A1748B5860.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF11A0170A7A965D95.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSI9A37.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9FDA.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\Installer\e5896cc.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBBE4.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSI9A97.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA28A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA4D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA2AB.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 13 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3420	msedgewebview2.exe
7768	msedgewebview2.exe
6056	msedgewebview2.exe
6708	msedgewebview2.exe
8592	MicrosoftEdgeUpdate.exe
988	msedgewebview2.exe
5928	MicrosoftEdgeUpdate.exe
7944	msedgewebview2.exe
9372	msedgewebview2.exe
7556	msedgewebview2.exe
6880	MicrosoftEdgeUpdate.exe
3384	msedgewebview2.exe
3372	msedgewebview2.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711875561607157"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}"	MicrosoftEdgeUpdate.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2076	BootstrapperV1.19.exe
2076	BootstrapperV1.19.exe
2076	BootstrapperV1.19.exe
4724	msiexec.exe
4724	msiexec.exe
3320	BootstrapperV1.19.exe
3320	BootstrapperV1.19.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
3400	msedgewebview2.exe
3400	msedgewebview2.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
3420	msedgewebview2.exe
3420	msedgewebview2.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe
2056	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4928	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
1924	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
2004	firefox.exe
1924	msedgewebview2.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
4928	OpenWith.exe
2004	firefox.exe
4596	node.exe
960	node.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
8980	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1036	2992	chrome.exe	78
PID 2992 wrote to memory of 1036	2992	chrome.exe	78
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2440	2992	chrome.exe	79
PID 2992 wrote to memory of 2264	2992	chrome.exe	80
PID 2992 wrote to memory of 2264	2992	chrome.exe	80
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81
PID 2992 wrote to memory of 1176	2992	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wearedevs.net/d/Solara
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0caccc40,0x7ffb0caccc4c,0x7ffb0caccc58
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4280,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4624,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5016,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3172,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5600,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5616,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5056,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5908,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5116,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5932,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6008,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6016,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6020,i,10179116681404809922,7240665909443180526,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2024

C:\Users\Admin\Downloads\Bootstrapper.exe
"C:\Users\Admin\Downloads\Bootstrapper.exe"
1⤵
- Executes dropped EXE
PID:4760
- C:\Users\Admin\Downloads\BootstrapperV1.19.exe
  "C:\Users\Admin\Downloads\BootstrapperV1.19.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Bootstrapper.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
    3⤵
    PID:3292

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4724
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 6A3A4B0F9787A129D2CCC2AD6779FCFD
  2⤵
  - Loads dropped DLL
  PID:2512
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 96A2460360250DBEFAF8B5337B2D8FC4
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3612
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 78B0A666B42231BBF80E025FFB282606 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4708
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3136
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:2124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\DISCORD"
  2⤵
  PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\DISCORD
    3⤵
    - Checks processor information in registry
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af4f472d-6d1f-462e-a4ee-c4a5d419f350} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" gpu
      4⤵
      PID:3272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc94346a-909b-4435-b1d1-bf98a3a88946} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" socket
      4⤵
      Checks processor information in registry
      PID:1672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3240 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3292 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a968d3a-ebcc-41b7-a6b9-fa169244aa65} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" tab
      4⤵
      PID:968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3528 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e855ea0-86fa-40cc-9489-713c60a662b4} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" tab
      4⤵
      PID:3136
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4632 -prefMapHandle 4636 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f8725d-8bf8-47c4-a9f3-3066d3660042} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" utility
      4⤵
      Checks processor information in registry
      PID:3120
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -childID 3 -isForBrowser -prefsHandle 3960 -prefMapHandle 3824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d890fc8d-514d-4a5d-a1de-65a827c915d4} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" tab
      4⤵
      PID:4400
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de7c697a-99a7-4e9a-925d-6d4734874699} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" tab
      4⤵
      PID:3092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13987f18-1c2f-456b-88ff-37ad66ccd3d7} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" tab
      4⤵
      PID:3820

C:\Users\Admin\Downloads\BootstrapperV1.19.exe
"C:\Users\Admin\Downloads\BootstrapperV1.19.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3320
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4596
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" d4b638cbeb7541ba
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:960
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=2056.1320.7058281260879243904
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1924
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0xd4,0x104,0x1c4,0x7ffaf3383cb8,0x7ffaf3383cc8,0x7ffaf3383cd8
      4⤵
      PID:1504
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3372
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2096 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3400
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2508 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:988
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3384
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4504 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3420
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1168 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:9372
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1672 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:7768
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4152 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:7944
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4436 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:7556
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3524 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6056
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1732,12088749645164844177,15111228635488924895,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4120 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3420
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17f8f663-6935-4412-b3b1-b151adfa9781} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" gpu
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d0607e-70c2-4251-ab63-71994d0b0a62} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" socket
    3⤵
    PID:248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 3120 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {770eb149-9ea8-4f46-82f9-552d3d224cef} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a811a23f-b683-4ef5-b3f8-1f431928c028} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1608 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4560 -prefsLen 29142 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c00f4271-2ab0-4a70-881d-56fdb3cbd6e0} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" utility
    3⤵
    - Checks processor information in registry
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5472 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77626ab-36f5-4411-a644-7d7a96c0f25c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 4 -isForBrowser -prefsHandle 5424 -prefMapHandle 5444 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30948f72-e11b-4b98-a2ac-be9e3521dcb3} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5432 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04c6c1ba-9f8b-41df-af75-ca0931a1063d} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:6020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0596b86e-dc82-441e-94e3-a30a1d29ca0b} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 7 -isForBrowser -prefsHandle 5432 -prefMapHandle 5872 -prefsLen 27643 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f50555c5-5bf1-457c-94b0-93cddc7979c7} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:2752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6812 -childID 8 -isForBrowser -prefsHandle 7008 -prefMapHandle 6320 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dde7a06-c392-4cab-b091-3a52c579f484} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:7568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6920 -childID 9 -isForBrowser -prefsHandle 5900 -prefMapHandle 5664 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0011294-1b6f-4b8e-a315-333eabf21e4c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 10 -isForBrowser -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c414db89-2807-4741-9d8f-7a94fb0f20c3} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:8672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -parentBuildID 20240401114208 -prefsHandle 2636 -prefMapHandle 5400 -prefsLen 30446 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48dfbbfa-0e08-40df-844e-818f5ca2626a} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" rdd
    3⤵
    PID:9784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6884 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6476 -prefMapHandle 5784 -prefsLen 30446 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34989709-0965-4ba0-917d-3b2db991dd3e} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" utility
    3⤵
    - Checks processor information in registry
    PID:9796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 11 -isForBrowser -prefsHandle 6304 -prefMapHandle 6300 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e150dc-a7c8-4239-badf-c4f27b43c1b4} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:9984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -childID 12 -isForBrowser -prefsHandle 4860 -prefMapHandle 5604 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452c6009-bd5e-4db4-b944-64bc15a56a9b} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:2788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7312 -childID 13 -isForBrowser -prefsHandle 7004 -prefMapHandle 7332 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d733cd20-154d-4455-9691-51b8e5272edb} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:9560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 14 -isForBrowser -prefsHandle 7344 -prefMapHandle 7348 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c288441-c205-41f2-88ae-3aa2cfbd2931} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:2356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7516 -childID 15 -isForBrowser -prefsHandle 7636 -prefMapHandle 7632 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a199670-f347-47e0-86da-7c8d956ab2a4} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:9876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7960 -childID 16 -isForBrowser -prefsHandle 7956 -prefMapHandle 7952 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f2713a6-b499-4347-848d-f1565c6b17dc} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:9900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7760 -childID 17 -isForBrowser -prefsHandle 7776 -prefMapHandle 7928 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d66ba0f0-5332-4248-ad50-1b3d73ed4b19} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6332 -childID 18 -isForBrowser -prefsHandle 8400 -prefMapHandle 8404 -prefsLen 27914 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fe8d61e-a485-4e73-8bde-96829ef54919} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:388
- - C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    PID:10072
  - - C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:8112
    - - C:\Program Files (x86)\Microsoft\Temp\EU7AC7.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EU7AC7.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        
        PID:4416
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:712
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8512
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:8352
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6400
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:8316
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUI4NURGN0QtODUzNi00MDI2LTkwNTQtQzFGRDVBNzVDRkM0fSIgdXNlcmlkPSJ7NjI2RjE1NkQtRTlEQi00NkYyLUJBRTMtN0NCMkUxNzk0NDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMUU2ODc0NS0wRjNGLTQ5QTEtQTc4My1CQkUzQzQ4NUMwQTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MTM0NjYzNTQiIGluc3RhbGxfdGltZV9tcz0iMzQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8592
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{AB85DF7D-8536-4026-9054-C1FD5A75CFC4}" /silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6140
  - - C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
      "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtCreateThreadExHideFromDebugger
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of UnmapMainImage
      PID:8980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7660 -childID 19 -isForBrowser -prefsHandle 7708 -prefMapHandle 7724 -prefsLen 28198 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60bc9ded-bca7-4c50-b0e2-f3219cd1712c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" tab
    3⤵
    PID:9464

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:8520
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUI4NURGN0QtODUzNi00MDI2LTkwNTQtQzFGRDVBNzVDRkM0fSIgdXNlcmlkPSJ7NjI2RjE1NkQtRTlEQi00NkYyLUJBRTMtN0NCMkUxNzk0NDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEMDFFOTFGQS0yNjE0LTQ0QUQtOEM3Ri0wN0JGRTk4NjlCNUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MTY4OTY0MTAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6880
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\MicrosoftEdge_X64_128.0.2739.79.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\MicrosoftEdge_X64_128.0.2739.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:9352
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\EDGEMITMP_18CBC.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\EDGEMITMP_18CBC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\MicrosoftEdge_X64_128.0.2739.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:9552
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\EDGEMITMP_18CBC.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\EDGEMITMP_18CBC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F19ECE5-AFF7-46FC-90D5-37268D08664B}\EDGEMITMP_18CBC.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.79 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6976716d8,0x7ff6976716e4,0x7ff6976716f0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:5696
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:9944
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.79 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff76bef16d8,0x7ff76bef16e4,0x7ff76bef16f0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:9996
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUI4NURGN0QtODUzNi00MDI2LTkwNTQtQzFGRDVBNzVDRkM0fSIgdXNlcmlkPSJ7NjI2RjE1NkQtRTlEQi00NkYyLUJBRTMtN0NCMkUxNzk0NDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MkI5RUFDNy03ODdCLTQzMjMtQUZBOS0xRjRCMDA2NUE3N0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5Ljc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzExODc2NTAwMTk1NzcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MjU1NzYyMTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODI1NjM2MTc1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMzY4NjUzOTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzNjMGRlMmJmLTY1YmYtNDlkNS1hY2IxLTM3OWJhODIxNWM2MD9QMT0xNzI3MzE5MjYzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUUzbXRMZkk4SURqdkRZRUtyZFlLOXl5ZTdTZ1JWOCUyYkpQQkhmWjZueWRkMzZvY3FVa2p2VDR6SmszWUtjdTd6TU1KSXp4QnpGS1lDUzZ6bTElMmYzSmFIQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzkwOTU4NCIgdG90YWw9IjE3MzkwOTU4NCIgZG93bmxvYWRfdGltZV9tcz0iMTQ1MTYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDAzNjg4NTc3MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDUxMjM5MTQ0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ5Nzc3OTg5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM2NSIgZG93bmxvYWRfdGltZV9tcz0iMjExMTkiIGRvd25sb2FkZWQ9IjE3MzkwOTU4NCIgdG90YWw9IjE3MzkwOTU4NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQ2NTMiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5896cf.rbs

