8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Resubmissions

25-11-2024 15:51

241125-tafxlszrhn 9

Analysis

max time kernel
891s
max time network
879s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion persistence privilege_escalation themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	node.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 49 IoCs

pid	Process
3944	Solara.exe
1560	RobloxPlayerInstaller.exe
4168	MicrosoftEdgeWebview2Setup.exe
4480	MicrosoftEdgeUpdate.exe
3968	MicrosoftEdgeUpdate.exe
3444	MicrosoftEdgeUpdate.exe
3040	MicrosoftEdgeUpdateComRegisterShell64.exe
3956	MicrosoftEdgeUpdateComRegisterShell64.exe
3980	MicrosoftEdgeUpdateComRegisterShell64.exe
1484	MicrosoftEdgeUpdate.exe
2116	MicrosoftEdgeUpdate.exe
4812	MicrosoftEdgeUpdate.exe
216	MicrosoftEdgeUpdate.exe
4976	MicrosoftEdge_X64_131.0.2903.63.exe
1608	setup.exe
1556	setup.exe
4048	Solara.exe
964	node.exe
1600	msedgewebview2.exe
4836	msedgewebview2.exe
1388	msedgewebview2.exe
4156	msedgewebview2.exe
3040	msedgewebview2.exe
5260	msedgewebview2.exe
5680	MicrosoftEdgeUpdate.exe
5584	RobloxPlayerBeta.exe
5096	msedgewebview2.exe
424	msedgewebview2.exe
3996	msedgewebview2.exe
5424	msedgewebview2.exe
552	msedgewebview2.exe
5632	msedgewebview2.exe
5204	msedgewebview2.exe
3988	msedgewebview2.exe
3908	msedgewebview2.exe
3392	MicrosoftEdgeUpdate.exe
1948	MicrosoftEdgeUpdate.exe
3896	MicrosoftEdgeUpdate.exe
4172	MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
1960	MicrosoftEdgeUpdate.exe
5180	MicrosoftEdgeUpdate.exe
2552	MicrosoftEdgeUpdate.exe
2744	MicrosoftEdgeUpdateComRegisterShell64.exe
5096	MicrosoftEdgeUpdateComRegisterShell64.exe
764	MicrosoftEdgeUpdateComRegisterShell64.exe
1304	MicrosoftEdgeUpdate.exe
1064	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe

Loads dropped DLL 64 IoCs

pid	Process
1548	MsiExec.exe
1548	MsiExec.exe
1716	MsiExec.exe
1716	MsiExec.exe
1716	MsiExec.exe
1716	MsiExec.exe
1716	MsiExec.exe
1936	MsiExec.exe
1936	MsiExec.exe
1936	MsiExec.exe
1548	MsiExec.exe
4480	MicrosoftEdgeUpdate.exe
3968	MicrosoftEdgeUpdate.exe
3444	MicrosoftEdgeUpdate.exe
3040	MicrosoftEdgeUpdateComRegisterShell64.exe
3444	MicrosoftEdgeUpdate.exe
3956	MicrosoftEdgeUpdateComRegisterShell64.exe
3444	MicrosoftEdgeUpdate.exe
3980	MicrosoftEdgeUpdateComRegisterShell64.exe
3444	MicrosoftEdgeUpdate.exe
1484	MicrosoftEdgeUpdate.exe
2116	MicrosoftEdgeUpdate.exe
4812	MicrosoftEdgeUpdate.exe
4812	MicrosoftEdgeUpdate.exe
2116	MicrosoftEdgeUpdate.exe
216	MicrosoftEdgeUpdate.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
1600	msedgewebview2.exe
4836	msedgewebview2.exe
1600	msedgewebview2.exe
1600	msedgewebview2.exe
1600	msedgewebview2.exe
1388	msedgewebview2.exe
4156	msedgewebview2.exe
1388	msedgewebview2.exe
4156	msedgewebview2.exe
3040	msedgewebview2.exe
3040	msedgewebview2.exe
1388	msedgewebview2.exe
5260	msedgewebview2.exe
1388	msedgewebview2.exe
1388	msedgewebview2.exe
1388	msedgewebview2.exe
5260	msedgewebview2.exe
5260	msedgewebview2.exe
1600	msedgewebview2.exe
5680	MicrosoftEdgeUpdate.exe
5584	RobloxPlayerBeta.exe
5096	msedgewebview2.exe
5096	msedgewebview2.exe
424	msedgewebview2.exe
424	msedgewebview2.exe
3996	msedgewebview2.exe
3996	msedgewebview2.exe
5424	msedgewebview2.exe
5424	msedgewebview2.exe
5424	msedgewebview2.exe
552	msedgewebview2.exe
552	msedgewebview2.exe
5632	msedgewebview2.exe
5632	msedgewebview2.exe
5204	msedgewebview2.exe

