27410bc7be14c47eb58679632c4f683dcd90814191ad030fd254e4ff96646523

Resubmissions

23-11-2024 01:08

241123-bhmq1stnht 9

23-11-2024 01:05

241123-bfwadatnes 5

Analysis

max time kernel
891s
max time network
894s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-11-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

inbox.png
Size

380KB
MD5

ac6b3da921d65420f87bfe834a0af4af
SHA1

e626e96e876c3efca77c5d20d45d2688343f4e1c
SHA256

27410bc7be14c47eb58679632c4f683dcd90814191ad030fd254e4ff96646523
SHA512

1ffac797295123cfa93ff22677eeaaea9994dc07b0070c5b3012c96a918a60230190fd2419b780073a5a312065d9af1ed573ce10c27bb3abd61c7925425e37db
SSDEEP

6144:Jxfkm9zdfezpYigNE5pk7znts/imEDWUuENSdn9qoA12/oMs5WqKZV5bbDjTQBRb:JxfrJ9e+TGk7zZi4NqUBAFD53/8BRiBu

Score

9^/10

microsoft defense_evasion discovery evasion persistence phishing privilege_escalation themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 44 IoCs

pid	Process
3472	JJSploit.exe
1276	JJSploit.exe
1812	JJSploit.exe
400	JJSploit.exe
5112	JJSploit.exe
5840	JJSploit.exe
5324	BootstrapperV1.23.exe
5656	Solara.exe
3672	BootstrapperV1.23.exe
5000	node.exe
5964	Solara.exe
4540	node.exe
6360	RobloxPlayerInstaller.exe
6628	MicrosoftEdgeWebview2Setup.exe
7128	MicrosoftEdgeUpdate.exe
6180	MicrosoftEdgeUpdate.exe
2984	MicrosoftEdgeUpdate.exe
6468	MicrosoftEdgeUpdateComRegisterShell64.exe
6652	MicrosoftEdgeUpdateComRegisterShell64.exe
6680	MicrosoftEdgeUpdateComRegisterShell64.exe
3540	MicrosoftEdgeUpdate.exe
6876	MicrosoftEdgeUpdate.exe
4352	MicrosoftEdgeUpdate.exe
6380	MicrosoftEdgeUpdate.exe
6300	MicrosoftEdge_X64_131.0.2903.63.exe
6640	setup.exe
6200	setup.exe
3144	setup.exe
2308	setup.exe
6940	msedgewebview2.exe
5536	MicrosoftEdgeUpdate.exe
4668	RobloxPlayerBeta.exe
3560	msedgewebview2.exe
2108	RobloxPlayerBeta.exe
7024	msedgewebview2.exe
6424	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
6400	RobloxStudioInstaller.exe
6520	RobloxStudioInstaller.exe
6364	RobloxStudioInstaller.exe
7148	RobloxStudioInstaller.exe
1688	RobloxStudioInstaller.exe
968	RobloxStudioInstaller.exe

Loads dropped DLL 36 IoCs

pid	Process
1904	MsiExec.exe
1904	MsiExec.exe
5936	MsiExec.exe
5936	MsiExec.exe
6108	MsiExec.exe
6108	MsiExec.exe
6108	MsiExec.exe
6108	MsiExec.exe
6108	MsiExec.exe
2432	MsiExec.exe
2432	MsiExec.exe
2432	MsiExec.exe
5936	MsiExec.exe
5964	Solara.exe
5964	Solara.exe
7128	MicrosoftEdgeUpdate.exe
6180	MicrosoftEdgeUpdate.exe
2984	MicrosoftEdgeUpdate.exe
6468	MicrosoftEdgeUpdateComRegisterShell64.exe
2984	MicrosoftEdgeUpdate.exe
6652	MicrosoftEdgeUpdateComRegisterShell64.exe
2984	MicrosoftEdgeUpdate.exe
6680	MicrosoftEdgeUpdateComRegisterShell64.exe
2984	MicrosoftEdgeUpdate.exe
3540	MicrosoftEdgeUpdate.exe
6876	MicrosoftEdgeUpdate.exe
4352	MicrosoftEdgeUpdate.exe
4352	MicrosoftEdgeUpdate.exe
6876	MicrosoftEdgeUpdate.exe
6380	MicrosoftEdgeUpdate.exe
5536	MicrosoftEdgeUpdate.exe
4668	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/5964-5683-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-5685-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-5684-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-5682-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-5835-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-5850-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-6033-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-6077-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-6121-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-6676-0x0000000180000000-0x00000001810F9000-memory.dmp	themida
behavioral1/memory/5964-6872-0x0000000180000000-0x00000001810F9000-memory.dmp	themida

Unexpected DNS network traffic destination 8 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
263	3076	msiexec.exe
264	3076	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
141	pastebin.com
177	discord.com
220	raw.githubusercontent.com
262	pastebin.com
266	pastebin.com
270	pastebin.com
121	discord.com
121	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
4668	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
5964	Solara.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
4668	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\chalk\source\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\TagEditor\Insert.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\fonts\JosefinSans-Regular.ttf	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\write-file-atomic\LICENSE.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\MicLight\Unmuted100.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\AnimationEditor\icon_close.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\spacebar.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\AssetImport\btn_light_filepicker_28x28.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\Settings\Radial\BottomLeft.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_1x_2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\api-ms-win-crt-filesystem-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\9SliceEditor\Dragger2Right.png	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\gauge\LICENSE.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\StudioToolbox\AudioPreview\pause.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\PlayerList\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\localizationExport.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\particles\smoke_color.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\LegacyRbxGui\brickSide.png	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\util.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\tests\legacy-compat.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\MaterialManager\Gradient_DT.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioUIEditor\icon_resize1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\icons\ic-arrow-right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\particles\explosion_alpha.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\Thumbstick1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\RoundedRect8px.png	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-ping.1	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\sct.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\updater.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU195.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Trust Protection Lists\Sigma\LICENSE	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\Emotes\Editor\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-whoami.html	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\DeveloperStorybook\Banner.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\GameSettings\search.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_3.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\LICENSE.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cssesc\LICENSE-MIT.txt	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\orgs.7	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\grid16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\MaterialFramework\Grid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmaccess\lib\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\VoiceChat\New\Blank.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\VoiceChat\SpeakerDark\Error.png	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\ca\format.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\GameSettings\CenterPlus.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\TerrainTools\radio_button_frame.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-77c4124a62314bfc\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\auth.js	msiexec.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIA56A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF83C.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE11301C0233417C6.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFEA9.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{C62B7338-B484-48A1-AEB6-9AF4EF5E384B}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF78E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI15ED.tmp	msiexec.exe
File created	C:\Windows\Installer\e5da4d5.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\Installer\e5da4ce.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5da4d1.msi	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\~DF0DF74428FDE56C6A.TMP	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB1901E297A6CD712.TMP	msiexec.exe
File created	C:\Windows\Installer\{C62B7338-B484-48A1-AEB6-9AF4EF5E384B}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e5da4d0.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9ABE86352DD11574.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\Installer\e5da4ce.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Installer\{C62B7338-B484-48A1-AEB6-9AF4EF5E384B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFB89.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI13F7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File created	C:\Windows\SystemTemp\~DF221A1463AD0495CF.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7EE315EA6F00AF7D.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9BD730F1AAD66B4E.TMP	msiexec.exe
File created	C:\Windows\Installer\e5da4d1.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFB9A.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSIF80C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE89.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1456.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1756.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF380D2842E74BE4C.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSIFAAE.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxStudioInstaller.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 13 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5620	msedgewebview2.exe
3620	msedgewebview2.exe
5840	msedgewebview2.exe
6540	msedgewebview2.exe
6516	msedgewebview2.exe
3560	msedgewebview2.exe
7024	msedgewebview2.exe
3420	msedgewebview2.exe
3540	MicrosoftEdgeUpdate.exe
6380	MicrosoftEdgeUpdate.exe
5624	msedgewebview2.exe
6940	msedgewebview2.exe
5536	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008e4795fcec2d58710000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008e4795fc0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008e4795fc000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8e4795fc000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008e4795fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 38 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe

Gathers network information 2 TTPs 3 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5200	ipconfig.exe
3420	ipconfig.exe
5152	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 47 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	Solara.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8337B26C484B1A84EA6BA94FFEE583B4\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8337B26C484B1A84EA6BA94FFEE583B4\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Solara.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Solara.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8337B26C484B1A84EA6BA94FFEE583B4\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Solara.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID	MicrosoftEdgeUpdate.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\JJSploit_8.10.14_x64_en-US.msi:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 89272.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FluxTeam.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 812190.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
2884	msedge.exe
2884	msedge.exe
4436	msedge.exe
4436	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
3048	msedge.exe
1692	msedge.exe
1692	msedge.exe
2072	msedge.exe
3096	msedge.exe
3096	msedge.exe
3152	msedge.exe
3152	msedge.exe
3076	msiexec.exe
3076	msiexec.exe
5128	msedgewebview2.exe
5128	msedgewebview2.exe
5556	msedgewebview2.exe
5556	msedgewebview2.exe
6024	msedgewebview2.exe
6024	msedgewebview2.exe
5712	msedgewebview2.exe
5712	msedgewebview2.exe
5732	msedgewebview2.exe
5732	msedgewebview2.exe
3852	msedgewebview2.exe
3852	msedgewebview2.exe
5376	msedge.exe
5376	msedge.exe
5324	BootstrapperV1.23.exe
5324	BootstrapperV1.23.exe
5324	BootstrapperV1.23.exe
5324	BootstrapperV1.23.exe
3076	msiexec.exe
3076	msiexec.exe
5656	Solara.exe
5656	Solara.exe
3672	BootstrapperV1.23.exe
3672	BootstrapperV1.23.exe
3672	BootstrapperV1.23.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5944	msedgewebview2.exe
5944	msedgewebview2.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5964	Solara.exe
5840	msedgewebview2.exe
5840	msedgewebview2.exe
5964	Solara.exe
5964	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1648	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1648	msiexec.exe
Token: SeSecurityPrivilege	3076	msiexec.exe
Token: SeCreateTokenPrivilege	1648	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1648	msiexec.exe
Token: SeLockMemoryPrivilege	1648	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1648	msiexec.exe
Token: SeMachineAccountPrivilege	1648	msiexec.exe
Token: SeTcbPrivilege	1648	msiexec.exe
Token: SeSecurityPrivilege	1648	msiexec.exe
Token: SeTakeOwnershipPrivilege	1648	msiexec.exe
Token: SeLoadDriverPrivilege	1648	msiexec.exe
Token: SeSystemProfilePrivilege	1648	msiexec.exe
Token: SeSystemtimePrivilege	1648	msiexec.exe
Token: SeProfSingleProcessPrivilege	1648	msiexec.exe
Token: SeIncBasePriorityPrivilege	1648	msiexec.exe
Token: SeCreatePagefilePrivilege	1648	msiexec.exe
Token: SeCreatePermanentPrivilege	1648	msiexec.exe
Token: SeBackupPrivilege	1648	msiexec.exe
Token: SeRestorePrivilege	1648	msiexec.exe
Token: SeShutdownPrivilege	1648	msiexec.exe
Token: SeDebugPrivilege	1648	msiexec.exe
Token: SeAuditPrivilege	1648	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1648	msiexec.exe
Token: SeChangeNotifyPrivilege	1648	msiexec.exe
Token: SeRemoteShutdownPrivilege	1648	msiexec.exe
Token: SeUndockPrivilege	1648	msiexec.exe
Token: SeSyncAgentPrivilege	1648	msiexec.exe
Token: SeEnableDelegationPrivilege	1648	msiexec.exe
Token: SeManageVolumePrivilege	1648	msiexec.exe
Token: SeImpersonatePrivilege	1648	msiexec.exe
Token: SeCreateGlobalPrivilege	1648	msiexec.exe
Token: SeCreateTokenPrivilege	1648	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1648	msiexec.exe
Token: SeLockMemoryPrivilege	1648	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1648	msiexec.exe
Token: SeMachineAccountPrivilege	1648	msiexec.exe
Token: SeTcbPrivilege	1648	msiexec.exe
Token: SeSecurityPrivilege	1648	msiexec.exe
Token: SeTakeOwnershipPrivilege	1648	msiexec.exe
Token: SeLoadDriverPrivilege	1648	msiexec.exe
Token: SeSystemProfilePrivilege	1648	msiexec.exe
Token: SeSystemtimePrivilege	1648	msiexec.exe
Token: SeProfSingleProcessPrivilege	1648	msiexec.exe
Token: SeIncBasePriorityPrivilege	1648	msiexec.exe
Token: SeCreatePagefilePrivilege	1648	msiexec.exe
Token: SeCreatePermanentPrivilege	1648	msiexec.exe
Token: SeBackupPrivilege	1648	msiexec.exe
Token: SeRestorePrivilege	1648	msiexec.exe
Token: SeShutdownPrivilege	1648	msiexec.exe
Token: SeDebugPrivilege	1648	msiexec.exe
Token: SeAuditPrivilege	1648	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1648	msiexec.exe
Token: SeChangeNotifyPrivilege	1648	msiexec.exe
Token: SeRemoteShutdownPrivilege	1648	msiexec.exe
Token: SeUndockPrivilege	1648	msiexec.exe
Token: SeSyncAgentPrivilege	1648	msiexec.exe
Token: SeEnableDelegationPrivilege	1648	msiexec.exe
Token: SeManageVolumePrivilege	1648	msiexec.exe
Token: SeImpersonatePrivilege	1648	msiexec.exe
Token: SeCreateGlobalPrivilege	1648	msiexec.exe
Token: SeCreateTokenPrivilege	1648	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1648	msiexec.exe
Token: SeLockMemoryPrivilege	1648	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
1648	msiexec.exe
1648	msiexec.exe
3472	JJSploit.exe
2212	msedgewebview2.exe
2212	msedgewebview2.exe
1276	JJSploit.exe
5296	msedgewebview2.exe
5296	msedgewebview2.exe
1812	JJSploit.exe
400	JJSploit.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5000	node.exe
4540	node.exe
5964	Solara.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
4668	RobloxPlayerBeta.exe
2108	RobloxPlayerBeta.exe
6424	RobloxPlayerBeta.exe
5888	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 2968	3168	msedge.exe	81
PID 3168 wrote to memory of 2968	3168	msedge.exe	81
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2552	3168	msedge.exe	82
PID 3168 wrote to memory of 2884	3168	msedge.exe	83
PID 3168 wrote to memory of 2884	3168	msedge.exe	83
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84
PID 3168 wrote to memory of 4532	3168	msedge.exe	84