Filesize
1.0MB

MD5
90c600a3328b43caa3ba8cbdf2865b30

SHA1
1ad17234161d532339abb1e3f9be9bc438e69ab6

SHA256
b70eb8ec9551695efc24e00aa8e04e290b63f6d4babcb8365ff64cc49bd4bca0

SHA512
410546e6637949920f19520e84c61ba4a6647e2a15996bc6f0d7aef789de994a3dbc0a294b073d9d1e31d8def7bd5a9018ff4ba680ac63090deaefb0c36e4cc3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Installer\setup.exe

Filesize
6.6MB

MD5
337bec799cf5a4312866be547387e091

SHA1
763f4f372b7920365e8e850680b24594d4e3c45d

SHA256
d4d15e2686afd133e9870c4a8e98ab041e9db746dbab5a14373098a8e5b28281

SHA512
cdee342bf56c499e5516d9799c35fc3fd1c833de6863225b961d6d5058625f36ee93fb770f7ea1d604a829e8145caea4ddd178be34d8adf9d9853be41888e365

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
d81db68ce340e4b9ff903d6d9e3b2b21

SHA1
083a061fb32eca3d0fae2d7120a80ea2ce6cd8cd

SHA256
c808dfbf70edf83c353cd8735bc23c026d6727260fab83bdece6801a0cc727d0

SHA512
9a92ea92ab3d3b3271b92d9cc94f4be8fde169310f7545838f566f0da30094ee0042c373389801c26b1c5a6dacb6d34dc125010c9a4708444e090fb4e5764252

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
1c230ad6fd1b400cfcf28405562f3793

SHA1
1327c5e994f5cfe83cab09438e106cc837586b32

SHA256
d8ca3587a6968846b2fe59eb29f7bbe584a821b5dc50a1082dc934adf7abcf8b

SHA512
8e452ed07c4fa2a2cb5923cfcf857679b36f85bc23b305fe451d1a317d40de3e377e88edfabf5cf8320435e6673e04f03d20314d07aec91cb2ebea83a9f33754

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
4af398a46d4bd09811ced324ba8cc22c

SHA1
458264f284969210c1128bac89dbf06ac48ad85d

SHA256
b5cc85c245f92044f8c79d7c94d3fcb4763be8a1d339d580a4e47540f7a1fd97

SHA512
22f7c47d19e42ea197d4ffc1a060bdc9a7b6601cace9e93a8b3ea28efda2c6cedb7752ac8a00e1488d65b3b25fb9efd4bd618537440e1ce060dd1fb0843ce07b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
44fbd58615685389c1052386746b7b9a

SHA1
5c063d5ce5bfc1bcb4ee008a602274fcc32f6426

SHA256
0d1abd17a9324a2bdc5a867a706f477c8a3a23f25c4ff05ac563bd40ad2b9261

SHA512
5f400488876d08372b27c4e7963eab57ef858d470ee3f6333b6fc41e86b9796ee2cc4b2f84865b96ab426400f5419f1d4c292117acfcb6f9c1e425d4f34b09a8

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e193e16619d835adeaa64952606d216e

SHA1
c196435cd0da7269c1f3b788acc47b1a7fe1404c

SHA256
a868f0090ae1792e701b5d97ddc8d35d3d0c89d8c88b48050e52417c8e7f4c88

SHA512
40799ef943568872994712579d1ddc7f5d753a48db044854da927faf4da2f7e2fca6666a6c311fcffa8a0372f7fcd116f40be2d71c0298c5a203dbf2f8f884da

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\5e0a35ef-a1bf-457c-a4b0-d3a2bed0457b.tmp

Filesize
3KB

MD5
d8ed5bcdf778d797a237dff3cb3e971e

SHA1
85ad78f42e57e98babef5780a51d634fb16b2b29

SHA256
77967c9b4f33af583810e688269bf475bb0ab2fe1c664fcdbbb743bb52d2460f

SHA512
8f26688905659de6cb152617a486ad0c355df9dede893ed372109f2f9b3e209bcb1c8b5e26c453c85128b7259c667dc49c49be6f8bb2e16821895e7a49e9f2a2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
930B

MD5
6936ca74725720334bf6dd6d433ed61a

SHA1
bc0284b59591fdf2f9053625f380f4124be32d7f

SHA256
e4c1be756899a634d0b37b4ccb4b51533bfdc8246ed2e793f4ad7ce35e65ef5e

SHA512
b8c62ac7a6f113d57b22d7ef7cf56fb4f9ccea8fde6222af268e8ab3db6950ab92b2f80e61c873a1ec9bef45a30b11512a6da41044f9ebe94d209f90637882fe

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a4c2d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
7764e0fa263782bcd192fe058d1502e8

SHA1
ef7adaea582bb4192d93273f1cd36f3e48533436

SHA256
4c00a81f1e30c22ba14b4873f6982848bcb3ed22e1fe6b1acd064bd590ce4e23

SHA512
1ced57ffaccce9b6343768c2626adf27c618c6aceff822bcd3b7856dd793a02af80c04518a91cebd142166c2a40f04d327a45a08e59231689053b7b4cfb2d0e3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
6cec8d9bdf17a73e0df0ef291113ef68

SHA1
759866ea3df1df43a319d34acad998d1f87101e5

SHA256
2b05c2254f95b4b47a0c3159fb6e28ad71d45871f4857c6da39b780eb555bd90

SHA512
aa5a121fc390e1504002ca5f39fe8b0ff524019bd8e872f6f4c78f1e22a34eaf2092d10c782e2746bb1b80c4d3a88c114925c9b2ee424d5e4fe0e722d33b76c5

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
d2739c98c87c53e8b368d31fa98a573d

SHA1
afa4306871bfad97a53ceabfb3faf81ab26b6d26

SHA256
f435a164533eca668fa3ec64eca9b44bba36639c5bc24d162a4321828419ac39

SHA512
b898d8cd90b74e5c7f1371766503cbe16ac2f73eb9b6841113b04176eed012f77f936f62f10e001d29af26b08c661bdd2c6f46952846fe3264f5140484538e3d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
88c9ded0ccb81e412191ef45e0261770

SHA1
1b51cf962224548cf17f9a3ed01e92f353421dd7

SHA256
25d5f94c4e7dc773cf2c97ee031767d166dbb73237d6a6cbbaa06be392865e13

SHA512
0ba6115903950c706aaca260abbac9c54e0d29f6ee36b240b0e98adecadd63d53b78129f533180993aeab9119fadc42a4f6b51502e70161618f397790146937a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
a98ac13edac480f591f767eb7a54506d

SHA1
471137ed5017cd17092040f3be9648182c01a4d8

SHA256
bdd87dcdb2361f08446ae58e7538e7f3d1ad3bf00a8edb4e46e5e38d28da266e

SHA512
64d87cf324395e62ccf71686a49f03d8e2ee087244f51251924d18996fe76813b99182fe2859fd53db1fc1c67a0cc77ae1e0301919e77d67fb6ca6dbd215f039

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
41b33f1c649e2448c0cb4f681445aea4

SHA1
41b4862043d620187ab047cfc46630d2e8468351

SHA256
3d7c622a9309b586d04156959528f9b759c6b83f2853309419ede4d7ba3f43da

SHA512
9853490a4a2bacfaaeb7943d6bc8c033fbd924e63d7d29f1d6927d26671d6d316b4e22b17eccff792af0e7324d68c7993e768094099a10ab2401dda121da5efd

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
3ca527021937960493ef707d6a612af5

SHA1
bb5653d1e43eb7d5a6200a422f41cf60683507e5

SHA256
b7a5d5df13d00be739c238f371c9f5a65c92c7f5ef06c3d10e96557292329726

SHA512
014624c4265c44bf7c038a77c8fee6e7620b53c4d86901001a6f03a2afd3a04d376b42f7ffa4ce8e57e33e4c3d5bcb4d9800f717d4a8f921e02fe8bd2700a3ef

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
2b94943ec81dfd8f8f0fc34e879e939c

SHA1
02fd0719c902a234b83cbc354b9f16f0fbe311d7

SHA256
2b1c9f05343cfe3d9375d4bae3eaf4569d463343be267c1e30e0b10d4cbf0aee

SHA512
08013deb88a12b6317fc9c2ed52437278bc8e3364f588185332368787a8a041c908c4d37d7bb46861ad68f6a606747f496c6a297cea8a49449a697f804863155

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe598bfa.TMP

Filesize
8KB

MD5
db077255922d098fa4752d132d3ea1e7

SHA1
1e6b742ca93865722f16079bce01d5fcd60a9e73

SHA256
8f9814805d31a2920f683f65a315f6e9b3bf807699282827d7199fe5a150b3d0

SHA512
8ecd13c06f204d16e88c720985968f8a29a1002620c644180aa5fe5dfb4aa9c6acc52a3fb28e3bbfda5eb7f0e35398243d26fef598bc310b7a22821f9b43ea92

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.4MB

MD5
028c9871d4730c9f5d9f5a7694397f34

SHA1
4bfd9ddbc29290d1dc7f3d98497b7733703de631

SHA256
46fde5fcdb907842b62e8c418f4242d1b98d1eed1ca4f6480b52aa1f4bf425ad

SHA512
f0f1b940e53045ec128bfd234ae3795955478167f7b9a3cc9b946ff9f17cf5a4db6765c97ebad1ec3a27ea280422f33cbfaf3e0420a29bc7543b29f1c164d1b8

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
f5ad6f151a2180cd3d72aa6e539c7704

SHA1
32b4521f3fb2b529b99832d67db1eb9f7ee90fee

SHA256
6b3f8abf53839003a2df2fcdf376ddd245f3cc87b8808ae53891123749258372

SHA512
5bd0823226876aa12c92072dffca4638755209e167e9e45fb93a86525249637b61d7217eba09b29affd7ab3dc80b45a909afc175da7782366de47323f66421a6

Download Submit
C:\SolaraTab\main.lua

Filesize
30B

MD5
87cd8fb6c94491c3f0ca9b828ffc5f3f

SHA1
c85df7d5350730441de8fd4f624ef0779cabe7e4

SHA256
b74faf52ff44e30ddcbcf9a0929426a127d9d0784e412ccd14e24a74436df8c5

SHA512
0b1b80a1e79be03710062ad4ab9088e0a749acb364509a076ddff7e0067091aac2e93d62afcb88e98e9a7092a627bbdf5c75e5e13aeae7742070c0910b346fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4df3b4337c6e8d782ec28a762e800da4