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/4048-3489-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3490-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3488-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3491-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3665-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3718-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral2/memory/4048-3731-0x0000000180000000-0x0000000181168000-memory.dmp	themida

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
41	3604	msiexec.exe
43	3604	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
213	pastebin.com
214	pastebin.com
57	pastebin.com
58	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 22 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
5584	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4048	Solara.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
5584	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\lib\utils\npm-usage.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npmrc.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\minipass-fetch\lib\headers.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\RedSpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\pylib\gyp\mac_tool.py	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChatV2\actions_editing_compose.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\BHO\ie_to_edge_bho_64.dll	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\config\lib\umask.js	msiexec.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Trust Protection Lists\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\Locales\hr.pak	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\gauge\lib\render-template.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\TerrainTools\mt_generate.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man7\dependency-selectors.7	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmpublish\lib\publish.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\DeveloperStorybook\Banner.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\fonts\GothamSSm-Bold.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\constants.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\make-fetch-happen\lib\agent.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\ExternalSite\qq.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\utf7.js	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\psuser.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tiny-relative-date\src\factory.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioSharedUI\TransparentWhiteImagePlaceholder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\buffer_list.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\SelfView\SelfView_icon_indicator_off.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\arborist\pruner.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Edge.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\SpeakerDark\Unmuted20.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar-frame-36x36.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChatV2\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-pick-manifest\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\strip-ansi\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmexec\lib\file-exists.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-cidr\LICENSE	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\installed-package-contents\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_5.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Locales\mr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\elevation_service.exe	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\shiftjis.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-convert\route.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\RoduxDevtools\ClearList.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\Controls\DesignSystem\DpadDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\configuring-npm\npm-shrinkwrap-json.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\just-diff-apply\index.cjs	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\particles\forcefield_vortex_color.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Gear.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_6.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@gar\promisify\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\npm-audit-report\lib\reporters\json.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\AvatarToolsShared\RoundedBackgroundRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\dxcompiler.dll	setup.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB433.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID4A1.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA73C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF8E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID039.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e57a400.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAF5E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB453.tmp	msiexec.exe
File created	C:\Windows\Installer\e57a404.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA76D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA76C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIADF6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID0C6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID22F.tmp	msiexec.exe
File created	C:\Windows\Installer\e57a400.msi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3896	MicrosoftEdgeUpdate.exe
1304	MicrosoftEdgeUpdate.exe
1484	MicrosoftEdgeUpdate.exe
216	MicrosoftEdgeUpdate.exe