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\inbox.png
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1232 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8632 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\JJSploit_8.10.14_x64_en-US.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7624 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7876 /prefetch:8
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:6812
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:6360
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:6628
  - - C:\Program Files (x86)\Microsoft\Temp\EU195.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU195.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      PID:7128
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6180
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2984
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6468
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6652
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6680
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDY0QjE0NDYtM0Y0RS00QTJDLTk0MUEtODBDMTQ5OTU1OUNCfSIgdXNlcmlkPSJ7QjJBNkU4NzctQjQxMi00QUQzLTkyMzQtRTFGMEFGQzhEQTdEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMTFCREZCOS1ENDc3LTRDNzAtQjNCMy1GM0YwQTYzNkVBMzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTQ1MDY1NTY2IiBpbnN0YWxsX3RpbWVfbXM9IjY0NSIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{064B1446-3F4E-4A2C-941A-80C1499559CB}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6876
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 6360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Oj2r08wsmLVEgLIjBi5-_McwavwBT1ox73828muqsm8-9JFaZE39a6WNDGNGhQs_VT8b4Pey7G0-wDE8vGn5aR2gSn4PMkURjYIKzp8V0VLoMgdaA1FJ5RumFZgl-dJZntoYdi1ufEVuxZ-ruC6iA1YKuAB7G5SVMvzO4J8oL4k5175R3Q8zaDc9uqX8jJmNhkoqtzm9m5RcksxxdreukUd5z6NByoKhZRaPpveJWR0+launchtime:1732324972726+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732324727947001%26placeId%3D10449761463%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8c3cd40b-dfa6-4d47-876c-ee0d3dc3b4f7%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732324727947001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,5592069300690184065,3273088132633333569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:276
- C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:iDxc0IpgpTycCYJ_DrYOzXxCrdJ81q_T8AXDTAOszh6qLLEDi8zwV3fDNL6F4KUGWxnsQYW8Z7E5AreaCKY8Ia8DKbQztCiEKvQ4U-j4Snm1QTV-oTYbVjgs47aG_5EpRHJF4SdfOSBfQDQaxoSNXFIg8beFNOvCi6Z0S9etPk4098zSi6PbrlCACp2pqsIoeXvOR3HEy-1VZHV4Plk6sY2FtzBs0rBkjGW_H0emGws+launchtime:1732325040527+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732324727947001%26placeId%3D10449761463%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1fc2b5de-4c17-4d3b-b3b2-11f4c01ec875%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732324727947001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:6424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1508

C:\Users\Admin\Downloads\FluxTeam\FluxTeam\FluxTeam.exe
"C:\Users\Admin\Downloads\FluxTeam\FluxTeam\FluxTeam.exe"
1⤵
PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/fluxus
  2⤵
  PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getzorara.online:1000/
  2⤵
  PID:32
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:2800

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2F8CBCFCA042FB3533A8A7F88BDD668E C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1904
- - C:\Program Files\JJSploit\JJSploit.exe
    "C:\Program Files\JJSploit\JJSploit.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:3472
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3472.2816.6098757804122397591
      4⤵
      Enumerates system info in registry
      Suspicious use of FindShellTrayWindow
      PID:2212
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x114,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
        5⤵
        
        PID:748
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1764,3640407814391259073,17576494741025526528,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1772 /prefetch:2
        5⤵
        
        PID:2112
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,3640407814391259073,17576494741025526528,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2116 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5128
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,3640407814391259073,17576494741025526528,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1752 /prefetch:8
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1764,3640407814391259073,17576494741025526528,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
        5⤵
        
        PID:5544
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4016
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 516AA5AC56410F45ADD6DA306C41E5E7
  2⤵
  - Loads dropped DLL
  PID:5936
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 264F75AC9F1348D3F16A3685AB1C6BCF
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6108
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding CC431FEF5ECE89B00B4C37DC832AD6D8 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2432
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:400
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:3912

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5356

C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1276
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1276.5272.1438869857513117479
  2⤵
  - Enumerates system info in registry
  - Suspicious use of FindShellTrayWindow
  PID:5296
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x134,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1772,2367075558389247779,4909956530273362086,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1764 /prefetch:2
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,2367075558389247779,4909956530273362086,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1912 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5556
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,2367075558389247779,4909956530273362086,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2572 /prefetch:8
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1772,2367075558389247779,4909956530273362086,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
    3⤵
    PID:5752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1812
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1812.5316.8002411142381189533
  2⤵
  - Enumerates system info in registry
  PID:5320
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1a4,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1796,18212684152460781579,16075837045456025609,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,18212684152460781579,16075837045456025609,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1956 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6024
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,18212684152460781579,16075837045456025609,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2372 /prefetch:8
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1796,18212684152460781579,16075837045456025609,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
    3⤵
    PID:884

C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:400
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=400.6096.11254016732403684803
  2⤵
  - Enumerates system info in registry
  PID:3900
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x1b8,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:1256
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1736,9763786795395473302,9701834659041870927,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1744 /prefetch:2
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,9763786795395473302,9701834659041870927,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5712
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,9763786795395473302,9701834659041870927,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2504 /prefetch:8
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1736,9763786795395473302,9701834659041870927,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
    3⤵
    PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
PID:5112
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5112.5420.12159821557717437520
  2⤵
  - Enumerates system info in registry
  PID:5404
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1a4,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:5628
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1824,3862351005852323855,11473683260461993327,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,3862351005852323855,11473683260461993327,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1888 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5732
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,3862351005852323855,11473683260461993327,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2484 /prefetch:8
    3⤵
    PID:5172
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1824,3862351005852323855,11473683260461993327,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
    3⤵
    PID:5396

C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
1⤵
- Executes dropped EXE
PID:5840
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5840.5424.7672471414831294236
  2⤵
  - Enumerates system info in registry
  PID:5548
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1c0,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
    3⤵
    PID:5672
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1840,16074484467469992372,13144155739306157702,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:3092
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,16074484467469992372,13144155739306157702,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1900 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3852
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,16074484467469992372,13144155739306157702,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2392 /prefetch:8
    3⤵
    PID:5820
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1840,16074484467469992372,13144155739306157702,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
    3⤵
    PID:5316

C:\Users\Admin\Downloads\Solara\Bootstrapper.exe
"C:\Users\Admin\Downloads\Solara\Bootstrapper.exe"
1⤵
PID:3760
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:5692
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:5200
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  PID:5652
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    PID:5384
- C:\Users\Admin\Downloads\Solara\BootstrapperV1.23.exe
  "C:\Users\Admin\Downloads\Solara\BootstrapperV1.23.exe" --oldBootstrapper "C:\Users\Admin\Downloads\Solara\Bootstrapper.exe" --isUpdate true
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5324
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c ipconfig /all
    3⤵
    PID:5508
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:3420
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
    3⤵
    PID:5716
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5656

C:\Users\Admin\Downloads\Solara\BootstrapperV1.23.exe
"C:\Users\Admin\Downloads\Solara\BootstrapperV1.23.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3672
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:5408
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:5152
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5000
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5964
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 01c289fce575426c
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4540
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5964.2432.7915349085117386367
    3⤵
    - Enumerates system info in registry
    PID:4224
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x194,0x7ff980323cb8,0x7ff980323cc8,0x7ff980323cd8
      4⤵
      PID:5588
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5620
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5944
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2548 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3420
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3620
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5840
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3644 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6540
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2784 /prefetch:8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:5624
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5108 /prefetch:2
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6516
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1300 /prefetch:8
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      PID:6940
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4720 /prefetch:8
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3560
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1840,16386899800500020801,15021189439482545746,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1168 /prefetch:8
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      PID:7024

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4352
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDY0QjE0NDYtM0Y0RS00QTJDLTk0MUEtODBDMTQ5OTU1OUNCfSIgdXNlcmlkPSJ7QjJBNkU4NzctQjQxMi00QUQzLTkyMzQtRTFGMEFGQzhEQTdEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0QzZFRTIxRS1EQTRELTQ1QzItOEI1Qy0xOEFDNUE0NTk0NkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTQ5MTA2MzU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6380
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\MicrosoftEdge_X64_131.0.2903.63.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\MicrosoftEdge_X64_131.0.2903.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:6300
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\EDGEMITMP_02374.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\EDGEMITMP_02374.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\MicrosoftEdge_X64_131.0.2903.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:6640
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\EDGEMITMP_02374.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\EDGEMITMP_02374.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C7B043D-9260-4100-8425-8975267F4DE8}\EDGEMITMP_02374.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.63 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff62d352918,0x7ff62d352924,0x7ff62d352930
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:6200
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Installer\setup.exe" --msedgewebview --delete-old-versions --system-level --verbose-logging
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3144
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.63 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6ab202918,0x7ff6ab202924,0x7ff6ab202930
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2308
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDY0QjE0NDYtM0Y0RS00QTJDLTk0MUEtODBDMTQ5OTU1OUNCfSIgdXNlcmlkPSJ7QjJBNkU4NzctQjQxMi00QUQzLTkyMzQtRTFGMEFGQzhEQTdEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQkMwNTJBOS1GODY3LTQ5NDgtOUQyOC05RjUyOTc4NjdGQkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjYzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzY3OTgzMDQxMzQ5MzgwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTYzMzU1NzA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA5NjM0NTU4MTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTI4MjA0MTIwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvY2IyM2E5YTEtODhlNy00MWFlLTk1MTAtZGI5Mzg4NDNiZTczP1AxPTE3MzI5Mjk2MTkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WGxQSHNxSUlpaklGQ1RLMDE5d2psVEJPZmk2TEhKZVBnUWolMmJJcVBUejhLcDRXa00zdTdMaDZZbFpBY0NISG80aXprZ2s3dzVBdmRUT212NTJ2bG03QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NjU3ODE0NCIgdG90YWw9IjE3NjU3ODE0NCIgZG93bmxvYWRfdGltZV9tcz0iMjk3MDIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTI4MjE2MTMxMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjk2MTQxMjc0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTg5OTI3MTgxMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg4NyIgZG93bmxvYWRfdGltZV9tcz0iMzE4NTAiIGRvd25sb2FkZWQ9IjE3NjU3ODE0NCIgdG90YWw9IjE3NjU3ODE0NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjAzMTAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5536

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:6260

C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:5888

C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of UnmapMainImage
PID:5024

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:6400
- C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_15480\RobloxStudioInstaller.exe
  C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_15480\RobloxStudioInstaller.exe
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:6520

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:6364
- C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1726B\RobloxStudioInstaller.exe
  C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_1726B\RobloxStudioInstaller.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:1688

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
"C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:7148
- C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_3DB2A\RobloxStudioInstaller.exe
  C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_3DB2A\RobloxStudioInstaller.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5da4cf.rbs

Filesize
21KB

MD5
961c9b4a6574f971a0bce6fd4bac2772

SHA1
ddea4b5a558929b8e038c4d926075f9340692d93

SHA256
6da0908ad17597bca9f58d1709fab261bb79bf1dfe372a0c6d25bdbb569fd48b

SHA512
23e053dc6934c272e58dd626c22f303cf344dc5a0ed926a38a05287f078a34610df35a7bc47ca84b84e91c4c2fc6726f919c9a3f627da7c879c83a9622121973

Download Submit
C:\Config.Msi\e5da4d4.rbs

Filesize
1.0MB

MD5
aae9c2f07cabe3a5aa64d74968c19c8a

SHA1
925aa174b9640bf7effeb45339a1e607bb88f9ce

SHA256
5cf7ab83079eb6885b2626fb7c997e04c5ff9a1550a2b9b22313a40e09216cfa

SHA512
09342eec5e4b219e64601cf6c015aea8baeeca02ddf891306b3701dbb660e23f12d8aaa3315eead02d1f34904d480d6584f8468473987faf377d71e03d0ebd11

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Installer\setup.exe

Filesize
6.6MB

MD5
ce03c15ce3be6b0cb6f6300e3e49aebe

SHA1
cc0710461ca0b8c67edbaec47676af8d729ccec1

SHA256
ceaabd1ad8ac7bab2fb440acc35857134cf6176e74159710b0e8c2c8b376cf52

SHA512
4f125ff16c2fe7a4e6c7b1cb9e1be15162091bdea54d4c6ef554047400a9fa61340564218af8255a8aece0dd93c00fed7c40690f58622ce9034307acaba5f4f9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.8MB

MD5
ee40308e2ffbc9001db2324ff6420492

SHA1
47cabfe872311f65534cbd4b87d707ccdef559d1

SHA256
38cd32dedb5c8c2af8ecd56827af5b4477a4b9ca3e518199d389a261baa999a5

SHA512
5f5fd0db005d49d63eaa81b288d2d6d40ce9c84cafd1c75d33723e47f23341d5ff254c2ed6274790242ad53f5360467d121cf1196ec7a073d4506166248041c3

Download Submit
C:\Program Files\JJSploit\JJSploit.exe

Filesize
9.7MB

MD5
281a79abb33f10b3f9c6c40c0e165cc3

SHA1
ea7bd361ca528f02f0f95c376d844af98105e218

SHA256
30f840be1b9249d22c6bdc943d6901ee8723284770be1b7e18ea12a844d91f77

SHA512
2f6deba4a2cdba68820dc8a47f20253107a3420a18cf3f0995fa12b434afe41fa6213d392cab2826517b4cf8cf59fceb2083f855531daf9310128754dab7ea1b

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
428afe60b5f24f4ddae7807a214971f8

SHA1
b6f6c320362a982b36b277cfb996dac76a1ea3ad

SHA256
a04093f22e0ed86f4b7e3aba67330a50333cd78210c3b63c8542475397ca24fa

SHA512
cd16cd56726640794ff0f72a1c13e6795c626e602c66909c2c2946cc20820350f2a2458a7520e8591a27fafbb1b0d47e3484c35f7dcb4be368dbfca7746c4979

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
68383afc7bf8b603d8b40052d14306be