SHA1
fce34ef844ca04db5df7c8ac1198c15cd8deb7c7

SHA256
c915b80332531ae002d380960c0c7eb7ec7477683ef8399180483a36c4c5aa44

SHA512
8c3b9a02463292c0227438dbc3dd490d652c9c4d7db52bf12dd6a4a83d7a5e008b6e10c447b11f33fb2c9425afa9fc03a3e03da13cb24dd04e7ef565a2f0d781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
796KB

MD5
4b94b989b0fe7bec6311153b309dfe81

SHA1
bb50a4bb8a66f0105c5b74f32cd114c672010b22

SHA256
7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659

SHA512
fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
83db80f44086ca700e612df009f3d2f2

SHA1
9268ede27fb5339acca49107e399d22045ba2257

SHA256
0ad62a150905265f2021bd2ef41eaeb29d7a34e059ffb16eee43dcb1a0851cf6

SHA512
ae9a8cdba450afaace68d4c665609103b3340d12f0b1496bcb8e90ef088d289356ba062b33d1a749817cf8713fe5a6a0544732508f968fbac4775cc86a8c6276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a3f9bafbe05a5e1599f2f225bbb91197

SHA1
bed41a6190f2b1b90904bf49a12f08471eeb3a91

SHA256
931c450fba97614ad6574f631261a997f3b2a84bcdc95f263dbb9ddd6f425176

SHA512
f2713fde9fa4cf680c8a4e2455b8cc65f5762f8acdeab18f732b184a37bc3935891d4c7f47aa32486be6dcc411a1a344c638e02459d8a59a48ca3711b33e4981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a95dba9f20eea5e7d063d859720c9103

SHA1
bf48cd2a76c6b6c3ab6cfaeab7c78e92a1e393e7

SHA256
a1d7638739b6033049bcaec6c5e671349678420045a5529b0e442987aa7fa7d4

SHA512
6a1e06c77fd6c5edf80794cdcd3b3c5b4b02c8eb1137b8e021404191b2483e917787a2dd8f1218cacee61926c0b15f6495d6dc1d194919f3343fa8eb28a84480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
73f8c5b1968981207833c1017240fb02

SHA1
854927ff64d47a97d7b54777cf0f1ea6a649f2f8

SHA256
13b2754980374f28ce1228c19ad91e2c72e1393853bf19555708c74d184482b3

SHA512
9e7289e9b9f8ba43d8c55d01c140397a00ea8e13cc466780cc1a1b8153450f2d141bb13d8e2350b4117d92476fe59985fe020aad0a33412cc67a355d6c14ddf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07d06b9fb18f34c6aaa1c658ccda50ea

SHA1
de9d816efdf884fa79fef26a83c98d1e966c8fd2

SHA256
5110e785cd227a1c700f6b20ac6c477c50cad1b2e8aa6b9f4225d434f33de916

SHA512
d0d1cd69077081eb97d53c77ea4a1ff356dea8e03783ecd1835af1b087d4b9b2e869a5b8f5b9cdd05e0242b6e4d7c4b52571f223c6f941b22284d3c4f0cdff42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55f5248764458f6ed672d79e79ac79c2

SHA1
71ad945a1a0caa68f4680ebe33297e844be01774

SHA256
a5616d45350e84012029184370990245515a55d4bae19594f97d61aaa5dbe0ca

SHA512
d12c00f9e196a8244c15627fbdf061bebdaf8b48d3b85e84590746b8a3f412132467f813b2d97f1b9d3186e77807212fe1b382e294622c35f78f0e61fa2c29dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6f1519490e70b69a029d9acfbe38ffb

SHA1
9413e65f6cfd400bd947026ca6acf0ccba4caada

SHA256
028cd36a93e912d62d72d703fb7a24acd8e9b95b5592b6b1c124c8c5aa894bd9

SHA512
bd5adc1aa7d49231f49d7b658dcbc1adfff8d3e3307da643b0ebbdfa481c8be768bfb53309f9dbdcdb3352b7de96cbc57f58ffc82ffa331a714e83f02cad54b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e71083b3855baafe6e21f91db4a0666

SHA1
cb18add8393c2c24cf8892a68fe194b3dc718c5c

SHA256
66507653520e811d89676341863b2c60914e232fab643c5ff427cd137b60c0c9

SHA512
8fe7c764ef770829fa00c42a89f942797a017ff98072c2cae79dada13a6147127d8e79ab2e8071cb26c9b7281efdc098f71454e948606219798695efb9ca1b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
9f0386f2fe2d643a1d1de5121b462526

SHA1
488ba6e9c05bef2c94e89b99ad9c4f41a49fb812

SHA256
efead80b186e49077496c1d9fa1acd8d899c43ae30039dc75bd54783180def5e

SHA512
2f80484932cef3fa19ae07a898240ac37af890224c770037cb51128efdd3b4382502af892d90904f0e07afe51f1bb43ec975c4ae8c9e816d59a85b760137bc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
b33250f13167d24d13367b22ee05b05e

SHA1
49988e6306b2644b011501ef0fc1cd96f531fd3f

SHA256
edaaf7e0f6b1b8fb2ae85d1e802432d5d8b9d4ccc4476d8cfc45ecdfb4e70828

SHA512
67f5fbfdac367cba1384e1970622eb7624ac136fa64ba91ef323bedc6c1be5eb7aa3594c5e29748c50e2606d4cc1e5701ce6ee902ff0ae68319e81f90566616d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
fa3d03913d322b2ea1a843b74e08c190

SHA1
eba30cc7e0777cb8a5432a9f65ec957efb7be438

SHA256
1e5bccea3635b1ac9d2fb2d67264c60a9bc601695d410c43277f46bf804c7cf6

SHA512
134c59b1b1d10d8f8736246f303b0351fe8f036d4f951a4e7968ee34e92b9a87cda6844bae4b7df4008ece3c9d06873a6d023683ea623df6cd72d237dc1bb8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BootstrapperV1.19.exe.log

Filesize
1KB

MD5
c82fe8e5dba673cad964a55d81950097

SHA1
abfac574ec5e424bbf315e96f6f26eda44d5b475

SHA256
4ec4ed1849c6cc0a3b4486eba9a20110e7bd3d3a08edf8c401af55b6e4049b56

SHA512
b6c6190a4ac7c186665a434debb2abc213fe8d9c184c88334b95b2563639fea267bdc3a39e5ec5f44e1978e36c883e2962469909105f2d413eba83fc2978f229

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
14cf4f053b1fed6bdebe4a88eaa3d30c

SHA1
be45d8538505416afa12b33ce850dffea675a7d8

SHA256
c3499311ed6a6f4d1c86b6de495029b6caa2d1d6d517b0df5711476328fd6779

SHA512
eb312587a090e520e17182bd3e6f6114f55c723930031526d51dcd1b09786c8254451c43d45c7cfac354f03d3e757833263bb15637bf3fded255b8faba87f9b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\00D6B0E5958DF4AF0968A15074BC03A1DC892F30

Filesize
229KB

MD5
3f6e51a2acc74fc829d5ae5838d863a5

SHA1
137de349f8067d97524caf619a4421e5a5ffeda4

SHA256
8af58a01e597c66065402a192a3064e40c38c3d79dde3eb14bee636f90cb70d6

SHA512
40d30bcdad791746d0d3aae17801003ea925ee08fd08afd7a931de48f2784afff5458a70f303b8a49da8225a59d81c46c189c11c7b282f7038e1e6fbb89091c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\016913BA7B05A679F9EFA5825600235441746744

Filesize
454KB

MD5
5d422299c06ac1677b6b78a8d1025892

SHA1
db40c58d6c5e81aff86df28f953362ef4596add3

SHA256
68c28444d33dfae48d815eca6d6044fc3fe45770f53f697c57f56e6fb8504761

SHA512
a06bfed9a9201a1c8a69fcfe0343ecd4cd91c72fac2112b59314fba624cee3f1c3f73ab09cd7e5768c4e907ceff5d117df84fec45f4750247372a0b549d41886

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B

Filesize
1.1MB

MD5
42ccf5c67b2de320714ff6fe14a63bbb

SHA1
995c3854c240315aad4efd49d9aeebe35584ed89

SHA256
73813f3c8bba1aeb4e373627eaf65d2e650f53ece25a725b7de15ef6157bc79a

SHA512
1691fd86ee81ff5082b8762745fddab6a74aff8b17fa6fabd1767cb18baa86ee045b2dcb6920151038700597e662fdb81fcf1f1197d61c603d11182f932a8472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565

Filesize
65KB

MD5
1d47e92baaf08fe0329e150466581382

SHA1
159d0bad42653dc5fab02efa018e4705d8e7edd2

SHA256
992f747e91a9f24eefcf3a5909b3b851965b247d326b3564223ea3be201ab58f

SHA512
282ffa632ec281e4c43c4f94d0e7af6d628e31bd4f7c6fb2a99fe1ef6c526df7bd0b645b65cf3a6e45425293e1af6bcef00cd054df4396121cf3ada6a19722bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\068A3A96EC032C22A349BAE52497641E92DA7515

Filesize
159KB

MD5
4f2d5746820aa3c221c1cb18a5fddc8b

SHA1
1d0829cefd4404a0ec4203ec79dcf69a748f081f

SHA256
2da0822e4d23a8f48ab9b36e235104c9051a8064d243f31a424f467d071e1d79

SHA512
9a11d69103c155e3668e61e7aa8eca7c8b1e2af012428dffb31aae3831bf123ec1a83ebf9b97803e5e02681e50f7a0349fc8740e4cfa1d8aff519d89056eae64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\101D5592BE5A3FF6599279EE1795D8486E7D5A21

Filesize
95KB

MD5
62913de408a720330066be21f31bf950

SHA1
50b24ae6ed944efc6d629185a3d82a5f7540fbbd

SHA256
354ab8cf6e6b1d2c4209612a8804be431eb0a4da90ce5c57e41a28d34460dfeb

SHA512
b566ae9cb0b95ae88c18255f875d6957087211ce0a2b2a62abe512891d972b122bdc5816ce3a535cb5cc4e8c578d2ea9e74bcfa724d5f16841820d51569463a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\10A0222AFA26BA84074326BA5AAF691B1EB56EDC

Filesize
32KB

MD5
017614268f90f656de67d0908720cce8

SHA1
95ad5a53fbd059811f92574d170d87aca0086e4c

SHA256
1ccb106e4ef6285cc76bbb1677edc90d36839310e5757ca64042668cacd5be20

SHA512
efab6530e2cd6a58c2ac352e7a4c7d3f9287c67be15d79fb7aa88c7fd2f8d65fb7c69670b373f17a366b1390890fd3a65776a31bae91b252b22c3a356b50936f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\11993EA3BF3D355927605B079BF182BDF694A9FC