5680	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2024	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5B532AFE1A6C6E24B99C208A5DF6C1CD\PackageCode = "347C7A52EDBDC9A498427C0BC7ABB536"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7931E4D-82F7-486C-9FFB-E44AB90B021F}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\corepack	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2388	Bootstrapper.exe
2388	Bootstrapper.exe
3604	msiexec.exe
3604	msiexec.exe
3944	Solara.exe
2124	chrome.exe
2124	chrome.exe
1560	RobloxPlayerInstaller.exe
1560	RobloxPlayerInstaller.exe
4480	MicrosoftEdgeUpdate.exe
4480	MicrosoftEdgeUpdate.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4048	Solara.exe
4480	MicrosoftEdgeUpdate.exe
4480	MicrosoftEdgeUpdate.exe
4480	MicrosoftEdgeUpdate.exe
4480	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
1600	msedgewebview2.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3648	WMIC.exe
Token: SeSecurityPrivilege	3648	WMIC.exe
Token: SeTakeOwnershipPrivilege	3648	WMIC.exe
Token: SeLoadDriverPrivilege	3648	WMIC.exe
Token: SeSystemProfilePrivilege	3648	WMIC.exe
Token: SeSystemtimePrivilege	3648	WMIC.exe
Token: SeProfSingleProcessPrivilege	3648	WMIC.exe
Token: SeIncBasePriorityPrivilege	3648	WMIC.exe
Token: SeCreatePagefilePrivilege	3648	WMIC.exe
Token: SeBackupPrivilege	3648	WMIC.exe
Token: SeRestorePrivilege	3648	WMIC.exe
Token: SeShutdownPrivilege	3648	WMIC.exe
Token: SeDebugPrivilege	3648	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3648	WMIC.exe
Token: SeRemoteShutdownPrivilege	3648	WMIC.exe
Token: SeUndockPrivilege	3648	WMIC.exe
Token: SeManageVolumePrivilege	3648	WMIC.exe
Token: 33	3648	WMIC.exe
Token: 34	3648	WMIC.exe
Token: 35	3648	WMIC.exe
Token: 36	3648	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3648	WMIC.exe
Token: SeSecurityPrivilege	3648	WMIC.exe
Token: SeTakeOwnershipPrivilege	3648	WMIC.exe
Token: SeLoadDriverPrivilege	3648	WMIC.exe
Token: SeSystemProfilePrivilege	3648	WMIC.exe
Token: SeSystemtimePrivilege	3648	WMIC.exe
Token: SeProfSingleProcessPrivilege	3648	WMIC.exe
Token: SeIncBasePriorityPrivilege	3648	WMIC.exe
Token: SeCreatePagefilePrivilege	3648	WMIC.exe
Token: SeBackupPrivilege	3648	WMIC.exe
Token: SeRestorePrivilege	3648	WMIC.exe
Token: SeShutdownPrivilege	3648	WMIC.exe
Token: SeDebugPrivilege	3648	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3648	WMIC.exe
Token: SeRemoteShutdownPrivilege	3648	WMIC.exe
Token: SeUndockPrivilege	3648	WMIC.exe
Token: SeManageVolumePrivilege	3648	WMIC.exe
Token: 33	3648	WMIC.exe
Token: 34	3648	WMIC.exe
Token: 35	3648	WMIC.exe
Token: 36	3648	WMIC.exe
Token: SeDebugPrivilege	2388	Bootstrapper.exe
Token: SeShutdownPrivilege	3516	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3516	msiexec.exe
Token: SeSecurityPrivilege	3604	msiexec.exe
Token: SeCreateTokenPrivilege	3516	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3516	msiexec.exe
Token: SeLockMemoryPrivilege	3516	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3516	msiexec.exe
Token: SeMachineAccountPrivilege	3516	msiexec.exe
Token: SeTcbPrivilege	3516	msiexec.exe
Token: SeSecurityPrivilege	3516	msiexec.exe
Token: SeTakeOwnershipPrivilege	3516	msiexec.exe
Token: SeLoadDriverPrivilege	3516	msiexec.exe
Token: SeSystemProfilePrivilege	3516	msiexec.exe
Token: SeSystemtimePrivilege	3516	msiexec.exe
Token: SeProfSingleProcessPrivilege	3516	msiexec.exe
Token: SeIncBasePriorityPrivilege	3516	msiexec.exe
Token: SeCreatePagefilePrivilege	3516	msiexec.exe
Token: SeCreatePermanentPrivilege	3516	msiexec.exe
Token: SeBackupPrivilege	3516	msiexec.exe
Token: SeRestorePrivilege	3516	msiexec.exe
Token: SeShutdownPrivilege	3516	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
4048	Solara.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
5584	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
5868	RobloxPlayerBeta.exe
1844	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1272	2388	Bootstrapper.exe	83
PID 2388 wrote to memory of 1272	2388	Bootstrapper.exe	83
PID 1272 wrote to memory of 2024	1272	cmd.exe	85
PID 1272 wrote to memory of 2024	1272	cmd.exe	85
PID 2388 wrote to memory of 2000	2388	Bootstrapper.exe	90
PID 2388 wrote to memory of 2000	2388	Bootstrapper.exe	90
PID 2000 wrote to memory of 3648	2000	cmd.exe	92
PID 2000 wrote to memory of 3648	2000	cmd.exe	92
PID 2388 wrote to memory of 3516	2388	Bootstrapper.exe	96
PID 2388 wrote to memory of 3516	2388	Bootstrapper.exe	96
PID 3604 wrote to memory of 1548	3604	msiexec.exe	99
PID 3604 wrote to memory of 1548	3604	msiexec.exe	99
PID 3604 wrote to memory of 1716	3604	msiexec.exe	100
PID 3604 wrote to memory of 1716	3604	msiexec.exe	100
PID 3604 wrote to memory of 1716	3604	msiexec.exe	100
PID 3604 wrote to memory of 1936	3604	msiexec.exe	101
PID 3604 wrote to memory of 1936	3604	msiexec.exe	101
PID 3604 wrote to memory of 1936	3604	msiexec.exe	101
PID 1936 wrote to memory of 4832	1936	MsiExec.exe	102
PID 1936 wrote to memory of 4832	1936	MsiExec.exe	102
PID 1936 wrote to memory of 4832	1936	MsiExec.exe	102
PID 4832 wrote to memory of 448	4832	wevtutil.exe	104
PID 4832 wrote to memory of 448	4832	wevtutil.exe	104
PID 2388 wrote to memory of 3944	2388	Bootstrapper.exe	107
PID 2388 wrote to memory of 3944	2388	Bootstrapper.exe	107
PID 2124 wrote to memory of 3304	2124	chrome.exe	121
PID 2124 wrote to memory of 3304	2124	chrome.exe	121
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 3768	2124	chrome.exe	122
PID 2124 wrote to memory of 4376	2124	chrome.exe	123
PID 2124 wrote to memory of 4376	2124	chrome.exe	123
PID 2124 wrote to memory of 4732	2124	chrome.exe	124
PID 2124 wrote to memory of 4732	2124	chrome.exe	124
PID 2124 wrote to memory of 4732	2124	chrome.exe	124
PID 2124 wrote to memory of 4732	2124	chrome.exe	124
PID 2124 wrote to memory of 4732	2124	chrome.exe	124