SHA1
9fa11529bfd274cf00bd488c36181c59f968cad8

SHA256
bac58d83ce420a68ef906a39cb6c7c685a855709322f46651b47be70a8eb4af6

SHA512
1a5c9960e6e4e771d76ad969c7ac9c374ca72a30b760a018de4a2005c999b0087e95100b4c797e24ca773a302c28c5c24ad05c9abadf23a3c8bcd66fc60d5425

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe5da655.TMP

Filesize
1KB

MD5
3a197eaca64769fb7c675edc6d28ee4d

SHA1
62f8c7ab581989601ff1442491057ea9731aeed7

SHA256
c1cbb2a6b531ad7cd53396efeaa75432cf4ece8663d6e99284a7c18ce43f2959

SHA512
d612d555890589cbf477b9f3078c0eec955f8922a2faca1d27ecb585c733830961e3a8fb2ac036c6670ffcfd78b1aadf0756eee7235bde1a3dcc44051d1eda27

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
bcb70a3870a29225fa00a9a5e31ddb49

SHA1
d9b3ef7253bfc0e8778768cf884e88dc7e418157

SHA256
7827d7ad4176a913baff217e6329eabe9cf71e3bd8442150159c1f5c8b2c2181

SHA512
a53b947a9c5d4df2efd8e905303717c6e2778a80bc00459d5ef93d56ccdd4e2524baa476ff025a42cda924dccc25aed70fe62615340588ecbd1675e5c04bd898

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
7f96950da4fda0847ebe214546ce7e4b

SHA1
6f0a4f29441093d4832647d497cc73ec6e74da37

SHA256
d6def45a1163ea4bef5eb7b64ec620b6f1f6b05efc62fe127ab369855ab00354

SHA512
ecdabb904d6d2f4724b3310c0d9a32638a1c391952fc4aff48d4be402825b528d45822b6304a05d06d2397d16a60c51c7de83e4c7a5d10fc310228ad27a50022

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
703B

MD5
4826b65048eeb32693c97dbcea5ce5a2

SHA1
ff0f6a7f2a5cc9b28de9b3d4acaa29f6d68f7a06

SHA256
444c775d29ab342117503cb4021e1b64a904ae6a1363d79834811650319f5c3d

SHA512
5073fadadc6764e0f3b37aaf0fce7f1d97349fe5ec7e650f1750f02780185d67bbb1ef786496a81d32cc7cc53468f2526d2c3da5c1d609e489cbc71cd28bc3bd

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe6060e1.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
a1ce65a5beb4183df837cf77e78df150

SHA1
b1475c6311157752363c2b415a2c5106801beacf

SHA256
d97dd1d266e2221af75e8fda71731a9435ce87d9535ba2f6bdcf7d8f347a1878

SHA512
b3785d108141d04948deaca816c44af09e28e1ca0d202aa6cdc8e0f6e1f1c81b213137a296d568505972a8672deb3b356fbf4caee55efcb7e47b2b5a7c5c98a0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
5df749685dc265c22a663538e28fcd32

SHA1
5f8d7aaa8f741011411db81812726af41b520560

SHA256
e1f0bb0c056c99244a396cccc9dee94a9d275014edad93f69a3693c0be2d86ee

SHA512
4878f5d372fc9f936db593a72a917c0c66a04906272191b7e206a7f50a8b907405311d0bfdda1978d0f1b07b692101d04ea5d98063ee7cf2d8d4eb12358b9920

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
48f8ea4eedd5433134476f9ec0f27442

SHA1
d599d92f2ad8d83c11966eace13174889c243853

SHA256
a4ac8b7f8cba352264851099da40f721688dcb91d07da832704ec0d204352d63

SHA512
9b7a5c6d7ae3a08a2ab0ce622002bd0719788e3142e7bd14ae981c4d2fe21c95a39619c11169f0f1a0bfaa0feedf78746157b8f2aedcd9b73fc4f543aed47fb2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
34c703591944b2190166145e9baf29a7

SHA1
3a90c079f7ed4451ed31f6d50e02e8f2a1f04f8d

SHA256
977f95c0c48f3db6d9220ca5c36a67800904659954c577798489d6e0b5c54a06

SHA512
b140a066dd3429af8358b2b43e2cc9763a7ff8d445c9ba774276103d2142e119bfc455c72581e07ed8ca0718aaa246774beaafd35574dd2c253f77efd21fa301

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe5fb7df.TMP

Filesize
3KB

MD5
64a98b5f5e02538867dd2c87906837a1

SHA1
4e7dd8b8a0654f732abe978fd5a4ddc86101c0b9

SHA256
ad6f191c184d2179d1ce8a8b5a8cac153bb576dc61d4940f836235ff34c7d1cf

SHA512
086032234235c40c8a4c93ffe4c2c07657c45e152f96749fd2610fc507d0d61f58e3493ec1abb0280db740906b24548ff2261b0b09c0595435fd3a4ffc49b23e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
774de3e81a7c9eae200dcdbbd5939f1a

SHA1
cf2a64c42faa60f09ef0287bbd266a849e1704bf

SHA256
4f5c4f4ccd65aeb7f0feaacfce85fc02f11710d6cc445ca65f071c3cfa26c65b

SHA512
ed3de49e9f4b32e23cce3f1ae8d382d41565376f21454f2c9c602f15f17237201d42e4c0a9c68b66223ff496da4fcca4fd6f9ff7fedf086e7c2db306f92a8d0f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
35e0ee0a65ced4a3a4cf628c5e32b712

SHA1
2d67eeb4952a4298d1a118c6e2b8b29ba7b808e6

SHA256
6f68123b3c3a21d284a8ef99f69f164031fb679ce7e15f873e9fa57d32bcbb8f

SHA512
9e3534ea6f2e2a400e35845ab99ee6951388f313bb6a6c2d9c315d09dec41df6d730b283544ff686fbfa5ee5a458710ec081481e58e4b696407ac7e686f6da6b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
b92f123454fcec9abe46ea13e4d3bba6

SHA1
1c6ee1f026cdf7f84765c5b21aa0a24e48364b94

SHA256
aec4b60495f35d618b24576e70d2fb9361c6f0b92bcb447bfac0fc4a7debc66f

SHA512
25b7bf2b6c65af608243c04a3693682e0ef2017e7724bb6296d47a839943fd91019efce0cf897858829c71072e873b72b27c2f7a2a4e5523f7ecf68daa0e4689

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
9KB

MD5
3ee35b2db8018579d28b2399dcc41f34

SHA1
60bebecd4edc6b2bce5c773586e9073ab22f2568

SHA256
8ba13a3e36acd68e179923d3111a66d92a6798d3107b55bb5a040e3a3bcde19a

SHA512
74608d864b139b585707a4e5021d355f69bde6a61044254fceace2ff4c7de802a56a053246e934556fc481d124eaaa9465b89816320c3103e4e5cce20d6567ec

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
f91e75bac3c6bb3e8ab2296b839df7b4

SHA1
e990df8daf8827cf3e7eb7f8717f24ceaa40e0dd

SHA256
69cfa943d49fbc76f804376e54c4155bb4431841c4cabcfa44f746d281bf500d

SHA512
fb6aa68c4df245bb441ac74be6a9e7cb3d15bb769b20848a869ebcc5032dde096e50c8ddf4dc604198cc00710fae59a56a35a7d88558d403bc8e607198781907

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5faf83.TMP

Filesize
8KB

MD5
ebafaa5345fcaddf55404108986962c5

SHA1
208b8389e83ad0cf878f3be8d0c605c9bdadf36c

SHA256
d0abf6e2ea82cdbc5331792609940bfda45f615606793c218b870918420050eb

SHA512
71c019527bde2958bffdfe2188ca273e09f29d45ba46f9c1f6ce0c86c5e402de19a705249ccb34c3146770d2638f2529267c5f81792726bf557eaf0daf3fb7b5

Download Submit
C:\SolaraTab\main.lua

Filesize
37B

MD5
066abfe20ec7d291490b4579263f2835

SHA1
481c6a2c1b9e9cf6720e3b137bce243baa2c8b01

SHA256
2912fcfef3899f650b85ac157fcf706a08b512b0c6dc9b7ab857dddf797492e5

SHA512
c0b42952c90d14b4ebd81b5a1f8424df13020f423563a01c7a9d57156f2388b2e395996d0f6e2079aafb3115ace27edc27d1a6fb61f8ebfead59ab07bc9d025f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\84ed149a-6ee7-4faf-9978-53bd70fb8ccc.tmp

Filesize
11KB

MD5
25913335163e9cd468d96b46e9b48896

SHA1
2f2cf943cbcf650cd556c34190370e4c407db7f0

SHA256
008258b73f80a16f02e8c7fbc72a11859e34c70bebcc8f5eb5d423b4438b136b

SHA512
130dcb98dc64392664ae62336ddfce9b5082d6122c49c94e8d1333adccf3c81579a2ed8b81264a082ead473b88e7e2e5eb94fe1b5e26e3b4ec3f143482a5c9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b3a21c3-3250-4ede-ad7b-32a7f9928a81.tmp

Filesize
7KB

MD5
d915bef4de873c44655e0bf308ee757e

SHA1
faa03cc083caa125580f635e974780173c3f9ebe

SHA256
67f654c65e54a58f0d5c6f94e7447612f64ee62f1fa0849ceabb74edc06c34c7

SHA512
71da4539b27b3df98d32193d09a7906b39da09c23f8df14abadf406e200073ebe8923139d70a6970a9f4f07827e3205ca9d7ea9b9d06e68c64b7f27e4160f790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f1762b4-fbaf-400d-a18f-33a22958fe70.tmp

Filesize
9KB

MD5
de566cf53debd55715c1806f56a9d871

SHA1
610bb7b6754b22065be9eb4e4e539d089c3173a6

SHA256
10e0c528ba1c28d6fb0ae8ed0ab1fde78231198447308d35501703b29ff1f64f

SHA512
facf35820096c16568cdd74863e85124a7657cfc0c37db8764a96752cc021f9acfbce3a00b2f3e94be90bc1d21c4ca59e4267bca5e7ebb8dc342fc74c93c2969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
53KB

MD5
fb31d61e71667b8bf574ad704458b5ac

SHA1
4b118b5001e47f28f6278241659badf698936d90

SHA256
ca4cb16b61cffa7bc8499ef43eb3f3e44814afd270fac419044da1c07308f526

SHA512
8b9e3ef66b9ccb11f66cf45845a45d1efe3b97fc22d338efbfef19c3846dbf279d956344fa90ccab3866c66de03b38e56fa9c04a9af0cc74c7c94c682712341f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
73KB

MD5
3985d53cecdf37f384c2939ff23f626c

SHA1
f607aac2650f172ffe393cd5d3a60fad022d973b

SHA256
1bf80cbcb6621a32342f198d8f069d7e8a4b8050fb2fbbe86ca9f03573ec7385

SHA512
f93524197a3cbc501df18c40177fa78d7bd926aadb56e8b2948647940ed6971fcdbcf1701c9d6df1745b6d53e7f71878b2607e4188db38eb83069b7b35bc19b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
53KB

MD5
b08bb8d155fc5f3d5670716d783545bb

SHA1
b36a2ff805aebef2055191e051583b4705d7638e

SHA256
dda37a3eefb62abf7315b4da0c34837381fb156f9f698770162102d9335a6263

SHA512
d4c1c594452d8793ee8d89fcb5deae1c24d3678f0cd4a6bbc84f91fb31329a7256bfbfb23080346139c73bfe05a35639a7a5d62700eb8117a874a6633e9d94a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
49KB

MD5
c488bfded91168245848b7b3125e373c

SHA1
82f497ba8e4e6b470e4ce44c258c18731cf80b9c

SHA256
8f7f0fb54642adc9bda9ef38af339a6521bdfefe18e4d6564ad5108426fd993a

SHA512
7445ff05dc2da7f4ce1b28b3a20dfd22d2a44e19bfa09eb327a5791455c93ef2f06d746916a1ee100ee722b22ba08451b314e0b0a1a1d7574151ba4aab694a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
298KB

MD5
dec28210efbfe8b47ca6f21ecf910149

SHA1
36477b1be8f87ea728d71c82379c09e12e42695f

SHA256
c393b344edb4982b487b8df3bba2884e0b4e49dbd86c894a3c0ad2dcdc1ac1a2

SHA512
189fcef34fb27f11fb87bafa25bde5b1888501d9b4389a0f7681c9597323f7004091adc479fd005f659d83015d26265f55183ac2187f3dad35442e0b48adff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
55KB

MD5
ed7fd3313417d0b54ec1ceb6783bb93c

SHA1
bb1885128692903c4efe4d044918747cd8f0876b

SHA256
1a6872f855281fe2fead222678a9ca9982573153e9daae52aab52674c422ce09

SHA512
a823e3196eeb13344609b391de3c66ff5882cc06b3e4ab912fe5a3254c69f8143a27487167819635d6d3a4590719262c0a8d530f4742fa6da4a147c956cb9434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
346KB

MD5
958f35e9a3123fc641c8de3e434086e2

SHA1
ccb3d6fe7ff9b547d13c28d18d8b6dcdc4bdac5d

SHA256
81f71866808cbbc46ae151ee617f4857dc66b583b31117de551c13a53c42446f

SHA512
8e62f88d5fa211953ecaf15ddbb192935c4e1b1f0ca45e8801bd1f90cd89cd8edfa1e10f9b8faed912e9ae1d386afc18f5d54c8f5fc485fa2974cfe4e4975c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
2880385e1c398477f28cb4343d475d01

SHA1
aadef6e91b73d72ca548dfbaf8fd983e4a85bba2

SHA256
35d63eb71cd279d7c8821c76936170b610e313433364c1012dcb0febbd059511

SHA512
ae98a689a9da7d31a1421590e128d6b2713a1a089ead332c6ec24e02fbebe8e45ee706a12a317b50ad781253a0c49aa474c34abef9c16ef7430e2c9e004d21f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
48e8f304de32a410c2848687d7a9a115

SHA1
7f12317a9a5fb69abf5562f03cf014c987297bc4

SHA256
e935af497ea367e84343672ccfe819d3205e59fea983b68ec9d7b2d1ac0a1827

SHA512
87b3c73631cf7c353cdd4dd6adeba5944360b1a27f9ce716420d1f28c2442e95deb39722db0b53e268af58d86317d3a91144f69d939485ca1f8854bca108ad73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
3753137e8ac24bd308da30032e9ea6d6