Filesize
109KB

MD5
10bd43ae46cdba2cd028c1ee6a938249

SHA1
b79f8f7705879a3ac50674f5ec0db51c7041f311

SHA256
c7e623a7ecdfd0ddfad284ac2d05e4dc0e676fc80702e7ab5c7357174c03b6d3

SHA512
6e3ac3900580619a3d907499a30ee11c479b206950ff20f1c99191b33cc90983b1b88df6ce06a0c6a20988f33f5ba82136a37daff2b146db643a848339c14223

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\1998B1B296DD742D05FEF53130AB1D732E0A1712

Filesize
436KB

MD5
d26f22dd6d49629a07802a5ab4bbd0e0

SHA1
06d04c51b1a923563dec31f02513d15cc794cd50

SHA256
1e3584a76c518c80b71262c61c89dbfe4fb4d3225c6f03e537bb5ddd1bb86b91

SHA512
c39048916a8ae037eb4083d42b72b7bdc5700678b46873278276ef9e3d59e067e0de0caffada00e63cb504a710598c600a0fa365d290cd06c9287a877227ab6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9

Filesize
576KB

MD5
3aa7d07282919837401027d73ed81460

SHA1
b515448b3e9a05ca8f782b7933a85817b04f628f

SHA256
b6bdf05b97fd4d3648b3c1ae6d434824ae5879f621e45bfedd5d4935ba1d481e

SHA512
76298e20318270385e4f6af8d627684208f81d3ec9d4211cacc89f88f2d08a3c01b66414e4b9b46fa12b0171253c000a7411f8737c291b98ab10cac93fd1e02f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\2B61971F12CF060DC441BEA2850BCD7F96F1A804

Filesize
93KB

MD5
b10e58a70664e2f97cbbbb6e83980c08

SHA1
31da37f8b199b4d0b273c41b99e7ce245b083b5f

SHA256
a10203673767285fc4939faa800bc75dc2883ac4ef61726a26c9f1995ecbedde

SHA512
e8ba83c7f154ffee365ade73342a2a76977192d0bff2369f8cfa4f7397e42ffa5502d06ec7a90a37fda08562d439ea3a79cc89072176777055713cfc472e2bdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\2E2D8A13C9AD336EB00270C6BBF1843E326C5882

Filesize
14KB

MD5
5b33b2e595301a644a001edc9209b0a8

SHA1
e6021b468f6bc0c6bddf32b99a36232b1a06d2b3

SHA256
3a184ae694bd2bc25c96b7165849f1cd8fb8b38e24988e59084ff2871c5e95fa

SHA512
589f02badcd48678d0895f908e706faa70f19128b2bf88c9617f89d2e859a1219e4226624209faab33957d356a39ac33eed4a77fde42a51466ad2b1973e17347

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

Filesize
415KB

MD5
fb5e3c78d761e41d3bf7ba59015f52d5

SHA1
8903f0613a1b93da3fdb044ba01d11227464440d

SHA256
10353da33c72c404c4e33b14b518d498368f507f4aeffe7c4291839b773043b8

SHA512
07fc73561cf6ed0c6d671a4317883ef310d17f396829f225cd10fb4127c69c3f2b2fd68ca1ddde7ff03c80e5c69e96e556e6b175b75a5013d0557cd28d9c8398

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\3880E07D7216EA6B15D621AA35EA5FA1D0B4B5A0

Filesize
17KB

MD5
829ae2add8aaec9337dd668fdfef6817

SHA1
35fd86ea3f2343636fc459520e1cc4bcef1792c6

SHA256
d33f8c05252647c0f3480200175fb5a9f993b47d83024bca3ab0a7737043c35c

SHA512
c069152da31230677cf03814d30a7d4a6a3e1aaff2f56979908310f31a7c8b53e1b11396ebff79dec432314d020398a74f42ebe7bbbde0cb943c26edd72a3c12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\3B9C0557257282CD5F41471F9C2DA8856005FB8A

Filesize
1.7MB

MD5
3f29b6e86ef8f2b6c6f1f085a40de387

SHA1
413e904f16dfe3372c3dc765e5f33f30b8fae755

SHA256
dea5fa02ae983ef4e0c4d6d5010d65eab457b5625790903a340994be98c2db8f

SHA512
03fe91e2ef12fc29493c0c5123d8cbad3f7f5a600002ec4ed9a75d0308f5978597c0a0eb7b53496fd69db02e9200732856d04639f2182e2652d3622cea1e1606

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

Filesize
298KB

MD5
5ba10e69dd94d74885319c9c5a10e687

SHA1
f18addcad9c3cc8cfe5c88877e26084e96981328

SHA256
42b4db8502f85123349280f4dd5f1dbcb3eb52bd8f7dc89c50188e675e1eb75f

SHA512
e294cea416d48acbaa3375247cf6ced9f51a6d178e62ea192c647a7b98930fe1979c5691954c33bc8dffb8c8f94c7551a388b878c5af698a81c21ea7889f92b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\420AE3E2A9B27A6BFFD87C9C34843FD5E93D1134

Filesize
95KB

MD5
e2072273516fdc76c7e40524214ed040

SHA1
ebdb6c9b2bdb88c35029e62fb570356a761f7542

SHA256
fbb861a49291c40ee011e05d8bf14fc3b7f1e48d6149993281c680068fa6052b

SHA512
44e0445579e7c6afbbe5287d6b85d85d41d5c1f20f955ae482f104cd70474d001fb7b1c23f0bc0473f6363b84d574fd80b032f50d4c47b46bb1d572855cbbf21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF

Filesize
640KB

MD5
82a45b22667d5d2e2b56510c21dcd9f3

SHA1
1b61a35cc16d41bbe3798b85be9c05a01ad2ae08

SHA256
9bfc53f88c555d96bc9cd7d387c133c56c4cc05354743cccccb71e52745f7651

SHA512
f4ec3136de62a82cea7ed9ad0eaea498e9408e225dc61bbdf56125829f0cf6ffdf11811abf40d2b5b23110f624a2ab27788d43b0a8c3dbefe4fa6e55074eaa3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\4D01340C85764E13C0E60E2C62CCB49A6D574812

Filesize
248KB

MD5
ff3fcd64ea72abaf81ceccd3082712e9

SHA1
d2695bf2f146e9f37327b17fdcf3dcc607c3080b

SHA256
a28bbeaca9babb1b155873876887cab4f6f3f9b82d14a4ddb5dcb8ec8d9ddc68

SHA512
7c7025d6dcf0e09420fd923f022f622930ece7a2cd5d09e6aab8958271acbaa00435d25a6f16f548ac432ad6fb23c1e70b9514ac71a5fba8eb3219843e16ed1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

Filesize
72KB

MD5
bbd17361752b8ddc37a5ead104fa7149

SHA1
3116cfe5e6ad7e85b95c91cf4a3322b995333c19

SHA256
97e66248f82c79f50faab88157dc7aedf5866db74421084001912d215858ee20

SHA512
e6c5382d850b0eb79f785bfd858893de45cb50aeca001c80510d5efce7eca1a39c2d5d980fb999a3581165a6c8ee0a04c1a71ea6f1bab2b4a4bf2ec703d85765

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

Filesize
66KB

MD5
c8e194b766e3bbbc6dfc57920eb0be6f

SHA1
446f0af835d6c6154f6de3e75671ea802a87fae4

SHA256
8bd9c627c52ef9e3f06a599cd215685fff364a4befd48aa77195b41974af338b

SHA512
71981f1521e1f2960194ed5cae43e16a5503e60697bfe552f0eaf8f64c3b442b289dcf46f4b3d582ef91471892b1fbe95afc474b0b847eb466df04b7b913118d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\654B47743CE7C3F27A37B225DCE5D885AC5881B3

Filesize
99KB

MD5
4fdf2b923bd669a9f2b273b112312f97

SHA1
46f278f73b4e9464b9d08084e36bb271ff087fb8

SHA256
5e20022de13acf5386a8e66b32502df7798b02020403b85e60a159c653c5d59b

SHA512
e0d8d39200464bb97c45ea701ea986037f0cf24f49e3cba9ef65efa8269503a9a7f1baac57251475e1b769804ed1affb5567957d2fec41c8097c005985c4637a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\6B995C7CA46FC5BA0EFF9F15DA86A8CAE4C276DF

Filesize
109KB

MD5
1eef6fc0e93d66f51d87762d27638083

SHA1
71323fde6c08e5c1ad81b5c4c2b07f70b0e034c1

SHA256
3d8fd5eaf27d10d3ddbd0a27253be310c91038685f2895bbae92d6f92c12f0c5

SHA512
51b5aab25bd8436775ec4485ec3e595f03c98295b9097f94ea325d5b3970dc3c0c25581e7e1ec0a0b2464f9c79c122ef0f3c7e91ac82061bedf98e0cee8a50c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9

Filesize
495KB

MD5
736c0629a999ea9fcfe5211161fc1cc7

SHA1
fd159406e50014f96291bca985161de837faeb09

SHA256
79179ab443352a5838078cf8b8859f0b88fc7c6a8db9b7cc62558be845e2457a

SHA512
42a42393db1cf8a8fe7ca6aee04bc161b5cc715726cdc030e79df2ddd1c9326bb3da494f6eb8fbff02388c089a865fc6d2398ea2cfc31a4ccaecab628ebc0156

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\73CA817BB3D004E0BE60DF2D5A29826C81C0EFBD

Filesize
1.6MB

MD5
48e8555654df6b57f517efd5ad6b0a6b

SHA1
3729b6433b13779d411097793cea69262d2cb280

SHA256
e9dab187aa59b7780204d4a2f323f12f52b60dd335c82b4404748dc190cd570f

SHA512
e6ced95e64211379a604374bbca9d30d6d7f91f203a4cedb5b66637a307e12344b8c5967e3db71668a5f11ab1f1fad65245848eb2cd3a422166af59d63f6b8fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\89DD250ECA7EFEBA5E633B02368E63096175BD7A

Filesize
313KB

MD5
a99a9857baa5911dcce0f8c6e6f11a30

SHA1
9ec6e3e31b9afd2a3a093a49685a9be07e109243

SHA256
e1fecde3ddea76d6a3ac2467bac4daf1645c27c24e38e9eedacb93181a10f074

SHA512
c36604a6ce8644b7942ef9b6e2b941e86eee3522c9fd020138d0571d03081f7f7b4fe1e56f9ffba41dbdca17f77e3ae6f80426ddef47158390bc5930622cf30e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\903E00CC0EDD76D57ACCBDEC95CE0B3E8C2B9C11

Filesize
113KB

MD5
ff5de6e6ebdb92b11fd9ddd023637b68

SHA1
8d68c5d79c72ca4e929687520692c3440db901bb

SHA256
3a18a3b18a35b1f4de0b86eed113235c7ac370f37ff349de78944f1f37fb6711

SHA512
587625807fd31e6ac24fc6422d2966bfa10362825ffb816b17afec10ce2bddf9540df430940c893076160967fb1846ab9f05eded31b9c98516bf93c536691186