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

cURL User-Agent 9 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	231	curl/8.9.1-DEV
HTTP User-Agent header	566	curl/8.9.1-DEV
HTTP User-Agent header	224	curl/8.9.1-DEV
HTTP User-Agent header	229	curl/8.9.1-DEV
HTTP User-Agent header	232	curl/8.9.1-DEV
HTTP User-Agent header	233	curl/8.9.1-DEV
HTTP User-Agent header	352	curl/8.9.1-DEV
HTTP User-Agent header	396	curl/8.9.1-DEV
HTTP User-Agent header	220	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1272
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2024
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3648
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3516
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3944

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 26CF2F33A8627DB2FEC384E48FA71962
  2⤵
  - Loads dropped DLL
  PID:1548
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 33C72029501D6C982A5975847BAB2222
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1716
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D12FDA89740CA20813A22EB16628F6DE E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xc4,0x124,0x7ffd56a8cc40,0x7ffd56a8cc4c,0x7ffd56a8cc58
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3436,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5224,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3240,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5420,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5428,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2300
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:4168
  - - C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4480
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3968
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3444
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3040
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3956
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3980
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDkxQTgzNDItNTEzRC00MTgzLUJGRTQtNzQxOTM0QzBBNjNEfSIgdXNlcmlkPSJ7N0JBRDIzNDEtMkVDNy00RDBGLUE5RjUtQ0I1MjMyMUVCNEVGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNDkzNTIwRS1DMTUxLTQzQUItQkQyQy03REZFMjZCNEQxQTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzExNDEwMzE4IiBpbnN0YWxsX3RpbWVfbXM9IjUyOSIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1484
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{491A8342-513D-4183-BFE4-741934C0A63D}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2116
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1560
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4696,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4532,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5472,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5232,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5512,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4636,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3360,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6268,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:s2rC3AJzZ_R8u92yJnihtzVFSk7IvjmF47cjHGeGL9fJ9toL_p6KMvzTZd-6-v_KFK94J5X3Kxc0vIfvZGvk87ZBdTS0l2vSRfzALuPk7mSWmLyjKRxX30SKlK7E1TDy6Pj9TsT8XYw19vk2RmXEkYIGtR8XyFhXcHoCzJepXZGnq7S-fZ_qpWxVW4lGVyKhpzrCFzIY3jNFl9oxNMCccaOj1oNlv1-gXYmQFBQCGo8+launchtime:1732551247401+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2Fes%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732550679319001%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De89d9d9b-d9ca-463e-9666-b351c70c7883%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732550679319001+robloxLocale:es_es+gameLocale:es_es+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5556,i,1600743552153713046,8058615085595202029,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:RMzMgPaHJKs7e6BaqaZKQJDXSulKTrAxVXXFC3kGOws5cmJdw9ldrtPR9jZ9a2ZgLK0ZrBb5TRj0BeRi8iAOQbSY34rG_o7-eHsO26PpkFBc6VLAqeLZqkq7sc_he9SGdSNTB5KYCinSj6RhNtdzLJTC9NPMaXnb1nsWkiL1t-yXpIv1hSgvwIqNavI8dbleyiCf5jzEEeXgzLi2offMJ9aFRQUKxS9Kl3WC97IJLqo+launchtime:1732551273269+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2Fes%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732550679319001%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Ded5cc80f-b339-46f0-9501-52108590660b%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732550679319001+robloxLocale:es_es+gameLocale:es_es+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:5868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5080