SHA1
163898d7f71a9a947745e61c104a76cda5103f98

SHA256
fbba3326e929d9265be189fda990faf648e12cd0cd8e6796b0a74300fb333b14

SHA512
3c41b68aa5b6203e99dc0780eefdf4b89aafcfd123f2222516c6374e6583bd5d2c410401a255966f506df35aaab1589bb5c3e0025e7d140f8ac13103ca9552e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
95KB

MD5
e737977c1263fe0b595b83d76f68d41c

SHA1
bb1587c9e76cd29de38b1eec81df50c877d41025

SHA256
803fc2553e3e6406fcf084967a43c61414ca1a1c3a28f5d4f1ca27469e1b1f20

SHA512
b5f6b78fc380aec1f3aa3626308d59fd0f2b2a8146de899a7f46d3549e4cfe7442abf2f2c2976bb3e312140cdf37e03c238c5194291f71aef7cae3296073f3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
38KB

MD5
8af7b0db3079fb8ad90ce9899129b6cf

SHA1
575d6c369e91beb4e8e40bc76b246864239d6ea8

SHA256
87186390426a08ee01ce962e7297b9bbb2d3e9633a1fc9e91a257eed479203ef

SHA512
9d5a7e69e35a3f371aab8fe493088634022989376f540cd10722e2f50d75d689ebb72c36dbcf224fab01a07021e5b67942f2261c83f73fa6f307ab46bedd9033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
233KB

MD5
f9a8778cb15c8018814b8aa6afaa9e51

SHA1
0601a8c07d13e90d6974d233bc43b177c7e74307

SHA256
7cf82960e5444df346ac13ecf82067af6aae75fc94425ecd6132e229ff4b5c0f

SHA512
a22a715ad8a7d75c808776841b91b5964c2eaaa30cfc8e18ad32aff18e1cd6622385c10eb19dac2e94d808eaaae9270aaed50a1a65b674ad1a7fa314606b43f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
130KB

MD5
a455b346e2037f48443376e73fe7dc5c

SHA1
4aa63d71a08c1850662f66f5b249ada6eb6d7c30

SHA256
8fdbb1fafa42cac3d5b1e28a473ddce86b28b3442a94a67a4e74843d810db8f2

SHA512
5036a524f301e26ff5fad2a0b5010be1fef76bdd1e5ebb9c9f8f35875287203266a63f2bfe50b474cb4dc5922c3d6ad2b76d8b024adde2fbb5ef7c47321f0db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
52KB

MD5
49c9d5bd1bafc0ee45d2cf019283f81d

SHA1
6137933df6bd42ac50e8d6deea54f76cfd905ba0

SHA256
3471bea5b1524d7fd73ec3102b8dac4d937b071803db58a603f5da88b9fa2b4e

SHA512
c2d3b93b6cb1ada66c798695635aab41328fc949723972a9acf53505cc540a53da7127233a20b6313985cc9edae09bb82938d690a6110de239781d94c5ce0287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
75KB

MD5
2ce6b5dec6816986bf00962f2136f63d

SHA1
7fc3f71b0319356e8e5633cd1a70511e6766aab8

SHA256
05dd1cde20edbb0cbb97931228a57af5842dc70af1bd1383478177d046147f83

SHA512
1b95f1470b59dd02ae9bb62d48c328536bef8e7ab2e8ce928b141f7b59f3aca85562f8b32910840690ac9112a3c45cf952c77cdd3a9ce6f70dcd4a67b1b2cb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
31KB

MD5
27fb66fefdbce0a09e5a8ce7dd9156fa

SHA1
05dbd1d241ece56cf3389d9b6024ee92301ccda2

SHA256
3f65f763532d9e322d830520e501e452516bbc9b98d8ed877289713043666e35

SHA512
c03495060d83445d3d1a1b666b74204c49fc41ef6f7d384815024388f92f0d6e950e5113a26cdb6ea4b627541a81fd0d54afbf616ccf8eb189a5e69409c32ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
144KB

MD5
c16826a70897ecb5b55e99823962cb51

SHA1
750f1fe02fd414341ccd6057acbaded0c3ad4d51

SHA256
d11d75591e1785944e0939ebef07864d04a2e00e587ab267da5278dc1e59b4f3

SHA512
f806fb6a4823db1b9acc21896e6bc909c4c6e9cfb29615f4365272c20d809e9c024e87b2fc2bdad2ab25f5b0a36c5ed893f0acecae5cb008a462002e39c36c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
20KB

MD5
b2442bdbe1833cafcea521d6c61ebfe2

SHA1
1a4efcc6c95879a3dca4b977eeada5a87a070ff4

SHA256
3253fade0ab13b0b93dd0163d0809c7ac0c0ec7b6b7a0ed2916f763636cd77cb

SHA512
a4a5881ed0bc829583a9f914708e9e8b61793aa0f895eba7617f796dff16cc46702a27385a341da6428707d7fbb37534b969e843fe508c3ba948677c04e52a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

Filesize
20KB

MD5
01544cec8ea1384b58d63e4c1955b9ea

SHA1
bda9a87449eee2fd053b56a7844e00b1460eea52

SHA256
f4d9c14f01e2caa05f3aee0e1c6b4bd282584365271ae8d484bb9c074e6b039a

SHA512
f45d85a0230e51b1942ffc2e133512b622ce0b07e4687e1227a3fb4feff3d269a75d7253add58b158eb03b88972117a38ed38db5bd225d2dab39255e004c713b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c0

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ae9d18b6cdeef1f_0

Filesize
3KB

MD5
f46d70e9ba96b63a87b61f13737a8772

SHA1
9912a6192aafb3d10b44eb34f5f2c96166509901

SHA256
8d7bfc80356a974e76f45809d82dae8a941066bf8062c73cf803a403a354a9b8

SHA512
29df0bf119fbcff35d8cd83f98f8acbdd4838992ba72e1f8f066f1dbb59bdfe4450e6b26aaeeef666b620db607b84c32417231bd0e2e8d7069b0cf4db6282364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f72b14d82d52234_0

Filesize
66KB

MD5
fa47745cb923bd7c3e9373c0a9aa3a9c

SHA1
00f701df39bdf9dbdb3c0d1306506286954c14dd

SHA256
8473f6c9dcf25da30ddf88ee750b25cfadc322314f99a2b16ed940793538e82a

SHA512
079ab4b5f09c494777168cb0521464b74fd03ed8686171f6d19e45de2012e720c0e6fa05f614e6be2ba04698fb208f9d28593491a9c9c93c45ad87d8c44b2d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43d7c480e2253ef3_0

Filesize
32KB

MD5
54097e91c6cc036aff1264dbe40cfc0e

SHA1
435b74de9f81a839e343874ef8417f79c2da2e03

SHA256
c9c1a0135965d5831627d9d10eb0e164cb6792c2e640b40ce84cb1a9054ef063

SHA512
3132e08d8d8d597bb1ffd28d03185b618d54006d63e946aac03e4f36859425b3c13b20a143eff8498ae6a0453aed6e0b91f2fa4b9ff2bfc33256a560eb13faf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70de4bf191ba3788_0

Filesize
322B

MD5
0405915e38ecfe57be0d1655a50374cf

SHA1
126b35903a63cc7dbe5061da90fbe9314c68f775

SHA256
6da451970384ef219132b724a353786d394bac2676c36c9bfbd048bbd51befd5

SHA512
f36968ecbd192f2916805f99eab965763f60b5df889d0ff39c7ea53720bbda5289cceed2854a903c6c2ff647801dbdf01b0030bf915baf11af3036a46599b649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6577bc289b81243_0

Filesize
55KB

MD5
e6c499f7732d67cf52b9764cc2c8aa52

SHA1
3a66a00006efabf0632ebf44d47b89e1c194a8a4

SHA256
22af5d403b6aeee61f961cf82c7e2a15e34b6aea1d760c5f6d444e488067ff27

SHA512
7a47f232cc5cc5327ec09fab4beb55c4e7cee78f99c5c1f2a53beb777e1800da29603f869f6bf1af72c01bee64bfb1a29bb639ae9937a0189e65ccfc807d553c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9daa55b3767bd9a_0

Filesize
3KB

MD5
53fe58e0324d7ebd4967c3d2aa7f8898

SHA1
cce508911eda1b7c42d233d054482a20ce77dc89

SHA256
4ded859464b07ab3a89e76f9313de45d797bbe8e5d1ff38c1051848949b7c346

SHA512
20d28e6b8b2de1f99d6f44ab2737998b2a0d11f2c101ff7d24a7f631e863bc2e8c4a23daec3524ead82d6b273c5c2c7d15e14b1072bcfa0a95629e68910961e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
320d6067b0e902066487a30f44f8cb03

SHA1
1d6d77acfacfee1c0eefb077685ad9b9c1129067

SHA256
7e4e405a5a8d43e763e183e43cf443c6779e44f86946bd27bde54e04c2ba58b9

SHA512
840e7277a96910bdc635279a052bbccc832d290637565e24264c6862d8197afdf50761f72511dc6676e3055c53338ff04649e7faed492c5a959ac0c3303901d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
01140c39a4064354e18ef728a2181011

SHA1
8798badfe5e327da68ffa1797e8f6b17ea6c8f06

SHA256
851fe5632f96bf7a8641e2bdf9b562fa49f0341092aa116da7b2033950cda7e6

SHA512
a04c91a59c97449bd17d3858bbc6acf768ba4684665b94d8d226a05eb7c1705edd0e882ffa6fea01f5b9bd978a785b99807e8f87d74b6a52ade9a75e1e77e593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
170da4a96a546787aae2a0bff8ed1c67

SHA1
4354e21ace7246ff0422a712bf5ce53701b3e766

SHA256
c154dd6ce363aaaf121c26de79099da22050c02e4c2f5347e61ac6133cdfa71b

SHA512
e739bb3e8d5b029c8ffe4ffe58da36d2d4dc293379f26ca6840a7819e249a039b96ea483205e872481dd01cd83ce58d8a5ce947a2f114afaed238e3c675f0e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
fee08644fe8757e1c7c143c950361656

SHA1
cd2ac936841b4811de0113e5977f7d75c07ad5ae

SHA256
88e909a8554b0ef9f1e0690b654f6ef4bb7907789a26e3297215b9527fa0e376

SHA512
807cf109fd3e4af5551724964bbbf57d9044afcca48e8b73b94e8e83aed0563ba32d34643863cb6d683585de0d468d45e2beb4695f4b342735d2f8cd2698b9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a79a0f1969a0927c457045840b54371b

SHA1
6de61597aa44e019352449a6c15791eb27fc1092

SHA256
565b1ad8f8a9b208796a6c8c15d2743d0c02043d0a9e80aa49eb62660dbc14d2

SHA512
8bf2edbd338fc0c7756a0665cb2e58fa00416718cdde119edde3841e365901e3057bb49f2fc0b60c69628c3721e5dfb53155653f4cccb947b508e180802d7f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
155a0cd3a645c777e733bb1106a4da4e

SHA1
e27f2f63614f3a24a2b19fd5f6e6ef89fd8456e8

SHA256
d7c9f69ae769d0847f97206c8909907462ba304317cf82b593aefb48ca423298

SHA512
e7494d3306c1cac95eefe7dc4a7fb038237b07ec9056532eb81c0f62e082f6332621ea7aef9b6653d9e68150e9954ce5745a9bb41e9edcc58a923498d398fdd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7389ec82ec655fe6c5bdf9b922b361e6

SHA1
296f459ce7ea8e0574565988b9f1637e8a07a320

SHA256
7c5c666cb665dfa1f7e3c924646e132a9824c55ca8f372c7d4c3858f8fdd348d

SHA512
7a0439afb6ea4c875864cf95f4992ff7ecd4819cc066e9b30427a4751161c404a125ae569791f2dbf569049136b72450a6ad9d028fa1a0e2c3c2a8a043c0f724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e942a111b0ea99e8195a47ac1233fab

SHA1
5fabcbd54e7a2aa00fd71d76b21df20a3563a2de

SHA256
85c05467df00d90e5130b36b123fc5c2988ae71ea46a9325526aa0b0eb58312f

SHA512
019275127f7e8775c63de487f0403d6567aa2ed03976541ef27073cee703a53990ce5fbb882d92562b93567ae71bafa539c7c1ac7341ede1a4ae6efeb38b4724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
745B

MD5
1bc202f89212fb7f2f4a08e427ee2082

SHA1
da32710379a6c01855cfa034bb7a25025328f69f

SHA256
68f78b526b5ba97fb7a8b2d2944ecce0036454c0ae7d115f02208bc2cb85cabd

SHA512
afc25c0171263cac39f7fcddb0e6b9093344ac879d9097e2624b941433ced6885bb1321a4fefef4e7dca295260abb4b299627777716e73f354b17b4289ca505b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe60376f.TMP

Filesize
1KB

MD5
d4d68ea02d1d767ca05c760486819c72

SHA1
217b678434e922c24c95ef3fdfd6aaffe97e12fe

SHA256
112a28c42b5116b1ba99c9dc38cd2012fc40caecbc0a0b849e425b5d5f67b785

SHA512
5754f88a0c74660e9c001362f7d7cac27dde5802663a6cb6c64ab68a4f1ecbed068cad1c1b3958802cef65fda49b7fc77e91aace6b9a27cc83bfeefd68efc965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
000c33af8d97ff1bde9dfd5ace14d2bf

SHA1
03a15b44773e5bbda5136a41ada66ef6eab49eab

SHA256
b6bd0b5749c4cc1c07bc523485a191b543e7a49b5a4d4515b623c399a9131e19

SHA512
521751aec37e3f8d7e26d9f3c23b3a60e6d89bdb5789d1e6d7e3d2f5fab2b37f9ef1604e526cf6d0a38db0d9cf3eb72e720666d7db9a963468ef3daa43f01b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
555a2bf876f8c577c79544a5a1f79178

SHA1
e2bf9acf1ffa481558a2037b1e25e58ea807b7fa

SHA256
eae9b3dac4316a7ed6f04e7a50e3884fca50ea805888f3b4d0eb3d3f24517c90

SHA512
d758369882649f6b2ac4f1ff40901ea873f88d503e5adb437600127f6fdd806c2af087fe71e6a977b5a334a6275d57bf5248c4e2ce22820ffab55e76c1411ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a926d1ce6418409327376aec14eefa8