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257

Filesize
129KB

MD5
ce9fe0d8d976aec31f0b2d84830a5719

SHA1
2da47d2713415dcf612316c7e47f7585ee8a66d0

SHA256
2f8af40b4285402ed0bb4e6d2f66d5f882b4b77bec7e7c992c050d3eb5f7d34b

SHA512
e9f4940d45f70b3611155aa4d542534684fee48873950317702627c8ef291baac843a8222c1891744028c422b6122c67434ba7ef0b540857e554339837074220

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\9C29916B899C579DE3BA8409A772D155B031D381

Filesize
1.5MB

MD5
f0e1d871090342a79a212d3f305f74d5

SHA1
805c14db587f4e031b556af04ce72dd9136a46e3

SHA256
d87b37fb82e4b1d4f8e2a84fc546a7c598ebb8b982c122c5a683f6870447ac07

SHA512
0d288cc2a4beaeca7f4a2bd6d7a663ee68da93d1d7b6a52f9b64be03f8223603aae7d5453bba2ed943578d9e00e46231244067b00d421fc4f2ce1385cb66ce7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\9E153E43FBA49EDB7D2FF3F00D771FC734829899

Filesize
61KB

MD5
9993dd3f90330442d1d1d445ebb19ef0

SHA1
d79de29ed7abc61a332192152d12e55e151291a0

SHA256
1813a31bce8ec0f76d4ae9f69ae64958a69edb7945e9ef8f93f416dfe9308932

SHA512
99c694f5a1bec6b4c344e787f52ed91082279ac3137c3dc5cde0638cdddda4bbd6c75570c11a6e982fdebefc626e8fb0e2f6e0493aca022770b7204dc8694ba8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\A3669997C29A593318DB7C53EF22B262962C5C68

Filesize
61KB

MD5
96102b0b817d88342cd12e0b94bb2b48

SHA1
cb5e9a18a9d5ece0f8041dbe324a3b0bd89d7c42

SHA256
4eb9f863cd19cd38a94786f141f3fa18c9a42ba62dd80c469b260cf62774b544

SHA512
322b9e44aa1533cdbc04e8f0e7cd492b23dde8c5f86bc32e8cf0b56a2a376e718fb7639e7b5e3d284ddb08b4f5ba71db3b6146c38855a0036874fca84da45120

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

Filesize
791KB

MD5
c4d117b9bea4013d31a1cdac0b63126b

SHA1
a406d16f769715245db1fce71a0bc01639d06491

SHA256
7791ff3bae412c9e98c3758c1cb2834cda24c3e2f92ca95d8e5e6bbc00e4ffde

SHA512
ec4e64a9195a2edcc4c82e584c0e1c33b78c9e91fcb43086563ad9e00dc2a433102c5b6d1e21de125e223bb9c0e9c904e97e1159aa118a31fd07965b01a2aca2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

Filesize
328KB

MD5
dad1393100eb32c6a93c2b4f8db99500

SHA1
0bc803a3d148b41703a498fec8075fdd4568e301

SHA256
0f9ecc0ad43b55b723095f18e1db5a83161c54576e317bc942142274850f1cfa

SHA512
5c9cd074850bd7b6ecfbf9fe9de7b884e4ae3996ac2cce9edd7fae0a4d063158589393212c972964aaa61538cc4c246cb6de15fa5520689493ccd72db433e06c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D

Filesize
1.2MB

MD5
1e2588ae294d17c6940ad946939a3235

SHA1
4d8e3b36404fa6d52cc033836cd3ea0a053d831f

SHA256
02acb50e818100079e282a4dd3615204ccb2d2ca5c9024d2bc0fd3e7519d9b7b

SHA512
56c1d2ab3064fa0c2298af841e421476ad976f387f3b44c4358e36530bd190207e4e053e624f5350af6f719c5eb87b7cd51fa8b6b19a549d728959579aa8bb23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\CE9427DFAE14BFB3F2CAB7541316CEA7917D3BC8

Filesize
507KB

MD5
a03fd2ff4c60e79b2cf548fdea6eb5c3

SHA1
de7fdc6684d3b619883e048c05626d6c8d977194

SHA256
f865913882e3ae95fa0a1c5ed47c6b1020fee24dfe4d3158d1f5956d47a4ca83

SHA512
888441aceab93c8e86888a4aedc8518c0d813a7c7b1c67a0b3472025c082128562e7c10e31f01c805235aa898a3d688fee2a064e7b69c8a32142fded22465b57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\D0F55BE79E24493179126C561599707B9926144B

Filesize
13KB

MD5
69f2d8aa176d722349384af5275f7761

SHA1
b0a7b75ff5fac3f07b3e2be8ba103a11683f489f

SHA256
53ad7937d8341eda97ff18fbaf503ebe87e78b63022d58f6f120015d008d1ba4

SHA512
d70ef4f08200ae9dc0fcd0e9a0d502f6ff3b326414bcb12732746fa665faf0b7e3608618ba4166b1129de6562c1db8fbd9c3c32c358b277fc3e996c86134c326

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54

Filesize
110KB

MD5
0baba04423fad702df4400a6e301f157

SHA1
8d20639bcb884cb75fa3439d7b23acb118bdf364

SHA256
5e9ec221579d31ed6aba632c30d97378cdac77b56bb2c1132a13bb18d3fa62bc

SHA512
243c1831d83c494c6ad6efa0be9f1ae4a5ea80e8b1d1c78514931c97d3e69263df209640a228a59a64605dfc18fac72101433c93c8dc3933b20eeb491e81f40c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\E541D0CA9D282971CD0AA577C4F54D7EE1CEC699

Filesize
227KB

MD5
6c6a04a2ee3944007220f1b710427f2b

SHA1
5706e1b46fdceaa2e8747d8f5ad75d97ca7f1019

SHA256
2b0d5fe02fa8a629c483364e6a6f37149a5190165199c5dfa9bf687a0f9cb621

SHA512
79f12e2ed2fa6b5ddbd425efe4eb28771f44c97cce07dc7a044b2f44d62e7e0ee9c3f067f1f921f6c29d952750a8585a94c3f3b20bcb50a8878ba0fec8f99a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\EB02219931990ADC60A0E90FE5F903C3BB50F5A2

Filesize
68KB

MD5
5c813be8bc604e74bc0dde2ab6710611

SHA1
4b8206c25efbf123c44557176f7f847cbcea5af8

SHA256
492003ede1de6bfa57433be01c885f507932217b7b9a0afffef6fc9863ec91f5

SHA512
5c96a55b52da989bc9305f8c20b1b4f51f7dd8b047fe80332a7712d07f7795689f37e843fb54a8425de474dfd97a0e7e16db3993e80a340585c0a1d1b3a0d64b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\F18CB48C0E207EEFF19C3710CA8433EC5E623A4A

Filesize
1.7MB

MD5
d037ae4b2a7990b8493ce5d54bb055a4

SHA1
7b8e125224ff997573eb08fa8202b1790cf90e3e

SHA256
023d4b102ee06be9b1628696e7a8a25fd36441f02683743736e92345e0153b5a

SHA512
2215144bda0ed82382ee63ce43698d4db3425cbdeac2f861588a608d939cec5fc65bad97e7b3a487cbf95fd6b321bf07a58d5d80a2bb54ab7d5c7ad6b0936e01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

Filesize
692KB

MD5
2d11fe689d638a38020e3db7c1c98cc9

SHA1
9071b6a4662a940b6333be11eb18d552486dfc1b

SHA256
fbd67d11c2cbbb04cfbd7e37de48d3cfc2da68cb330790e59bbfe4b0af68f87f

SHA512
c95a9a9e59bd22876e61b8bfcd4479259cf86922d85aaac29001ee3dff11eca36dc3ee9e77dc86ea393510a0c877be653e163b39cc0ec96459d82a26b083d111

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\F54E280FBB6281B16EC8A94E6DAD708269A9ABC5

Filesize
147KB

MD5
fd6c2e0183a8de755d369b7b60d5d37a

SHA1
2fff93ff4ed54e9d584f667bb00170afae3a5345

SHA256
edbe63b0157c5580d24a3b29efa461b3a9d2d300eb85224f5afa4bfb1a36f825

SHA512
e357770e2a38ddb768891e90eb4b4e5748b4a8644cc9d4af7e36ea1c2e990582648fcfe4011815c291af80166dc55ce8ec03f4d22d3f5ea199283f0ee7b6ba52

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
28a2bd852251b28642665c3e29434c5d

SHA1
2ddfcfe524aba244a791956d45ad2f8b085570cc

SHA256
7d892fd7388dbe9839e45ae3dfbedc156d475c6923c07abd80b8cf486aa64bf1

SHA512
dd2d042becbda6c10bfaa3dcb569bb4e67c28969063c99c1af09a00f90a9548e4e049c526e02d5615e4abc18f7b50b78bcf865533197bcb63d276425e183e190

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\797706739a30b33b492db91f27663c44

Filesize
5.9MB

MD5
797706739a30b33b492db91f27663c44

SHA1
44980bfc6ee691920cf08396d899758954ca522b

SHA256
d54eeb1cb983c99fd3d7ff77f99ec8cb9940b20b0eaeb8ed0dda408627e080f3

SHA512
78732213ad3b4f49d854dc13dcb4deca6e04c62e893393d8ba9f701239dae07ef90b06920bc2913dbdd5637f1b4df94aa23693faeac786dc87984ea35b147229

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
94317df6a2260495dc256fd491d5275a

SHA1
97d80a40107dc9e7f9d6ebb697681f1e534f2ced

SHA256
b5402f64da52fe110ed2de2e51eea822a45a6953230900d2abebc444e1d820e9

SHA512
03bba2154b012627036d0d5ce56561ce31e4f7739cd77e21de48fc84d6ffcc917ce7c5c139474372440af4fb845dd4347721a7a25d3c70cce07937037406d536

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
1626af279799ef21d227f2881a44addc

SHA1
39de4d6c524730578af5b0afd9fa448149bc6c78

SHA256
d27c2da88e9302bd985bf8b556fd7c0c4023b26cdc2c1c2a0cbbbe1f98cdca23

SHA512
06d6cdabfb0e8a07a6e3985ffa4167927972a7a755a377e31a4bbc595c41e19ffc7e3781e74be4fa595e362a7cf364fc7d3ca4af033966fdeeba4e1a304f13e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
2e658514a90faae78d2ee927eef5632b

SHA1
85b911c091a964a515a4bd5e9dbd9fcd816be92b

SHA256
aa3a44bf62d3611e652aa73d4fba6410cca4a49a2da000ef82c2c5a055ccca78

SHA512
bb343334d68d3ee3a66511f7bbfd3de19ccd4c01448d7859c7eb32109119c260552549d60252db09e2e2f142abae495c91715bdb10a98ac44aeb24f992ba4ba5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
8KB