SHA1
2009bc3c872d7d58daf1ae0cf719015db2a097a8

SHA256
70f41735c12c19b8caad7524fed755eb0ade3dc63357f832a3c3c64027a4064a

SHA512
f26b2733916ef8356ea413953c61a5da270818056ce8facf2aa9b5edaaeb18a81a25b1a5360c287d096e30eb22ca71168cbef6cf2dd45e3ad88bf5a60bdcb346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
713e01f25b6a1066b4feaecb6fc6b94c

SHA1
a795f49e7701a8641de0e7746450c5e4b0b8921b

SHA256
cc3f890f739c8c149b8aeb4dbbd0e0475ae900a17d1a97674d51b4f9a22166dd

SHA512
e5cb4e86567c326520cd8c4a34cb599b7f601c29db102ba46a390af46e805cc5c1238f54f7419311b0342531a92b68f75b2da204673e3627c09cfed19ca8225a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f4c79c5c48cb493c2e7fc7130b3d83f0

SHA1
c2941d07a45fd47b93b7e65d4a1dc81b70b842ee

SHA256
a4e6d8c1722b94fff9e898c9b229554a9e2983b3da4ea845051da96624e8913f

SHA512
055bbae06e87a6c47c6b4a039f2864e0d7329652d6dac3aefc5e60ae3854c6d0402a10b33f736f332aa476a7600a0aa0d4964d95f6c5dbb5041a98d2d76c0658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
06e7bd3f7ef056bf1f0478b7254beceb

SHA1
42511f7ccafb693f276220413f9a4529722c9d92

SHA256
9d33fad067eefab356cffb4cf996fc1e1dd184f2b562253504b6834e38886784

SHA512
40208c33c5d8faef5d37029d090604e3e2212d159d59384ad58b9e3a0590cd040454f2ed0d86999bcce7cc2bc0f46903c6fff12ccbef6a3b0c0de58f64caad36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74b651f4ad13dfb5f723a5d715f154b6

SHA1
6a20d555643000992416c65ff0db45d118a85eaf

SHA256
b6525853c5b96c288d0a9ebc942b6cc08bb8ad0f3b6cd86854ccbdd6e08527af

SHA512
710c8ebc462ffb0fa9d62e883de3c19ad6a85292f14be80abc23710747a191a7ad39b9b1572bdeaca827417193db621de3d3e40dc28b15178f377303865fd8ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce8a16ca25dbb4157e1f862750112298

SHA1
1ae1d643f415e289ccfbd4afe3fc688108612bb3

SHA256
0330601493f4e7a88d08c09c97ff8cd8d96ff76ad93f92c8b3daca53ec9f537a

SHA512
b4d0156e99a2685a3b97698c6a51eff192ec5645b07c35bd2ff2ee65debd4fc3410870768db3848100f7f75775d9d9c39b2b34144f066f811e969ce4c0c37efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0ca140f60a8c91d4e59504f34280ec55

SHA1
464a2826a6fea246df222c09237ade46f8c26cec

SHA256
c9356015be0be83a30958c079f7eda98f26d516e53c17df56958b33f17f3e41c

SHA512
85b13cda41dbb7d246913ee01bb2a41fa4ce69a56fca9221f805a9559989d104a0ec123b018325158b172afacc25c3cf76810b6b7453b98121ab1d51dd2b3608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5027af1b68255f8fbd99edf1e91e35a5

SHA1
17c85ccc96d2628a048834fe5c8cf06d90edd208

SHA256
8da45612f55f20bb866c1a6637ee9d76a4a36f18957b9fdb4b67ba089aeb0734

SHA512
3bbef23300690b07ad301bce3012fa99ea91774fea450c47f79f88aa693dd031d76a3a3447bcd843c64feefbf2c0c51f2acc047746f5971bb5cf3e24ac9daf36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
698c351a0b1a32933f8f217f6dc86ba1

SHA1
643e25450b99fe69102b988e6f6c28d387255410

SHA256
a41693b13663fd8d10a6eec4b377d1230b674babbe00ef7d2069ba1290857033

SHA512
b9a553d4c4babb5a2b115296ddda1bdb88ffda37b79f8521433518ae078d39616f1b64d70ef002c4afe94174a74778682c0c15f6afcdfafde4c2ff82482bd1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ae30a15bfd2647dd47cb1e8827884c02

SHA1
66a97134bcf22e4b29a6fc55adc6edf732e1c164

SHA256
8f22237c0404cd64eb91b1caa964cb1afba3538e0d125c54670812ede9961617

SHA512
8e9cb24f9758b52f93a3c450c13aa241770b5a4e0725c7a995967dba851914d77b6d98e4c711932c77e09dc61cf9a2b4716a340799fffa99662ff06e84cd4a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4f9e152b0e34c2b73e58b4c24751e94e

SHA1
d57705801c70aaab86fa01b95b34d74538a61a38

SHA256
0a7c675df570dd71b009646c76813460dd1b1b65416c0c31a58cccccdb5e8fb3

SHA512
f7ef0073ebce670835a1349b8890114d3b21d2466d172553c55fb1895087d801500c0628c4d8c685298a59af60fd6d500b1cbe08cf5bbcc78ac9c8ef7444a2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7fb47fc47a1f5c3567cacd57e4f10e2a

SHA1
7784fc44094d7cb259346af0684f51150e5ab336

SHA256
f1cc8e3ee87d8c4c8dfeb443ff061d99070c4e8c157dfa72a89fd7767d55ea68

SHA512
0bff555e764862f6ca1989070b851e040989f46f7dec69a2cd63e5a0af820b55d52c567ea68961c4fc33d2365784d98a6773774e00d2bacc9a56c8319c9762e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ff47c3b7c97373f298cedd887c2bc54

SHA1
04fc5633983455955eebc4fb66424ea6b3acebdd

SHA256
51f9c627715774dd190d62b3b9bb798607f5a66932019b53d62185f7f50aa05e

SHA512
6cad2c0549a9dc07d29d619b0c9c2dce7e5cd0332f4d3b2158e5de4852fbdc6dcb10e6cca0eb382f965ee83e12b34d0e2d3231eabee7ef4633b5cca6347e6e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a58e093c14eb34335d1d3144335b92ab

SHA1
9a78e9705f4c4fee75d46636e44b06d8e6a050fe

SHA256
626e82d839184e2c7d79d5fbe802df718a238d4ae89b55b6e05bf33f21547051

SHA512
7e38dbfba5cf5320cbee6cb0c982b88f819882e8e502971a9793044ddfba76a70977f44a575f3a37c3c3eca50666ad3657f7479e0d58ebc5b2e277bf93eabadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6c4882864f4d7c680dbd82e3c3ce4ff6

SHA1
a39a50fa8e8c2028b2ba0db035d418d0b119df3f

SHA256
7a52c795bdaf9300e25221a25809cfc4a6e8ab73525f4db7341cc41979bc3a12

SHA512
e0cf9e6917cf108ed0b83b2341d02b6613d541c6adb3bcd723c19409f04e002598df8917e8ea227fddfb68d7f891cbc90ef92f8456477fc3d97c08e21c26a93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9714f136eb4ed0ada13c0fe9d35d4c5e

SHA1
d011be1511516dc7d51e50f4ff0df4f5c0221a0d

SHA256
43f3a6ad0b5116d9b82a85f0971f30f316801b474ee1c51720ca8d9d490f00b7

SHA512
943bf175d32141377f64370c39042580de0c89cef945f37b75462a0d2f6b522524590ddc1382e80503a7c150ba9d438780379cb523016ebe429cede58199847e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2caff61167815b19a638cff655e6e6c0

SHA1
47f982f225f08c61146f24526a5fda665bbcb68a

SHA256
2a85be800840bcccb819d95d71320642f32db3838140b305f8e0d5dca0b51c1c

SHA512
33f6c81786536ade6528f68c148aacb00e10796daaff9f6f63d83a6c561ee383e7b6720e536b8c05287dc430de9a19d2b75173addf2cfc932ee2517d1011befe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
382632894daac31dfb1e978a84077cae

SHA1
e3af7a038595932940c16cd568ed263c3d4cb017

SHA256
4e829d006b9c3ca6fdfb16ae7e18f506c887dbc377924284789e9fbb8efc951e

SHA512
5c1d2b0d8705c616a9b22e9a6554b6df82b929bbb13cadd51345d535d0dafcad7b3bf658268f3b2a59b8e82ba77ff140bc23fc0d8ff6d76a87dadf375dbc17b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f293d9ac3ff1f1e1ec48dc06b1efdf59

SHA1
f64b6f0e243f2b121d7c43e8fd67ce94fae0e04c

SHA256
66705569a13a02b65be7772cf0855715ab701e95a2c35d4e21a63c3ca014d412

SHA512
cface28ab18c96a1b3d2ccae817f977103ab8aaaff0a507b9bd910b54471eda3349d286b3ca3da6e0765696e252432cbbf5c12133a2ef41f3e461e711867a270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a67cbd3ca370b7e50cd00cc406926d55

SHA1
b815d953b41a4f7c92d5bad75f4c9dd2d4481f71

SHA256
45abcce241801e5242be5155f7880cc14b01d1ab29857a2706e7e1b0cb39293d

SHA512
8058b717d8a41a14986791eb3a32aad777d78ac9fdb15925f6f289f299444e82cf644187d59e258ebd10e8298e638bcbe6dad39b6077b109e223ea20fc333e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a2820111cae05af2d960e7b4490a5cd8

SHA1
2c606c56ddf67de8ae2096bc02b05f14a9c0ced5

SHA256
2c9acde1a8d52d8199139fc25728296350e273376397d1bb731137eb640749c4

SHA512
e6fe55c12c7dce57793d8c30ddf64e32a788482e400cc82b9ef015d86da933b35ef9c31e84a113d271de0cd16e7510898159ee28182fff397af2ba6c93ddf6f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89cc6de28810173a346d9629940903ec

SHA1
69f68d624dd9ba221465856fcebb2c1f9b9d64d1

SHA256
181d8f553933a7480c52747e96878fb65d9fdf9560f32b7b65808a86cd673b79

SHA512
3f713e7a7f95b1db74cad9866e7e620c6322566923d9d85147c800b20fc4fd9fbece80dafe8e09156b4e09b35960fd05cec0881d29eadd35190eea4c93b332fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7cf2df4aa61013715066e684eaec3912

SHA1
91ca453d8bebf5927da7273266969ffdb5e9aa26

SHA256
c98f5353a4f1df0ed1253833030056666825d321cf1bc9e63f270a32bc4666ed

SHA512
1e338d633e4adccabba75e90f93f8edf80389dc971e8d53c22fa09b0f1440f9564727923faa5da731ff944c6e16432e6a4aad076d91ed0c2f1a011c77c56ca11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c770c.TMP

Filesize
48B

MD5
01b8d3e3536c617f4a22116a61fcaf16

SHA1
3a12da44eccbd43f58904936a8cd9f2dff5789e9

SHA256
b5349541a5e564bc25fa2c7161c7f7dc1c53d99fa3ef8d0c2594fad827a7485c

SHA512
5b2c2c766ad63671c9cb391091b9f0838b0b8290ea1526d0390f766bfafb6e2c36371b967d0af69e8ff76c449960e4eb029e7766c9072668e4312634d002f14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea0ccb020d6722bfbb6688685dde38c8

SHA1
cd48a37d03598395d63d00c66beb8d28678e37ce

SHA256
6a100ae856358125e4c04b6a90964546ab024df28eb7b93eda8d85ed0155611a

SHA512
50522478f51570ec1aefa06733ac279a1934a20920ad889d24bf7f932a5ab1cb34a4c4b5e52c92f3bcfa251d7a46f86d21c43ad334985b0cbffcea6211903520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
524b4045430478dd4a262e96b3a470f0

SHA1
33c2c704beeb10d902124530e4f8f283a3ecd1d0

SHA256
53c31ddb43b461b56893d53ad63e63ff7f8184823cffdb1adc48f03756e24160

SHA512
839578fe7f65bc5e563ac4eaee5c4093cdf2a4bf4fd00ad259382fb1994b5bce7400dda4cfd7506daf41e7576ad30cafbed96f3db52b4a647f606ca7d949f835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31373362e5b6d20b8ebe0fa8bd5fedaf

SHA1
b2cfe58a90abd568cf4f424e18309baf47be1ec1

SHA256
091baebfc3726252660702c258fd99969b805d1b475a79fe011306c790f127bc

SHA512
92008ee2a3fb188bec26b9f9fe7ae9efe80fb79f7af231b0b68c464699bca8e9f7e529a18e3533f5c8f9b2f6f095a62a3b7856b6cc2f704eb93718923842303c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f72df6e0f85f5c3d95a45d88530cfaea

SHA1
9969d9081344ea8334bdacfee7a4eab8f4192e2e

SHA256
e32eb153fce6919350772a5373038f28ec637bb9a7882cd8b77880851d94e7f1

SHA512
d5a38a21ca94aecf51bce040a09b769293785d34bd2279f2d9275c408847589ab76460145916e8adc72e6122ddb57b72d99c9fb9d8f8cb7f4188eb9388cadef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
54a0757f0da85746795dbd0861fbc397

SHA1
f855f6bdb78835a4d22155a789f5f8edcd6701f8

SHA256
14a3618aaad530be2f4db19ab59732b4f24e74266b0953aa6fb49fe4836ad035

SHA512
6e2d0dc23d2f94cf46223998482f7791b8c50837b7455fee560d20a94e7c2457fddcd1e03e8e1c7ed6b782bd6e683f42bbe16c1a97e4f7621f21b98a0a95c326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1de80581bc1273ad30a35863f8c69224

SHA1
e3c141d3703f0f6a42105c6be19e4c6d8b4b1c54

SHA256
a9eef8b81c3cc7524fb91f5ba9e825f3ad9d2840fb9748a8aed7b0189729792b

SHA512
ee8aa65a5ff954175060bd140c29d397121a9b11571dd34745f617a63310eaffec17c241fbb009724f7013a61a4039cfc6a893acba36d754d65b259fdb42fe56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e26bf7ffdbf87ca18d2ad2f4d6081f6d

SHA1
9fbb26a96e14e6f75e78c26000ac6ac50038eced

SHA256
c0f1df155393bc4328995a19bed0beee49338355620c1e16ba7014e0517d5b63

SHA512
0fc51bf777103b01293fb0f712a28da89b3448fad852a3b0aa18ebcd45c462120d38e80182b739a9d1e0ae96f03fee95f42da7577b81a27eb1b73f784fe6f53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8608a392a559face5670bb30cf2bf1b5

SHA1
f9c312bc05ea8bca3e249950c1ea73606a38f216

SHA256
d8304dc788a6389878a0a64a48ae6a0637785da1c0c8e10afc15be2d7509c593

SHA512
2f95a1bdf3c8aa3cc90da8ed467fae3e2cff8ed4afe8c0c1a4b105cfe4f0a78631dafda4f88a5013e11399aa1702def96ce9f348c8c6ec00b6bef8d333aa058e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68f0a3da8470fb06b2c63fccde6c5812

SHA1
4ab14734bf4fa9aff339ba4f1cc4a4568abf85d1

SHA256
2baa3835f1d9f5dd3a0051bc14138e98d7bcd0da14845eb4e4b3b4c0940b8d54

SHA512
fd3741a2dcae4e5e432e3a2678afccf94a445db46dd45d6b12058cf0eec38e69ae0407a4f24fd6db113010b5ef4d02d0eaaf0d4eb6c53aafeec15c1b8fc6fdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
63420a9530c0e3595f78e3736f86c993

SHA1
479bb1ecf34f44f40d35b2d2c535e757b371bdd8

SHA256
1d9e83038ca7690ec5e0d8fe4dfd92c2f9b7c9528aad01efd9b351da91e1e2ff

SHA512
a6df6b72b4fe3525b6ce839c3345da9070a064d34a2b6bb99fc16341343b8f99e967620a9006ea4c2f17791557b0fbee8a263f512eaaf1a0cca61f399c01556c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71f575d85a1e26326bed55902cef6ab2

SHA1
8c284d1b952f7969e2d094c9b1debeef674775c2

SHA256
832fb0a5418b42bb24e5c2b7bcb310138bf92a369cbb1120b819ce68eb154101

SHA512
7fb1af505a859da18c992189166d5416ed87c15de4f8e17aee84232ed69f123c35e211fdf2948350bdbb78288e20b1ba39407ec3c0e469d50bc155925654d8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddd6abad3bbe41456a9ca2e2f7bd1897

SHA1
75e56b2314e4779ab6a1a87c539aa386a89eae5f

SHA256
0f337bee526ee25c0f5b098d1ec183d9052d9dd3aec1aed5781885ce675128e5

SHA512
21300274d6f51f864345b3ad3558f600a4438347a21303fbdd287c668fba137863159731c639ccd300d4d4f5212e3a4f497d38e33a67e92e2c491e06e59b04d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4f247cacb2c9718fc3b9147272ae3ee

SHA1
85309746f240fb22d2bc8977313d5721eb2b5183

SHA256
e8ed096cee4550af46d38301404c3a79ce480365df4eb360397ffef3fb60e401

SHA512
3da104d8d3ad67021f2d77cb768624e3c5a300d6aff9c4d0706647eb1863a8190c9066dd06ad642adb342758598c5b559be03d304dde1c7d3e77e2063b4b291d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a731f8215dbccd7b911e4ad4c0c3d934

SHA1
1770507f222b756d7070953c9e62591cff69fdb3

SHA256
22734da439d2a613cadb6441691e434311e235f9fa05141da2332e1dde25cf1b

SHA512
ff77e5503bb3bb1b482d1d54fd5e09940cf81b7ab301eaef3d76970ecb7d34d1b8886a3625c26de4b601c5b1d54414af50d8fc1181a6b2e1eb2381ad800dec93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3711a9e43e15d68a6869aca133566f2a

SHA1
67c1f7d35c6526ed946fbdc67bf09aaf26cf0f77

SHA256
a78a8eaf9102d555d8a6c34bc60893223f1202f8e462a1b50510c264b2d1e37b

SHA512
ccfda3ea7a6bcb9321d1448fd092c59a26d429123e688b99f976ce80fc78587dccb1ef13bc27dd2990f2259b4a746f03244d14d70c04ecbfb9a13862254a6ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5c70e510725836cb0a0a7599fd994a7

SHA1
91517fc34351f6a96b0ff69dae600371865fd152

SHA256
77df3a388775a80220ba227de5f58630e4299b91cdb66eead8e25388e23925c4

SHA512
1f7e7e78f07182a8ab85a04899051cb03c436e8143d1a8aea75b1457d6ac4a5c012f160823737383e7110f6dfc853299a55a8d7b802e14d0ba2574924d7bbd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
d365e25a301e11c631f7b3a6d2c888f9

SHA1
a90efaca4cdf4fbf9afd036f56fa77825d5802de

SHA256
f85cacb714e0f13a270bbea4fb1252ae12f4308273395134161423f81989e524

SHA512
15f81c6a3b5b14664b3620e6357ea1462b29ac58bcc6c5182b781c0beff0eb10de6542dd1a1248a5b1537858211115bdf42bfd47f0b34a4304b63d876c9b6891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
9d66a49dacc0a97860b26d99d9691ccb

SHA1
f591b9b30fa7ff6396f9c720ec7ce1bf90e19491

SHA256
8e513fe0ab86f918b3d51afc1af9a8daf766585a0321abed9eb98757d048b3d4

SHA512
31b534607b27014efe423529308410f98f92edd8a4d49d8ee2ff2550e05de15709985549fae62761e9074d50b829f01ce1966b58e8de48641379b3f0bac3106a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
0edab8e31c9b36274f48f91985f11f87

SHA1
e84c41a2f9c1c90e27a4a67a2c5ae08f11102c05

SHA256
8da9c828b758e1c5225592c4d811221a56b5c5bd0f9285f16f274bc5bcc2c49d

SHA512
a4aa3cbd6502c6f7c107151dd5e3cdc9cafdc01cde4c40c8cf59cc12c580a4be41790fb5a7e10d85e98d4d046d20b9bbba1667310a55d88f6dce99ca9b90c5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
840a7d323b2be310e726503e7775ea88

SHA1
a97958f135ead81a277fc07069624fd58b9afd0a

SHA256
82e40d7a9b5d7ad46c8b7d2786743773fd827f61eae285df6860846d33cf017d

SHA512
f5b2c72026fb16f6a13da0843438d5c9972cc1261a9d5dfddcd968037753655d87a8bb77eaa3573a73728fa2a07ad96199c2546840c28f9f249194e181b4bd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
c0ba8508e24062310fa8a31862fe7eba

SHA1
25ab52aad06746c4ee894117d6fcfb2899846333

SHA256
fb9d40e3db7fb912c46f38bf2a7bae0731c434fd2cfb303cc97465605b3a9d1a

SHA512
0580058040b457d4f2627881f3548a64845e99c8844cad266ee3c152f97ae1199b43e5a8b4bd2a1f65491e995f8d82047b3061854be525e91201b5ce3d1acb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e575221c3252609dfd89bfe59a41fcf0

SHA1
547c3118f65322f8a992d5ab7c7b81b6a651d564

SHA256
318ac91785a903380abd8471fdee592026a2d1d434275022fd79f27824b98a87

SHA512
4f8d95d607ab3b7f379a07dd9a2b4b290d54aa9a195b454267cbd2b51549ed243db289fb0c882ad809aca2e793502ad3963c3e04c5d8076766f7e62b1d212ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
3875b22a62e4353eec11091ab99ff453

SHA1
a2b0489b3c92e754e6c553767ffb6ae9cdfa780a

SHA256
995b101dcfe1237a7cebed005c9b91dc5aca0ef8e369dbe4c0c8469fc244968a

SHA512
8153bf2585753644b15e754e052333f2502eae802e1e98f0be0563764b0daa79c5df0fe3805cfd6d4e396547ba7e58824c9c30dd0aea64bf75db602805da9cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
dffba717cafc657286e1bb7ab283b97a

SHA1
9c9df242b130e9175ff1208cf491a77bf78de0c8

SHA256
e2079024a53751d8ae0fca0beb611098caa00d4a3ec903666b2b1db67366f92a

SHA512
5468204ee38829dac07e0de2f52a72c16acc7a82feab1556a40a8472e941f951426710ffdcf72d07e2a6bed02ca3f0f5f3de2690a5ef97c8bdf7f0704def8c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
c3cf5534f1060f5cac55d556791e4534

SHA1
f3a374e7d4e9472beeaf3424531c6589a54ce895

SHA256
f500a99ffe522bb5c89ed5a93399e9cff9776d8124e075f0e055a59a0e48738b

SHA512
e86aab2f4eaac03054ff240178b6b9da7f7e64329aca5fa05cd37251718b402e8c711ff81e013e9bd5d12df865b1644a6af5626ab391a31d873dc88509593562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
253cb92137708ac641f4e5f7f7023ce2

SHA1
3aef42fa3be2b0f3041c46590d378a225704d8ac

SHA256
e5b76272f66704c3a34f0f75053a2fa9cb0f80e377fcfb722d0a7d144eae843b

SHA512
7332ea8f354a17498d2eeb5d9b7e085c91accd3b13c244a984f3e44a3d5aab93214f91b3f9210970bc2f463915453dfd108654e3299f8f0ef1fd76cd4705874d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
5b7f09118a2d4f0d79a03e206f4fe808

SHA1
71396721eb81c1ea7c88551ae789de791e313cf0

SHA256
a6bc2157188322b1fdf2cb02fac7fe6cea92560b42186e37a139a439ad11745b

SHA512
fd07c08cd9125f3cb5625b46393a1969df016ed81db8e01a17b0b75eeac168de6010d40b3ffc64f17f6bd5adf4af15858ec764808078204a905469d55992f094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
2bad498d4ea2ba8aae6963b8b1ad2ff1

SHA1
346aa9858b62b5293ae59945cdcc7ec2ca9a0d96

SHA256
f550ccb103a6a0fc422f96c4704bfa2166d8e2caf05f245b2f87bb0fdeb63c08

SHA512
c64a286f601942d515a565b90790b55083b13c88c60223e9a88de3a5ca6dcac9e5a4bee42f70d0feafa5a500a44a822e86e6515a617fdca89c632fa3ba4fbc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
517fdc749486fffa959ec54481884706

SHA1
c02104be3934ee209ac1cbf56160a5bdd0e46d8d

SHA256
64d797f70b047e4d9975fe89fb85dd496ff0b85f61098af79e4c30ca19aac554

SHA512
3ef603fa9ac7b8722ac76ecfb4c69533d7693f47853da93916d93b1cb2468bf6e3315849d6da855c8454861ba8935ed4db02466a20899384a96b03bafeaa6cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4244a20d27c6a4acead23820a1767cbe

SHA1
7f227cf2b49378e4e41aa375921150071ddd947e

SHA256
e214a2c61d1327fe83eba9b24e2a6b0155a3b64744c42c3ac4ec3e4910acce9b

SHA512
6a6dcfc8a7ea07af05ea4ef57b7a7e28188c87a025d4880f6704204cc6e292bdddccd8b3753c0efed503a5379aae2d2168f3bc378a74af5579bc5a5d671cf975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
10433b08834dc6da1674593d21d38189

SHA1
4945822257353f51b8fabbca5f3d3fbf3a7b8fe6

SHA256
62c45a7ae7329d5972053b96e9166e6ee8edb711d3dee9864b4af40003f5ea53

SHA512
122e5806257e63663841066b7d6b516138d7b3b17099624c136138866a2963df3340a67d626db2e3f1e297cd097aa1598ad95736185081fc2f097b3fa4bb5655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e70285a37a4b68780dcbe721a8ab8e86

SHA1
91761702c6afaa687ea726ada4f4eff197af1a49

SHA256
12f95cb1252b7e30fe693dbf2d14bd83daf258957741a926bcb8112e6c454d59

SHA512
3f3780f1b7759db91862bb4e717696a71bee5d1a1c6eeee67de741bfb3759d43a0b8d3fbc27e37c5c22d363a86bcb88af80973d7f514e5aeb744cda32b7169bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4ec2dcdb23824c422fd41fdb49ea2e70

SHA1
0a53c4362c93d630faa9fae32288871c7afd6d63

SHA256
41c5e252c8ec29fe2f4f87396681ec1619e51a78bb02bacdc0dabb723c8e1d34

SHA512
08cb13cb2decb9e4e184a0f95aa925aebb8280832b35bb6e4d4aa50cb0815251fa8c6e3d38b146de878b962bcfde89e446331533ae2dfaea92a28d3efc410266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2bcb09f7c0f2d3e6c3bd2b8fedce9570

SHA1
a7c4daeeb89f9a976b6f714786a76108bf2ad0de

SHA256
94b11b4e7c077e45387d243eca110bbb8951848d379a682e74b93c82ae4e0842

SHA512
fd8d407e7c9c8d5da93e9f5a0a9466a435e1781bf5442acd43bd4913f36a435d184083ebf2c3537947a4a20ed8a3f12ccf257b99f1440b1b354a7a4e4a08f925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
0d76eda6d11d46076303e0b4dec53ce8

SHA1
c90d247c9157db82812e6f4bea622e2b12c329b3

SHA256
c3fe4ec92c0df7fb9687a200a84778e57c88a8607e0c27ac5d11ede3c881cc72

SHA512
fc5a1fbc54ffed9697e6ea6dc43e950fb513b5b20759b700e2ac1ccdba87ed7b623613d28dfcb4cbb5cd292a95c9c36cd27f390de7e37c53276a93e3ee69f065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
f829979718986ead39d8f0de99d3e3eb

SHA1
40f4081d15d75fc8cf0e7864e292605b2c5cf40a

SHA256
30bd733c2a546868b11c8ed250cd45ca1e073239f723270ae728d06fe87d09f8

SHA512
741ddcca58a20fd6470aac6a236b0ff509482eb05ed6fe2d1ca964409a749826c17fe54072e5464053dea6178a92ce9e67fa81c186244acf898336f4cd2acd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e78d66b15f35fbcab16b7b56bb185709

SHA1
dd97d9b15c57771eadaf296c53e5ffd1c129b51f

SHA256
b27b361dbbbafb3a64057006cb506d7a4e913030c375bdf14f28db5e5215ba8f

SHA512
06ede2a28087c825f43f5a76d201eff5cb7d334e285ecb1fe849bad20abb0b53f6a42ef0d5da9d094ab1cfdf317928f4826c5030018130a43b72aed4041bb29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
98f261f965785ea6cffe545255b053f0