MD5
eeba793c3a182c6fac7a997f8ebda6a4

SHA1
f1c36769b4632f34c330bd124675361ab766406d

SHA256
950b562ea71bfb0b1153977f22ffda0962cefcd0cc9fd0b96ef5ce2f9ed0d8f3

SHA512
08d7ddc63542f0e95cf5d71f2fe0a5942d94ba4f305c9d2a5c78c9affd9bfda85d35ea7f11037abf65c3b96b79734c2d45114d113da8802ce29a426dd7a3aae3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

Filesize
11KB

MD5
ccde5b068105aa0075429beb5a0263c7

SHA1
17f24e8b7e3ac1fe96cbc4f36b30963aabe743a6

SHA256
994d81e584601a7653b5629b0466b8e11c954614cccca3b76d59426a3fa7f301

SHA512
4df02c631e2c65098f1355e2d6bfe97449da6a7b0f369c840530f2cbcd57fd4bc634c07f4d34a2231d291f46f54f27e2999e8aa4790b83be34bb59683d9f1116

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
3e814295f0e3f01c7365255cc1381bd3

SHA1
e5c36e1f0837978452573d9ca381f714d27f8785

SHA256
806f496a422cb72eef9a920e2c489e582db97b69c7aeaca94af08f1e953fcc3f

SHA512
50c748d2343cd1538e4e53cffbcf916871e9a20e55cc6c7c69c7a682456558bc25d34d14a1f6b75f62d7286dab6c21f16a853f08800707afd9fd804ed500fff3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
7dd0ab43381a2d0b11efaa2203e28e11

SHA1
1c169e76ff97e780a53f88a8028066284b49d3a1

SHA256
482466fbd3abad57d66785e908869541483fffda64b793e9d82b7f3a926ef4c1

SHA512
19d194fe0da67cec94aa064a861db513be18a78e670b4638c0451545181fe73af05fcfd8a32e4ae3c70b620cbc662361514910bc844825f12f131100cda0feed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
437ab7046df1e52442447f475c5fb2fb

SHA1
34755ca4aceff766b49128c17d2ad8d103d552ec

SHA256
5dd4b0a75e9f8e30892afe31161f9668b742d561918ba875b6c3aca586adff8e

SHA512
d850fca807009c972895883938a3719f125c16b2332e765b38c761e533dce4cfccdd205f48f4beeefb8ba7d89dcd38609d0380158c6b3bb2ea2be2bfd7ae5348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
70e1737f07e29382f4d07508b00e7a9b

SHA1
b9fa4feef2ed46a3a80a13da8871624a6a958a12

SHA256
6fd6eaad2f53c92352b02a0d78a8b9d47c2ae402de75ead7ee5994b03dbfd975

SHA512
1e8b5125fdd2d56b6a28efa8e388d8301e5638195cc52f7e06fc4f4576b10f798a8dde8f9d4b5df4ec79a0cf121eb273f6708b6e8572099a7d9e00123f5ddaa4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
5e1cc0bb8f4a0e2c61e38b4616e55b31

SHA1
497b97b435834a3b50d670db41d1d81f14d984e6

SHA256
672e1110f59c401a9177da73ed48cbfc6a9e8f8eb100f336a712254d018b8efc

SHA512
efadbca4b4ee5eaf2512176c3e4128d4f95d0e847f7de1b8ac78e7d183dbb45db69b386270ca41b5950aa94f8b6ce4bbe16b896f730386902ae98a09b7d7fae9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
85KB

MD5
f7f879c1937c6b4f1a592225fe183e30

SHA1
69382718456f271cbfe50d6b33a0b80eb372e1fc

SHA256
66bddf95fda6a44a1e3c5ddce67ec1a3bd94b9fde05f27f9c34cc194dbfdbbc3

SHA512
457fe1e0af9bef72b6f0451fcd2ea302ad9b4b0f4b5e6d879be8ab4a9f024151232fd294ddf80ebf37b3aa6f6ea0832e264157cf789e698ecb9beb26a51d514d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
85KB

MD5
4b3dd9dda37fa036c16031cda29421b6

SHA1
c1fcfe3aa9f49728c60b85f28ececda0d7c9821d

SHA256
c1d2c49d6e4dd1a370fcde4ec4ee34aa1adaac2d67645780f20ac3875e1dc0ea

SHA512
e98aa8c9bc00bfdbbaba1cdcc41f7463bacd0d91ea3d41ad99b1b1b069827b448c285811c693c2082ae50fa348113fe71cb9957b99eec89017df9f63c46b46bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
8f59904831989ae3ef7f785f74fd501d

SHA1
9d5a652d829d1c7dce1696b7bc0831c774a559d7

SHA256
4179fbf4fb15b3c0d600ddf4894d4d95a16a4907ad8b2572e640b4b2ade546ad

SHA512
246cd1fd599661deda17c5e76c3024dbdbdc481f86bdadb4f81346af552275bd5a8d6ed94c9726f404dd9eede9815d94fbd08ed864d7f8a0e012250306ca4e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
97KB

MD5
4c31a9f0d414c680f43370290af1dbc2

SHA1
37e1edf3fb893e43346e5cc96b48f3d10989d985

SHA256
16881b923ea3732b5ff0a56f14c9a8f5d9c9827343ccb35e71ad7c147675c816

SHA512
cdcd4f9cf859301a8767f0845178467598bd047000f4c29d0e3dbbb13d93bbbd944a9e9fd405715558bda5f7c06a607e028882ecdcb5df4b033874396f03e96e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
a4f1bcd0f6ff83ba4f9393a978e9107e

SHA1
049d7dc4b4e87cbd1d9c96d3105f4c99e9f168d2

SHA256
cc04f92978e614eff4fb2218e3b46612954d28aedc3b573db989be344aa9c41c

SHA512
4bf192d26b5a5f068949826e931fd5132aac9378fe9d305640d3722a888f7f9e4e096cdca12969e541b9f8861ce93378b43e33fdb8810b8dfad6fc630e9b886d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
65c47982cd0ccc2df422b7e4146e4249

SHA1
30ec9d0e48ac959d8a60cc946f517378b1792a1f

SHA256
1a1145e4783d54db03cfdd9a0a59908c2e6fd89a78250abee3d18b3889ea98b8

SHA512
8237ba9f69475fdc7fe6cbe90571999523e733f3906a3256f01328a20151ccaf484e598d1d4886dabc5da490778e1afbbc67e64b345e2b8f464bcdf47db88605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\0084ebcb-6454-4fa7-bda4-0c4e93dc4d66

Filesize
3KB

MD5
b50e43ae9fb24aef521f1186facaf4be

SHA1
a818ef03f9b173be1fda1e3dcd92d551fa277ce0

SHA256
8583d0fb48a2fbc81ce39f6486dd1c0606913b5f28d4a876c3411d3721bb3aec

SHA512
91d5a814279e8793ed4acf89eb550498b35b74749c18956da7a14ef8b5983117e4b0dc32833e709f6dcc6b1422a40f07d18485a960e885a7d9a69c350e116f6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\6fb248ea-9250-42f5-80ee-3c40043faa29

Filesize
842B

MD5
c19d05b3508f2cc0a9faf4e40bdf6f90

SHA1
105327b4a5d256911c88c73b1eaf4a6be06214ab

SHA256
0f723d49ab7108ebd3c8d1e5446dad876f3e559365999d4a0d7c432b1f7deb5b

SHA512
14fa32020dbeedbaf1a01acbf61fb72df7d44ea461e243d4f75fe1230b3fb37569a4b7a04d6e1eec7a6229ea95685e77a7cc1fd2c48f0adc53d0f79ff0da7431

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\72642d2b-adaf-4590-86e3-4f6ec93bd2ff

Filesize
982B

MD5
69061628150e0a295cfd7f623a3f1363

SHA1
93f274196a8693c7cee7c2180d428189ce115231

SHA256
754e0a118470652fe805b7fb896ddf7f04647b3783ff1c87b56e1af2b63a515f

SHA512
76aac77fb7710bd3c9779a214795d976b0d9482bda3a8ea5100b20117789d307f5df07006969ba5ba794130110280d26a9eb3fd727bf0b02e0b426d019915f72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\a2b6fbc4-c9c2-43e0-a7c1-41b426cb9304

Filesize
659B

MD5
93d8a0a0e8159dcaa7cc9d4a53762c3c

SHA1
459a0bcc2529d006d81d66d96c0e50069ef79ef2

SHA256
995e569ae45ae147edad9933f84571a170603d445701d758f9f14fba091e2acf

SHA512
af2b54243fed5de99c4d2339e9b42d7c96176caa3a55fdaf229925fdc592f4d2b31d1461ffce4a1474202412632fac1555ebae13705f363dbd58f06d302d5aef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\de6dbeaa-e442-415d-bb8f-7748afa3639b

Filesize
905B

MD5
0cd850f91afbe2237665b766ce961086

SHA1
df3c89fbbf19a7158d9546593313969353240d38

SHA256
46693847ae9c68e261aef8bffd1ada0f96d67d96a076a2b1048f59ce54ffe0cf

SHA512
a9767f2195d87a2448fac599b8bcfd137cd74901601fc09be570b3340218f9b381e92fe2c2d698cb959e7956165daf2e4268fcf645b580d1aa6dbf5243dfdff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\e2f301d7-6040-461a-a249-225e09bebd8c

Filesize
676B

MD5
78ca5c2decce42bb1c564442ecf729ab

SHA1
088b77909bfb5b2c805fa03148b2fbede1a8607d

SHA256
aff3d445f059ac6b97deb399951b3bb5465ae595aa178f033173f7a70f627e7c

SHA512
eaeca68cfe82c5b06369a624f3c72ad724b8fbb45a90cf7b82b3c23511ea36f9ed4be5befadf3b89b883e5ce2e7345c8b703a3a008698c3fa500f6e6b0ee3cea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\fac1f402-f0c8-4c64-9c04-addddda3adf8

Filesize
846B

MD5
f10d43aa6acc79986f1bfd1c60aab8b2

SHA1
d083b30e028c6a27c0c04b76779840e54034eaec

SHA256
d08951b3c84eda4ec882d166d2a52a715a835dd7c9a7304b1b2fac640f103231

SHA512
c9f9658ef0d120f7c2b4e1d8c79547f52b5aaa76dcf21c2c1dd5b6dbcfd59571dd2632e199b5085bf3d51388c7a2cfd4e40d577a37a8b1493c2f7776e5b71679

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\facec5ce-f7d3-4ab0-a06a-1546168e9b58

Filesize
2KB

MD5
af26be9d68c38ea62d0b2c1249bda74d

SHA1
967113b8896f9b57cf5729db2b10587cf42ee90c

SHA256
4a7a02a7418cf3a6e4963b73a65435160f7f27c3f35de9d79116b319993fe87e

SHA512
0a9e504bf19668ab5e4d8e1881ce59e996d3e921567293cab504b58637cc12d6a7c4a0cd3ac70781eed13dcb1c2a5f339f99a2412396b57c9a26e4d50d29412e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
ca57b980d64d03452f8fb16de6409e57

SHA1
4ea6f024fc810d0820dd15f3f55ccc492a5877be

SHA256
99bd5444081066bcda69035a6e80297eb717ab7c40beada9c7b032801f940b24

SHA512
949171c1d8a6c0280b62560d3a3a1e58a378a21ae469af235bf18c1c6c7c6783bb1a34ef1fce9a63e7b624bd171c54a52fc2d65c9341a5baf98b43eb582a564a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
12KB

MD5
d07950aa6523ef20207cf81115ee44d6

SHA1
31a20bac0c4285a866e7bbb95ea1f558439c2cf3

SHA256
e64b7cde83b4e0a2c53c126871a085f73cd2856a142fc95fbf0d1965bba7eaec

SHA512
4f2727aeabb1f95779259446011b7abf07af3abb566b8f4b7ce80ad73b06fb57edba32844ee67f0eec481af704936ba2795341fc63df339e3073e5b9812adff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
7481712df1b60d7b1c26f496787f84cf

SHA1
cc3ee20055802ed046655019e7104f9cc57fbcd0

SHA256
d641338180c6a8a3a9609d3c946ce2ea90d9f6582e65e5cda4a478a70398f80a

SHA512
fd962ebfbc964c3903c5f0caf49de803a4d6b5c3536b1784a04e27d9efbd921f0b73ae3e3e4b8d614284674b056292d0a6350a1fae1c5611c1656aa88a7c2e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
caad106d0d7d9ad22a5013d2e12d066f

SHA1
1bcecd260da66d1d074b51a464091e3e5a7d31ab

SHA256
76b75deb8a1bcccd04f262faa20d4311f67b7c092665876e7c5c36d425a06fb0

SHA512
5b4bb5af8596c2341b1eb40a7217c28c3049ff96ac51f8edced930cbff8d1407664affd97d32ebb8c3d857690b60ec88706efda18251a2eaf982f53a7247bc31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js

Filesize
12KB

MD5
cab8402e11188115579974923cf52d02

SHA1
31f53954d0f6d84034b3ea80e1b8d2dd7d88c94e

SHA256
2c69264045da21f771cfcc6c8394a1a18b8eb3b8add7f5e15f0f9c9d75905406

SHA512
fa65a812eedbaff9821f00b4dcdf91f66b270d2688e65ba28f86b7cb06ce10fb767d3194c70b299a02f2895ba60f4a3329245947dd32eb1d86e7d2be9b845bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js

Filesize
11KB

MD5
261ecefd7c9be079c84bc6531d0188b2

SHA1
a5ddeb50910e1caa94e23316b77a9886b7ac2af3

SHA256
6b2ef22a712421b078fe556749cbdf169c20a8c2943f1ed9ac889a3909192aae

SHA512
64bde373d957d5f7e23f1abaab6a5a1685cafef3ef39dd0c872f1f7bd6f537dfd24a3f4ee554fe3847200a8ec46f9febd68cdd2092eb69a48d2c0f41f54ad147

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\serviceworker-1.txt

Filesize
164B

MD5
676b2885de49a3e184a73ad39615f39c

SHA1
d7dbcbecd573bdb9f472e2a99e21d43e8d7319c4

SHA256
74665345bb77693f2360053215192c0a78b5078177ea31a4d586670bc854e352

SHA512
eebc681a8876a552b5c42220baa149c05359d30fc8c513d7a257eccf0ac518896b617596889d125d8b9d6ecdb31f3cb78074e6991221b7edc3f7e60cfb497d94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\serviceworker.txt

Filesize
149B

MD5
e8c8c687a0ece4bf492c4d97253c0308

SHA1
0d030839faf2907de5c8e2242eb28582ad14d355

SHA256
e8b3582d5afcccf5964a35b0d32ac0d8130525bd6b41bd28b6dffc25609de097

SHA512
82ac028b552160b45ef7fe4f67212e8c5cf4870d731417a56a593be163790d3aed620627a4eb03dd653a9b75a4e292b4c2ac00225757d534e89a670d561f3371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
ffcee515467fed291d6c4a3c704b484e

SHA1
22bc4cfdc11749fbee2b2823a3f10c9796c156cc

SHA256
1779cb22f6c758ba8944b0a7bf19e7b734b78a6405747f34f87a52f7c7e51069

SHA512
08eca327cc2995d8527a559fd1268b46164228c9f95a5e28fcf0c93930842afc41b64af65a718b5fbb3ed2020d8588e853ace208d58ae84c9c85493fe31dd8cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
66b09e10ae52e9b0a17f21e22630ab28

SHA1
9c5ef73fc0f7aee2b551f3d5b21d7fb106dec22c

SHA256
6faaa9ae9f9a110178b267a61c916128ee29411b34315e45d460e6b005ed7196

SHA512
b57a3c4161b7c93dcc9c6c52dfc466cacafb9cf7d36695fb36dd8c4627bce48a1f8d31005d77d38b10e857f8305e52abd71aeff0e627a52f41fbae6294436d35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
30f35e04db7a742f762db1d501f75faf

SHA1
4bb3fb2984ba22b450cd57b659692e53a8569def

SHA256
e266a06a9b0a78ce1464ba2316eaa8125ff4e33e253fa3a72b8392186a60a1c1

SHA512
4c4c3817a633bbb41070a2ba7c62d311cc623bee3b27b83c20767f286bf8249c89f21097e23917da93a1cf5e08fb866350c9ce15bd0f37f54b58d3cbd97325f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
4b7c33459ed608da3dcf99042ca3f0ff

SHA1
3815e35114c274f15b4ce712eeb0ab7ef8b5750c

SHA256
e9064f9e47e4e82cfe57e6142fa3db67421a4b633a4f491ff1c9a4a8f14b5cc3

SHA512
28a7ef0d2c9878f8fb8a29426a1f906bf50c7d71a44adc41a321c0b6fa9a50a6165c3b35a0466cacb3349228b8bcc7e3959572b5fd5e4451672fc3ca99b1f2dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
ecfd7eaf6c611e600c39d45a002537c7

SHA1
025a923dbaae23bddda00a6d6f049dee0f82e14a

SHA256
54959d93e2e0badcfa684499d871f94f518d09238786afc9999acf0daed1873a

SHA512
0e63829018057de71c787e4123bc499d13bd10877f209d8e3a4b7050568bd5c27850d5fb71e948ed76792dba45dd0db4cc550cb525d80af72d2bc5055d766533

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
65c8a7fd598969b5f4fd0596c0cf0333

SHA1
e1798ca32a31a2028260223431706c4bdb38498e

SHA256
08a4c740d8d57b589ed08bdae25d59a74df72fd24907c73954caf752d2c2bd4b

SHA512
0bdf7afce1643d3df547632ede2351a1276d57373927accef5f80f07362a27c4558915c10950b10ba0a077fe587842df893d27276ad813c81adec839bdbebec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
2319540fd792dabec9e483a21587998f

SHA1
e3c03032cb30159e0f4e087f8b468e474f19934d

SHA256
527b855f7c2e85ba449fe8818fd50891b21b2488f0849512f53d31586d666fdf

SHA512
a2c123125e125913b7a2d3b8007e572303943ec229e6a6ff1576321c969ef3f8e15b5275bfa8dd73e7ef6dada7d367f483dd056cb9a79a9f74d2227fe55e9f93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
13073cf1350374a8de42aff6533c4583

SHA1
61ced0b190b497dec8365cd1e78a6ea37c1b8e13

SHA256
dbd51f63119bca42436226d571897f9f8f5edc132ac17aeb62d2e293353f9632

SHA512
9fbc2cc9a0e34b5b6e7b53c10f68b854bc32f47196ce93a3373083f8e8f2617126905d838ff8beb9a18333aa17e09070df7a958490efa74a1e7847cd77efe2c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
4225c85ff6206e1467e4f3231668c06b

SHA1
b6166d21c1f7322f273f3c73ca7adde3b0003c9f

SHA256
4e44d0a777959e5f5ffd644586ac917daa1a3317744e3d96982244b5dfa82fba

SHA512
b1df039e7e159cd9b0f719b5fd8f956cdd9bd1aaed7d7079ffc19e5b8e4ff3a25a4f98e1104adf14740614492978aaedaa89807166987b8de7d408925ee00dbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
7b7ac1627f6ee2a476d0a44e91b4259a

SHA1
f3f5eb91ecfbfa437712320af42fb7cc6a480cc0

SHA256
4bf3af0689fa35e00987a8f0593f05b2a5767f82c60baf65655a370ea12e0e7f

SHA512
5233195378dfe77fda37eb07be2cea7c7f9c76b8a3d3dbef3dcbfd44bc8358bee92bc3aa428b7d23677aa7be4bf2cf38e8d225c9cc55b6e42877a2d82fb00e45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
6193c25868f7fdfba249a604af7f23cc

SHA1
02ac9fc53288908630384c9d4308b19deb2560fc

SHA256
d04d92415eccdc214a2b88b54bb94988b8673b5bc30c5c0a603091e4df85df19

SHA512
3dcd76195b473207d628987e29780d28019afefb5f5f3ccbf0af85c120899057bc9300259b16a227cb66e1f7d233c1e43d4a7e0303a99b67e3570fb98202ac17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
95fb36301ed4b300e3a7e6170415ba51

SHA1
1d6ba3e448c6fdf637530850633eb37dae0b2e57

SHA256
8cb889721f64d0ff26b4581f7de8fb9332193f1fb5656dcf89c754d9412df84b

SHA512
e6116921a1d08b0e9f7fb1fba90382c604f6a70aec3adb3c77edadccb85f8ec93ea176ec8bbc2444561c25e2cfceb1beba5b944117b1866ec10ce5d084d03741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
acf167bd9bbdac999c71492a74b87dfa

SHA1
8013b3eb9db2a9efabe3bc1e1bb8be866ebaa796

SHA256
9867bb57756f3039b73e8b1683c0e6c82a406d4643dd2816c9e363644ea5a021

SHA512
c24925f7d3c1828c5cf1844a43f03faedc9979c6d09a543021f700097b759edb60add7f462e07fa961a2c29e6cb1db658563429ae54d105048071e99dc2f87cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
583ac468fb57dd7e0a5f2388b18f6ba2

SHA1
21d4e296d70c1d78765826dec5b5c7867c96ac7a

SHA256
85cdae3f3f04311f35284062b6ea3e832d480f5a18b6bd6c018e25912133a311

SHA512
081b3097751b55fde7d69e7ba2371e83397a174c4cc2d609584c561c388d4c2e9a4f1008d5c86cee401ac0b9a230365a0ff46afe7b1af7891d250e506b14bc80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
941485d359e5837f884599c36149e0f2

SHA1
fba72a868360f60a7a191c2aef92884e0e51281c

SHA256
303a9c8e7c55f09a41622ffddc18d1bc1bac1f569e365eac10b3fe3fa7266071

SHA512
348b292206bb81b75819bf7bd703a18b46c954db9f55fc28cf616a3913ddf7fe52dc00b41b0710ea3a2f189902492d694b0ee6739e9bf2a94aa3e06c98c9d227

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
ebf2a82c71292a59f1e4b9cc694a7eeb