SHA1
7d6f039c836f35b6aba96f167f79cf2d1ac967e4

SHA256
d62585370af4b15e094140416a3968fd3cc150554fbeeeb92c51772cfb8be846

SHA512
1f1461bf653b0efdf3a209e1c9f7a1cd6d89a4b903249f3a313d8ce0d4ac0f1821a441ae4785be6c2a27d9eef0986862f1009e5153f434a01826ce8cefec4ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
80e30e477b5c05a542ec285f489ba48f

SHA1
c86148035de5ee8fc6c6860fc105a7b98651e6d5

SHA256
56f8e84a220d2de6a1b79ca58d19f9e6b22e91c47b2dadb7355ad529097a8235

SHA512
c892fdaa4154708b14f52a264c61c070a740e3c0e60483c49d8cb53054dd51c8ee609a19b510dd03f364a56d542db76970bc9c4924e5d624a0d9fa69efbde2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
21e8c97a06515a1da80b1b8eca5bf01a

SHA1
947ed76f29aa48e31defe1b948804f27fb2f7094

SHA256
a87e6db18ee1f6aba7c6bcd31030e6b9d52158390e656170f38d2d110d1dd836

SHA512
bdd6bc3b99eeaecfbd4e51d998e1fd98e0d682fb7776e650ff2e3f541d04d0614cdd9c7d469764acc51843ffd28cfb26b6267c8dbfdf38ac223f124acd216c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
1b2dff2799904962ede4f82559842755

SHA1
a8787210460ba5f2e8c743c4860b094e30e7ff83

SHA256
b9ca5eb0ce35e5a4fc74b00b80665c0081f06253a94ef1800174120efab93125

SHA512
fcf6320fb67c67d88de33a0ccf6e8db2ebcab7a644df6338f24543cd10703ffd8550d8919ed560f0520e6198b57f7e0fbc1d81e22ce3c75682bb57197c9d2425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
b0ab5f426e75fa9fb7f5da3691552921

SHA1
02192e258cb55c68e164fcf5b1f26d97e624659f

SHA256
3d25e90c6fb5b2f7507b668fa65d9ece69f07fd5a5764673d9dd177cc5ac295f

SHA512
b0991ca65315da3e7ba2993769f975200ec379166e5191acf5583aa101a7083d8cf5c09b567bc530ef64dbc95fb61c72a3a95924f671665f56174bc09620e9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
7be48dbf5cae7c539a62a28df163af7a

SHA1
f2144819515ea12235525f9fe92b0afbdc2e80f5

SHA256
f8c83e7f4d0be8f988a76029974de5f6f6764480ef1ff73a6378521ca4d2cc52

SHA512
aeddacb8f616c81f1dc0ad73589b9ec41ecee162f89974d0059ff3d840a5ed5bd7924ebc9c731afee79bf581073efc1ea8218d4c6c3dab8791768aaa5e4555ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
b5cb238bbd1a6201b7b83954a2f02d40

SHA1
09e5e258168851e305c4f8ac811fbebbfb2d98d9

SHA256
e3449bd3e4502bba8cb1e7c144f0a16ee6f8f42f55fbf5bc4172c91fc56474de

SHA512
633d8f32204fffe8be2586dd819cf74b6fe844a10a45617eb1e2c9d720e26271d3b2f33c3a68422609e45b77666452e871b007de6ed96608eb3351777dfdc102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
a984a3152194ed11a2254ccd4b7829ed

SHA1
e88c5b7221646e413356dabbdb4c9fb1344c08de

SHA256
b655f653a425b42454560f52267c0b2885c400af1be034f7a8433c8f5ab6cde7

SHA512
142102a5c07279fa7734ab967f99274dd887c49139ab46f7a2be4ec77c220f6a95b54c39164b10f38dae737f864cbba70ed5b7d0fdb6d1a3adee95be3262b80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
766c9e5135c5ec3a12317ba9e50b3b52

SHA1
a330f4163faa1dd4f7dd5c7e6d6b81517823dc15

SHA256
457147c8936b2ebf6983598f5b54f47af341469344d27812060c5271f70d6b4e

SHA512
735ccd4aa1408f0acd2db2654f1eec757548c856a2d8b3aa0c96eaf23a06bd2e09fbf5290c1a1c07357abc8e2b88bae33f0e9911322cbc760ec54e1e06da9e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9d4fdb181efe05421ce4ea23fc4bff0

SHA1
02f46d2ad9ec425624501607dfb2343cd668ad6a

SHA256
3eea23a73991d62539643d48722bbeaedf80c60501a41444e97d7c522d89a3a0

SHA512
36fce5d2dbc0b23679953e12a5b8d1a529e1d9f3398095a8d3fe5ce6b8bf0d1889b8e3694caffd8d4916ca90c771c1c962ca4a979830dd258b7b51b9173d05c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f131a3ee8c6e4fceaf0e360dad14a760

SHA1
7a963dde330d095e111e4a355f64c9b423f9768b

SHA256
c79439c591438976d92974d1ef9f95b4da286bc481a09ff3b903e051a5adf676

SHA512
3ebf4212ce525ace0a459b4b78ec691946fc1a37f1a3ea10d31452d9df2170ee92973aee2cc0724509404aa823dd7cce8a470f2c26536b9965b32c54674a0d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a6ee8adaafd5758a83d2610e6ff8955a

SHA1
5f1a7a7053b4058ff0dcf63d9c9878099d66048d

SHA256
a494d260990250b9b877ffd7a27a0a9866c0da4ddb71d76b7be66f211db45d32

SHA512
1e4faaf32b3f09637c5dfbac22ea3636bfbc860f6656819a716c8da1f1373490f92c11c860aa6983f92ee1ff1e8f0e3c121751f024d0edb23ac6198437ef9902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f1f43ff690c4e183f5fa6d8b9405673

SHA1
ea5279b5b9e397d223bbcecde937bfccad90f13b

SHA256
cf1b8c45119a07c1c3186fb293716a4929da649a2b6298735ae55d5dcb306273

SHA512
6d9fc6617a2e685b792a710992d8613f216fb00b10783de3b0fa16ef81d7662e451614fe8719af30cba87463e6cd5b68b56974f1f8f9c1bf0f157f5cbdc82127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1a2bb27276d8c96b8c12ee1107b2a346

SHA1
79e8b2bf788a6f494daca193695d59ed3b1deac3

SHA256
4805ed3368d9f40fab185b2580fec9d922b963d928a65f090ac53d450f8d9158

SHA512
f746521930cc39735a42e9fc09a0f6ab40f265130cf6bb3085210de43c2dc72a904421f893f96cc67d2a2f3d962e89407a441af35bef8b664397aba32a500c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ebd9e6a8c14a859c2910e41ecbe39a58

SHA1
c0fd6df0434a113e4f367eb7fcdb4fa5d10a63fb

SHA256
8d0da5c95586abae471a5c94e221c313f70a98218d99f3c0d5d28cebf887c4a9

SHA512
6b8c113b14ced73868cd95b60cd35fd239096726ea0b54b96f487bcc98b0ef4723599e908219d05f069d333d0e348785243cb2c0a26efbe1a4b3a33ec2eeeae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
674c24a88e8fbf1755c1e50ff19d57a1

SHA1
495acff23f695bf71c2dd51f4a08e83a7d782e3c

SHA256
a3ec2501cb0ceda0b24525e13b6300d3b9ee4131fb42c533d0d795551b9390b4

SHA512
a35de7e8100256a8ba113abe1d0d3825ab4c538bff55b124753e832a81219fbdc9742654c4bb0b67114c28b40c6d7baccf42351ebfd0f6b0ca07f09fee8c1a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
425adc57633420cfcf6ae98279ab550f

SHA1
8eb96476f32463d16106b747ecd9314e6468974e

SHA256
4257e55899aca7101b97a11cd9c7cc79b825613ab0786edc3877719758981340

SHA512
a1e4d2400f01105fc892beaedbae4711e93025b60310074ca8fee47a776d80bca2618e89d493bccc2cffcb366e365799fdb41bd96342e435315ca89201bdf6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f9477dcd3b69fd14dd2e96c635afb0c

SHA1
7f9a035ec02fdfac19d64db21d9c59b82bf4d1f6

SHA256
296df35194279e77e9609c34318a60f644c4b21a09658342e29f13ec0605f3e0

SHA512
d33a543fb41e1d5e6efdb7e0440e0d809b4b2cdf76d8430a9778b3673781e8cb4769a79c53c51619e0c1f07e1abb0026ebbbedb223153c556eb83f6af3f589c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec73.TMP

Filesize
704B

MD5
fac959419abbd401d90d1e91e8b27c17

SHA1
6bc115f2f169d94c55ec7fa93543faab98233374

SHA256
434e7447d4d8dbb760448a494616f8c031040088b447d7d1424254466ddf44e9

SHA512
d2e1e1cc23177c78ed51e24254c1030e1406ec1fb3b7a9d1cae6dd4b22ce98db1327bc855806596210d5304dc14f06b4a647a229229c5477c531a81f8d27ea0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f20a796a-89b3-4637-8d6a-0c0c726e67d5.tmp

Filesize
8KB

MD5
8aa265e5367651c0a1425ffe34729088

SHA1
6e9b1027fa8a9b61d0bcc1549fa7e0f485399eda

SHA256
e3fcf96f20bccfa8aef0432e52d8b8dd1d8eaa18c4f3b8de9d6d9cd8b05a4f65

SHA512
274db8b7370dac06435fec1512bc46f38c6dbdb80069217bb28d46bcb760861028af9ae93c1c000453f047af6db42c5b2513c3e3c192facd9d96eec9887b584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b5d8c224b368d0958091afcf5a236b7

SHA1
78d040fccaf46316c7b13116516172fb10ffaede

SHA256
41060bc26bd8c460f630945bd43a694992ef4533be0feb6eb07385ac2bc2e351

SHA512
7938d049977a50b17cdaa0706af09d42e8586a7c389780f41d64ec8d96a40a4e87f78df5f94e64523e00d2ede65df20c4940b8977a7ad2af6aa5a350e4d7c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
638d8dc8725d506ff8c960b2bd267ed9

SHA1
51cdeb19c05c2694d93a0b03b5d54c7aa39c6d64

SHA256
0fd9ed8d0fef17f3baf7087a0f9e63f003252475e9441fd752933748af90895a

SHA512
b2946435acba034fadd2396067c075106b9d358e8edaf74e72fcd7344e87638b6177fb4754c27062bcfb3f721fb0ce88ee2d52fbd40a71fe4c609307238ffd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4762a4a173a21e3a556018a8f8822f22

SHA1
d4061ad2b8a9078027fc31855272b4a7432cf208

SHA256
a36e65f23f80afb9ecd065f67c7f2c2d49096f403789c357475f672a22a8659e

SHA512
6002ea8e4c8b7ab0777eb5cf2c179b4b98c514e81dc80b67c859ebf5a966ba5b89a42bf36305f9918db5a64a467b3829f33a2fb4c0212ae6fac661ea69a8b174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f718b4f30e2b4da82ce34b7c242e5c2e

SHA1
b2529b154891248db33a95e3ad60cf62c116c8bf

SHA256
2bbed827410ab573249c5f0569dc6ad28cee336e0fbdf7467cfca1d5b91edaaf

SHA512
f842877bd408cf2590b5fd6e00915880e2918107f25c621956f7f95cf2d23e8fdacaad1a9b00cea5d1e25ea8fca85eb1523e10fcc106214a10a423be16118ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd624a6944c4c30de9c5cd7e4c738f42

SHA1
213b7d52caf7870677224aaead12d189132b0fe4

SHA256
a532bff5e87a28d30927993e5b2733c3785feef989b7b86884f64441b8bdfc33

SHA512
4c4e317688104914a229318c38fa8ff05e47d21d46493506a8711c05d3b29edafbbf94812c61e7f189964ce96b8a4dd5bdf1043ad8e21c6140de89e40bb073d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82cdc10ec0cb56201d1dcb088c21d04f

SHA1
a5a69856757719e3246717638793d2ea778bdeb4

SHA256
a3e722b37d99daea6fc90a9082d8be1ffb5989d3edaf85aacce839686dc070fb

SHA512
537737eaced46bedfcbb0cb4f85d7771d1240e5ed774548d78400739afecc87d922dea905d2c04bbbde29d548199763c652c3dfc95b0997ffb38bef027947316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f28a1ad84b76a47ab6966fa94f96a884

SHA1
d5eda13e637af2cf758d30879bd74227d88d2453

SHA256
05786d31080b505681d4bd1b8c71543b4616c6002c61c6a76acde5e215f57e70

SHA512
35e0678746f1ad204596d5c9139e1b5e68b28ace93bac06afee0be72bcda4831ec40ec2c56a02ab7d23d0beb85a2ccb89dacfa40cfc1ac59ba12d67e2c3d0f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2cd4706076566269071665c8556ecd23

SHA1
078a5bae746ed1cd08cfc702c8db55496a4873fd

SHA256
5a36d6c520c422b266f42fc13c6c96d851244bacc9706ac3d4099bd56c2e8b27

SHA512
9e3741cace6a64ff6e0cf1c3b85b089d357f6ae2f87d2b26f05899d9215f1136e01a2ae14e2fb2b5bdf90e24c4aeae1ff5b28f38dcbd331ea5da6012244a1c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
057efb4570a00180f3bb293d4797366a

SHA1
56a8c87e898815d0ff900d547ba43a2920bc4daf

SHA256
dc95010febd50dacc6413b4bb98fe6739e3da2d565b31ced5a46f2bd8507b49e

SHA512
e7aa6a7153bb79fc845143ff58c106f4896aaf109ea22db63ab8a0c2f404b9c9702fe5db59154e6ea65d9b65bbd0f02f15b3f6e8adf3ad81269cc91c79c42764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b9b1f03898176670b8596c02eb0669c

SHA1
c29b6162b202a5a516bacbcf33862b0712cf8ed3

SHA256
a46fb6302db580288b496afed6c0389f6775673ab34fd92e835f7563d311f130

SHA512
86f5b92a7ba03fbd2f60924a6625d9f47470a7bf5365781c6d76917e9772384228841a07bcb0ae787aad9631b075710e4958b7099ac54ef7441f75581bd558ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\18eb91cc-3163-4efb-ac42-a75faf78ec2d.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0e4df74cce0423376e6a782e4b3deb64