SHA1
2844d81f47bb02019847c11c3cb8615ef67e6ce9

SHA256
27a9538d7b5324057b56a520b8adf546ded3cdd3b5931563343717702911566f

SHA512
34bb27286e2463ad3a148880bc01ccff74b0afda4f797e2d97351ab57340988f4b75ae379febd701a6c74f54aa2e2f546a770539892c8aae76ce7697a255c697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{82422313-83c0-421b-a2cf-a0684116a467}.final

Filesize
62KB

MD5
2d9cd27cbc8541937b109171c3bb1de1

SHA1
fe2ca7d9704c843a59d7c87f5f69f1eca9f9f186

SHA256
585f76a699273da5e451b29b7bd7f8135843abc19bacb84b2c87341b34eabae4

SHA512
7b3374676b1f0d19eadece814156d1afee23a343114ce3eff2253e575ed3e7d728eb5cdc69097e4c8e1d557d941c9ed6e34b8db86d2658c60e4b620135342869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\176\{8b3e0f44-a746-4569-85b8-e2ed24a6e1b0}.final

Filesize
57KB

MD5
8316dd4e41d8adb88c5c2a2bcd769811

SHA1
7ec9bfe73870a8cd416f2e60ee25ce56cf0c2e9a

SHA256
37b7344091cec0985e7540ece75176a94bfcbe9812372d292b86e860de475c59

SHA512
25b864c3efd2302f2497071d15844e3a897083d705bafe0a0f34a2421c18cec28d05fd52119c1d2bb69a95d4a7ed7cd98bbec7f7e0ef600e52ef79edec2c2ab4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{9bb51188-17dd-4599-ae6d-38e3d43c83b5}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\216\{e11f45f4-26d4-4bd9-b8d2-5e69c33c79d8}.final

Filesize
148KB

MD5
f8f94e201582b9d925529e7a61cfca8a

SHA1
408804acaa3eb41f666a9c3f52fd3f7f6cf76a06

SHA256
932bca702d81c04da3af1bab79a5ab7bdc1baf0575bcb06a83044c5c432de03f

SHA512
79465dfd6282756db612e5a602b83eefbda1223f41c641e7eb86f9b63baae36fde52abaf0c9a9a8210b82a35e5ae03a58faabcb3a95ef21b4998649de5f2c14a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\247\{dff90a9e-62be-4b78-9a64-4df521cda5f7}.final

Filesize
88KB

MD5
622f70428f4dd1ab855635de94d49e4d

SHA1
52f4dd05fd3d843e65071b9a96b7ad1f747c7934

SHA256
624693300f2071cff15ff094ff7e161a63b12f8c6dd4db427d22793174ea744b

SHA512
561872bc562930edcc04698e1acd80f0b69cf647e0f5ad076f854c23fe0bdc1f5f9c51ec2b16970dd970e0f7bfe06d0a9c628f66b42adc81e49ac4acbdbc9b16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\46\{c5e6a949-069b-486e-a047-ca1f09fc832e}.final

Filesize
4KB

MD5
32868350ae946e0254779ca7fb68c7e7

SHA1
eaa8c049644fc8f1d41a9aa8b45b5e28ef2feb4e

SHA256
a58d0caaf3252593c2ce37433212ff92a69b982047bd8ec767b6aec0c0e1de05

SHA512
828991d21baa866a9b7e6cbf076ee011ab4bcbd32de6f90d6c912f98c91de585f18ee36bc935bab5e73117be53f5e01ea737fba8a820ea139bfb38f0ab60aa73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\cache\morgue\81\{1fe1fe37-4c8a-4e56-b3b3-1bf81382c851}.final

Filesize
3KB

MD5
aa1a283ccacc68596039289b8eb4705b

SHA1
86851b0e49f481bd5d99266725e903dc7b7eb403

SHA256
613dd1117324530d9c22c2ef98ab3af17133ec118e05bd5f1373260aeab9c922

SHA512
59555567736e83594743c13cae7f6fd0022f3a7eb72b186cd25f8d0212530a041ef7eb5759b64324a2efe94caae2155ab802857a5d260087c6755177397e7ada

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
f2e303fd00073ce6da2b86f42384f6f4

SHA1
5fe7476fb881fd8f34f0ad69a75149ef1afdef03

SHA256
fc13dc5c625ab985cbd1bb5110ced304d4db4da73e75ee994286db3b45cd2df4

SHA512
d91ac6a54ad190ecc355b07e2548f3f96d77db81b7701858d1892475201fa9d37a2cbb46b1cca963541b12cfa2ed961891fdfaeee8f807098a731b2e973db7b7

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.exe:Zone.Identifier

Filesize
126B

MD5
c0927742f9b21455464a7480c9a8ba1a

SHA1
f514f4a6326cfb9bc4a513358b2689c092767989

SHA256
2e5617fed0dee7e45fec0c63cb632c5579671fa30641ad9581223b33614d7cb3

SHA512
66afa1bec45d5b9a5f5d02ee3e457eca0a76cec2bdb0864c1dce7664accd30be84905b3a377f76f347743462a2384074d414e599cc6f9b51bd5aece74db9463b

Download Submit
C:\Users\Admin\Downloads\BootstrapperV1.19.exe

Filesize
972KB

MD5
90fd25ced85fe6db28d21ae7d1f02e2c

SHA1
e27eff4cd4d383f5c564cce2bd1aaa2ffe4ec056

SHA256
97572bd57b08b59744e4dfe6f93fb96be4002dfe1aa78683771725401776464f

SHA512
1c775cf8dfde037eaa98eb14088c70d74923f0f6a83030a71f2f4c1a4453f6154dab7a4aa175e429860badda3e5e0ae226f3c3e8171332f5962bf36f8aa073fa

Download Submit
C:\Users\Admin\Downloads\DISCORD

Filesize
103B

MD5
487ab53955a5ea101720115f32237a45

SHA1
c59d22f8bc8005694505addef88f7968c8d393d3

SHA256
d64354a111fd859a08552f6738fecd8c5594475e8c03bb37546812a205d0d368

SHA512
468689d98645c9f32813d833a07bbcf96fe0de4593f4f4dc6757501fbce8e9951d21a8aa4a7050a87a904d203f521134328d426d4e6ab9f20e7e759769003b7c

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
5.6MB

MD5
d771329feeb9cc60faf5b52f311b33ed

SHA1
62cfb3e7e243b532f8414a99a793ecb6bdbf12b6

SHA256
f4b5d28aa94e1cf97d3007e4874a6782d971a7343b68aafc4a72cdb42f323f31

SHA512
567080abc4b3d4501cf1956365b0b24c648e633f470712c5e96a70a74bdc193546f6a0939313ebc1a598b559a9ce6d6e5d0c10261fc16c000d9ed6a310d5f2d8

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
148B

MD5
13b33cb131652d766949fd7ff88f5ab4

SHA1
bddf9bd435dd04cf798a8c04a8b367fd208e4edd

SHA256
a5ee48bdbe411447c9ae37307ae87c5784d0a5f0136bdcdb7072067653830849

SHA512
e5f227811aa28428e77b6a9b43d7071e4423c9b4ae09ae544289ff0adc843f4fb3e2fb84e663445636f5899a06a40b009e80245bb0d56c5fd73a5bc7f02aec1c

Download Submit
C:\Windows\Installer\MSI9A37.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSI9A97.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI9FBA.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
ed0235ecfe92fd320301838014d082fd

SHA1
1edf71638901c840f1a85712d612147c27e65860

SHA256
5914e77d90d683e81f9835a55ca75653a3462d502a2cc24b6f23671381afedcd

SHA512
2a9384ce85473b3d5e634ede48531b7663f7bfb68cfa8174627daa7b4d0f15959e78ca750320a1fbbc577329925a59946120f9cd943ab2ad016739a68941772f

Download Submit
memory/2056-3526-0x000002A7DAF50000-0x000002A7DB002000-memory.dmp

Filesize
712KB

Download
memory/2056-10953-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7523-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7266-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-6936-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-4130-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7707-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-4053-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-4010-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3523-0x000002A7DB3D0000-0x000002A7DB90C000-memory.dmp

Filesize
5.2MB

Download
memory/2056-7683-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3542-0x000002A7DED40000-0x000002A7DED4E000-memory.dmp

Filesize
56KB

Download
memory/2056-9410-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3541-0x000002A7DED80000-0x000002A7DEDB8000-memory.dmp

Filesize
224KB

Download
memory/2056-9504-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-9571-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3539-0x000002A7DBA10000-0x000002A7DBA18000-memory.dmp

Filesize
32KB

Download
memory/2056-3538-0x000002A7DBAA0000-0x000002A7DBB30000-memory.dmp

Filesize
576KB

Download
memory/2056-7714-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7747-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7759-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3537-0x000002A7DADC0000-0x000002A7DADD0000-memory.dmp

Filesize
64KB

Download
memory/2056-7765-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3532-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-10317-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7831-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7839-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7893-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7911-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7925-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3535-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3533-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3534-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-10861-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-4074-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7578-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3847-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-10921-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3521-0x000002A7C0650000-0x000002A7C0674000-memory.dmp

Filesize
144KB

Download
memory/2056-10942-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-3524-0x000002A7DAE90000-0x000002A7DAF4A000-memory.dmp

Filesize
744KB

Download
memory/2056-8400-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-10980-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-10988-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7941-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11013-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11383-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7974-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-8578-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7990-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11107-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7993-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-8016-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-7674-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11327-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-8019-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11285-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2056-11310-0x0000000180000000-0x0000000181099000-memory.dmp

Filesize
16.6MB

Download
memory/2076-366-0x000001AD71F40000-0x000001AD7203A000-memory.dmp

Filesize
1000KB

Download
memory/2076-2746-0x000001AD74C00000-0x000001AD74C0A000-memory.dmp

Filesize
40KB

Download
memory/2076-2748-0x000001AD74C40000-0x000001AD74C52000-memory.dmp

Filesize
72KB

Download
memory/3372-3561-0x00007FFB19790000-0x00007FFB19791000-memory.dmp

Filesize
4KB

Download
memory/4416-11302-0x0000000000170000-0x00000000001A5000-memory.dmp

Filesize
212KB

Download
memory/4416-11303-0x0000000073AF0000-0x0000000073D00000-memory.dmp

Filesize
2.1MB

Download
memory/4416-11360-0x0000000073AF0000-0x0000000073D00000-memory.dmp

Filesize
2.1MB

Download
memory/4760-352-0x000001FCAFCB0000-0x000001FCAFCD2000-memory.dmp

Filesize
136KB

Download
memory/4760-364-0x00007FFAFA830000-0x00007FFAFB2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4760-350-0x00007FFAFA830000-0x00007FFAFB2F2000-memory.dmp

Filesize
10.8MB

Download
memory/4760-349-0x000001FCADF60000-0x000001FCAE02E000-memory.dmp

Filesize
824KB

Download
memory/4760-348-0x00007FFAFA833000-0x00007FFAFA835000-memory.dmp

Filesize
8KB

Download