Filesize
7.0MB

MD5
0e4df74cce0423376e6a782e4b3deb64

SHA1
8db193e73416f1da44ad98f344d3ff207ace44ac

SHA256
8b9263763da2c73054426eb6a8de5c4e7f42ecd11e9c95a426b0c66aedd727ab

SHA512
ca3136acde16e33c80a0f50c5f73a2eda795ebf9a90f7bcd4803b5cf2c51135b2ec2ae40d06015ab6fe4b2b18bfc0a95712bc98dcf5f2cc85192bb715a021642

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\1c4187f0b612a9a473010dcc37c37a82

Filesize
6.9MB

MD5
1c4187f0b612a9a473010dcc37c37a82

SHA1
34d46733452812d481adeedad5eaea2cf4342540

SHA256
c8d55b0f4f25caf135dabc7f21b9548263022107e9740dfe692b402469cd47bd

SHA512
075678e24a867d5630da324e934837d81a3fa1d848a15feeb2a7be268d38b81ca4210cd44a22e9869173edebecd1947968327ddce16a85b71c03e6307e365def

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\1b2b134f-ca44-4666-bbc7-45b0d6196eaf.tmp

Filesize
2KB

MD5
e37b7456323681d18c7cdb1b62b0e60f

SHA1
2ade076827d5beefb8c9640960626cc39dea6888

SHA256
f4efd0cc89c6e8139d686f14e65c8ec36a5b4d5d94b559f1a11edbd169114cb3

SHA512
1d0067e9f54c5efd4dce0fef7d080c845f14516edab049d7b9708e6802cc6137a9ac663cd433cf49e631c40651106e17b15053f3ac17f7817b48f0c274fc0242

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
08cbe05181d1c3e08a9d66c922f6b441

SHA1
7892c15c17c900993e0efb1a28cdbca6e906be3e

SHA256
f62901728157f37a415e4c914876a8ad70a4de31212aa6b05447d79684a1a7f2

SHA512
7b719114220c362981b19d5833276ff2cde2b1a0874f99c50f2a09387ca97078a6720470f7be66c0302519ae207d714511d79ea9640bcf957036c0c02cf89c71

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\06dab0c4-8201-4878-b9a0-fbef59c6a7b9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
21d1f97839562f991cf5503f7289b023

SHA1
f565f490ef3f421d0967c4917bff89a35a408952

SHA256
17d38f6791679f3b729c36625f2f878abc78eadf30836e6d1b3b660108f2c2da

SHA512
aa9fa8d8cf3795b001e7ef7dfb8d57f579380c2674904170383843b0a97f088d263158b8ccd6cd7d18e7cd329c888869b012dc595d4623145c9a39bd294f847c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
36bba629e00ccec3dd11c704221256d3

SHA1
ea5ec8e1baa4404a1b06741ef389b4967d36d8bf

SHA256
eb4fba13c909d7a0a792bb19e55ec3d9b5c94134765f9e593dc6d4f4007a701a

SHA512
29a105d19d7568963709288afae1e24cbf761d411eee1a7103a37a39992d6e20c6cd60b4c93663d14dba48fe125eb5ff41082f7a2fe5b645651e8c5b6d60cd35

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
734008bbf121a316bac554f14415136f

SHA1
25b6aa8a6996e750e3f0af6fda0a640ca712ad42

SHA256
6a7cd8066df9dcdc1773440687ceea39d5836422c0394fa2091283330f2b998b

SHA512
724ba3707d75a7b20b88e009e5a8422dd371eeb73ce7d2c048908794eedc2aa867166512578fe4eff5d90893466ae3bf3f9396d88bf18543a6be7cfe49783aa1

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
91d1651667a2c540ee3bc76644d9fe6b

SHA1
efdaef25fe927ace6e4c950bc59a9a7933866633

SHA256
eed3bc5cefeaf76b2abf95aa17b0eab18caa26520695fd1c9221ba5e5f88e8c3

SHA512
9c170da0339059ea5ced916638b12f29f839595e1a7988a8bfbc78ab6f559033182b3a5d5639f09133d2992d421776f4d1edc19f1e4930840dc42e420278cc9b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
7c23324a785a6215ed25c2a235f2b4df

SHA1
45d7e717c368eec7a9577f3a76404ca500661d14

SHA256
4688ab3a1d0acf328bfb581021052349ef937fa18dc25e766e35e46921d25b98

SHA512
45d4eb3f3f4bd1fb43c69d55d1fad6fafde1ff2c7136800d2c9fd467a150aaddc7796ae9b03ff0665213e23f675600e6646f9ae4554ffc58b325e20ff975db8a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
8dd343b5c386611cf3ef5900d5300902

SHA1
a1da357969680ecc510d3ca5a02962d877440a1b

SHA256
10389f6e7cf685be1b542bc40b83ce5c735bada31be2a8c587d4b638e378d13f

SHA512
f4fe049cffde449b420f8afc131408de8ae0d8e12572e08f7188a5783361e37c8b8a24da5df9caf3f21a71e073ac9adf9b359adb25c932f4f66ca26843785baf

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
ea85a91e1d07030c71f2cfface2cc38b

SHA1
d75965c64e433f06ccc9d22ff2addf185e4e6181

SHA256
7fe5468a29bd6afaf3bc6052c6c1dfa279e64890ff5352dd0986ae1b621067f6

SHA512
5796dc40ad832c09e8e126b0a975674f1a3d51015a2bbdedb4403655dd7a11d006ac36cc6ce8ad94db95c8205d0d720b3c0f5cec05e0766a0ccc6981104bc81d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
b7648198c71d0588c9a60bafe5159634

SHA1
d7ca77311296b37bb6628f3e15287f22ced9f1af

SHA256
249d57da000c6147b0824a2669848640f71c72a80517a65241ec15e3fec5a4fb

SHA512
c7a3e5e7a1ff6a1bffd3b2a6c0b2904a469b4f222ca1fcdfc3b64f25d8c5589ca6667efa71b79a0f5e131c1d8be757afe1ded056853df739c2ff6640f8ed4f26

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
dc2948985e1424b47b95cb642b1394fe

SHA1
4e09bb5b83a6c0d8e7a930ba93e0e1aec12f3a23

SHA256
a4979c517fd429344aa990e2e414fc9bccebf8447b48e62845a1a4fa5422734e

SHA512
f3ac367cb2a3c30cbb5819384fbb482ca8bbd09bae420ccc27547253ccb401504b1a556c068703a88f49ff5e1b17859826af6b3362c21fb8ce822fb56b7b55a9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
7f0fe2caeb52616db4312682e9a5b566

SHA1
88d4bb1c01f2967bf445cead7fa89266fdeb3ffa

SHA256
9b28faacead69f66032b3728129576f6ec815f7b5f3d6c42bcddedcc79c8346e

SHA512
19da02fe22ae7071d9167be611e2daa7e2256fbf419bacb3c4e697c9ca8a3ac2d9d8bc599f72f2ec3c926e16d684b962684a96ffcfa5fd43626cd7d8b231c575

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
9c4348068d12f3d44c716f775b53f9e5

SHA1
a41435c44c3aa84237e4a845ac4d254009035e0d

SHA256
48c8855d045a5e0ddb717ecdaa5a0b47fcb50745785145352f417aded3e28034

SHA512
0eb07a617b01793310aa21c626479b832aaba73203c3659081d370484a8bfaeae31dc4d0a2ec52015db72654d8ced0e05bf60376e2dd9c9cc4c730a217ee5027

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
278KB

MD5
ae7659ddd28dd899f73954109dd9c460

SHA1
1c0495339e78d2bf4b6c8d53e4d5f42d47fc5396

SHA256
3d45be1924b7c40f60290b5f04b9c028aa5963bdeeba793adcf7f7938d095fae

SHA512
8ac46369c3cd615c8c60d020c8ef683c1a31680c6fae2f617fa81bbf5dfe5f0016bba5439dfbc25fc3aaba742f61d00140566f1a0578503ab74d2af13d22c35a

Download Submit
C:\Users\Admin\Downloads\Solara\BootstrapperV1.23.exe

Filesize
800KB

MD5
02c70d9d6696950c198db93b7f6a835e

SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2

SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 657576.crdownload

Filesize
24.3MB

MD5
90989c3e7c2e6e5dab4fde37d8fc8707

SHA1
b39b05df417ae04c980df44af8efeabc6de93bd2

SHA256
5d2bac2c2e6c925f9e175f8158070f8d78c0fb05810b30417e028d4ac4263b86

SHA512
0ffac39c8f023aba7acf488356c3745ed6d7941ff06ccd725340fe57322fc3cbcfa3f6c6dafc99eee780f69133148cba70da9e44fffbf2c2e00c6cefaf4fde6b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 812190.crdownload

Filesize
5.0MB

MD5
9a5e4420fd429b7444e7f02b2b52d0bc

SHA1
056e5ac7ef1334698f4337435985a2d6a52ae059

SHA256
44ef9c095fdc078cad8648bc9ec75f744d2c72229ee427eac65fbc1859e57172

SHA512
7728f89d67bf145106d7c86dd7a1ad27aac74898210bd86d944d7a9111c41fb3df1ab2acab5a4d5bd9cf1a6dd66d9b460368c7994bfbe8807e4c21ae142f8f5e

Download Submit
C:\Windows\Installer\MSI1756.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIFE89.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\e5da4d5.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
bf4e1fbc8562b0843dff097159935072

SHA1
06c4020a9063d3d439470a5d1f29a652e7e29279

SHA256
ddc6c23f765154d66725b06221d60c1e3a2e49a8d8486524b4360299e93fc174

SHA512
ee292abc3f8830ee179c035ce109430930b16fee1b7d97a0387d234fd4a025abaa4c36fa20ec4236db21dc97c4fd5bd4881e31358ff56dc29afbbebe4410d777

Download Submit
memory/644-2411-0x000001B0922E0000-0x000001B092400000-memory.dmp

Filesize
1.1MB

Download
memory/2112-2328-0x00000176B5930000-0x00000176B5A50000-memory.dmp

Filesize
1.1MB

Download
memory/2112-2176-0x00007FF98D660000-0x00007FF98D661000-memory.dmp

Filesize
4KB

Download
memory/3092-2721-0x000001CCF4400000-0x000001CCF4520000-memory.dmp

Filesize
1.1MB

Download
memory/3420-5856-0x0000029786E10000-0x0000029786F30000-memory.dmp

Filesize
1.1MB

Download
memory/3620-5857-0x000001550D6D0000-0x000001550D7F0000-memory.dmp

Filesize
1.1MB

Download
memory/3760-2888-0x000001726FFA0000-0x000001726FFC2000-memory.dmp

Filesize
136KB

Download
memory/3760-2877-0x000001726E0B0000-0x000001726E17E000-memory.dmp

Filesize
824KB

Download
memory/5168-2648-0x0000024E3FAD0000-0x0000024E3FBF0000-memory.dmp

Filesize
1.1MB

Download
memory/5172-2649-0x0000024646A30000-0x0000024646B50000-memory.dmp

Filesize
1.1MB

Download
memory/5256-2327-0x000001E1F8410000-0x000001E1F8530000-memory.dmp

Filesize
1.1MB

Download
memory/5324-5260-0x00000224F6140000-0x00000224F6152000-memory.dmp

Filesize
72KB

Download
memory/5324-2899-0x00000224DB780000-0x00000224DB84E000-memory.dmp

Filesize
824KB

Download
memory/5324-5258-0x00000224F60A0000-0x00000224F60AA000-memory.dmp

Filesize
40KB

Download
memory/5512-2412-0x00000180C22D0000-0x00000180C23F0000-memory.dmp

Filesize
1.1MB

Download
memory/5544-2296-0x0000021CFBAD0000-0x0000021CFBBF0000-memory.dmp

Filesize
1.1MB

Download
memory/5560-2549-0x000001BF3B0D0000-0x000001BF3B1F0000-memory.dmp

Filesize
1.1MB

Download
memory/5620-6848-0x000002193D400000-0x000002193D520000-memory.dmp

Filesize
1.1MB

Download
memory/5620-6052-0x000002193D400000-0x000002193D520000-memory.dmp

Filesize
1.1MB

Download
memory/5620-5844-0x000002193D400000-0x000002193D520000-memory.dmp

Filesize
1.1MB

Download
memory/5656-5676-0x000001C9A63F0000-0x000001C9A6414000-memory.dmp

Filesize
144KB

Download
memory/5656-5677-0x000001C9C1260000-0x000001C9C179C000-memory.dmp

Filesize
5.2MB

Download
memory/5656-5678-0x000001C9C0D20000-0x000001C9C0DDA000-memory.dmp

Filesize
744KB

Download
memory/5656-5679-0x000001C9C0DE0000-0x000001C9C0E92000-memory.dmp

Filesize
712KB

Download
memory/5668-2545-0x000002DE8BA30000-0x000002DE8BB50000-memory.dmp

Filesize
1.1MB

Download
memory/5752-2374-0x000001EAD6D50000-0x000001EAD6E70000-memory.dmp

Filesize
1.1MB

Download
memory/5820-2720-0x0000025CB50D0000-0x0000025CB51F0000-memory.dmp

Filesize
1.1MB

Download
memory/5964-5688-0x00000232C4250000-0x00000232C42E0000-memory.dmp

Filesize
576KB

Download
memory/5964-5682-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5692-0x00000232C7540000-0x00000232C754E000-memory.dmp

Filesize
56KB

Download
memory/5964-5689-0x00000232C39D0000-0x00000232C39D8000-memory.dmp

Filesize
32KB

Download
memory/5964-6033-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5691-0x00000232C7570000-0x00000232C75A8000-memory.dmp

Filesize
224KB

Download
memory/5964-5850-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5835-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-6676-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-6077-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5683-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-6872-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5687-0x00000232C35D0000-0x00000232C35E0000-memory.dmp

Filesize
64KB

Download
memory/5964-6121-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5684-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/5964-5685-0x0000000180000000-0x00000001810F9000-memory.dmp

Filesize
17.0MB

Download
memory/6012-2546-0x0000020825000000-0x0000020825120000-memory.dmp

Filesize
1.1MB

Download
memory/6056-2527-0x00000188FF110000-0x00000188FF230000-memory.dmp

Filesize
1.1MB

Download