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4812
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDkxQTgzNDItNTEzRC00MTgzLUJGRTQtNzQxOTM0QzBBNjNEfSIgdXNlcmlkPSJ7N0JBRDIzNDEtMkVDNy00RDBGLUE5RjUtQ0I1MjMyMUVCNEVGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2REZFQTk4NS1EODdGLTQ4MEItODI5My1DMUQ4RDdEMDlCMTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczMTYzODAzMjYiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:216
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\MicrosoftEdge_X64_131.0.2903.63.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\MicrosoftEdge_X64_131.0.2903.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:4976
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\EDGEMITMP_CCF8C.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\EDGEMITMP_CCF8C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\MicrosoftEdge_X64_131.0.2903.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:1608
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\EDGEMITMP_CCF8C.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\EDGEMITMP_CCF8C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A6D012DF-F9C3-40DA-8E26-99E50E84030B}\EDGEMITMP_CCF8C.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.63 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff73b612918,0x7ff73b612924,0x7ff73b612930
      4⤵
      Executes dropped EXE
      PID:1556
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDkxQTgzNDItNTEzRC00MTgzLUJGRTQtNzQxOTM0QzBBNjNEfSIgdXNlcmlkPSJ7N0JBRDIzNDEtMkVDNy00RDBGLUE5RjUtQ0I1MjMyMUVCNEVGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntERUY5OENCRC04QUQwLTRCODctQjJCNy03OTE1RkVCRjZDRTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy42MyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzMzMDM4MDI3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczMzA1MTA2ODUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Njk1NDUwMzM3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9jYjIzYTlhMS04OGU3LTQxYWUtOTUxMC1kYjkzODg0M2JlNzM_UDE9MTczMzE1NTUyNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1OTiUyZlMlMmJ0dGRjTFJMckhTVXBETWMxRUllakYzdndOeGlHTTJGSWF1RWclMmJhWFUlMmZ4M2dpZ2FDRUlITzBYZGQwRW9uZmtmWGdjcEFScXZUbXFBdHNENEtBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NTc4MTQ0IiB0b3RhbD0iMTc2NTc4MTQ0IiBkb3dubG9hZF90aW1lX21zPSIyOTg3MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2OTU1MzAzOTEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzE5MDUwNDA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzQ1MDgwMjg1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTkyIiBkb3dubG9hZF90aW1lX21zPSIzNjQ5OCIgZG93bmxvYWRlZD0iMTc2NTc4MTQ0IiB0b3RhbD0iMTc2NTc4MTQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MjYwMSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3568

C:\ProgramData\Solara\Solara.exe
"C:\ProgramData\Solara\Solara.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4048
- C:\Program Files\nodejs\node.exe
  "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 71fdaa2c68164831
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:964
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4048.2892.4338885731436327268
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:1600
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.63 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffd34db6070,0x7ffd34db607c,0x7ffd34db6088
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4836
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1836,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1388
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1908,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4156
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2392,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3040
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3652,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1232,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5092,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:424
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5048,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3996
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4412,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5424
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5040,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:552
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4608,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5632
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5100,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5204
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4856,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3988
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5108,i,15692543485530521905,2923763205150697724,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3908

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:3392

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1948
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B2BABB73-17C1-47BB-8CEC-918B0BF25AE1}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B2BABB73-17C1-47BB-8CEC-918B0BF25AE1}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{C98C6C30-70C6-4E7F-8434-E5C8952F8B51}"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4172
- - C:\Program Files (x86)\Microsoft\Temp\EUDCF6.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUDCF6.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{C98C6C30-70C6-4E7F-8434-E5C8952F8B51}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    PID:1960
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5180
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2552
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2744
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:764
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qzk4QzZDMzAtNzBDNi00RTdGLTg0MzQtRTVDODk1MkY4QjUxfSIgdXNlcmlkPSJ7N0JBRDIzNDEtMkVDNy00RDBGLUE5RjUtQ0I1MjMyMUVCNEVGfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NEFCMzVEM0EtRTIyRi00ODU0LTg2QjctQzhFNEY5QzZEMkIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzMyNTUwNzIyIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg1MzM4NDg3NCIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1304
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qzk4QzZDMzAtNzBDNi00RTdGLTg0MzQtRTVDODk1MkY4QjUxfSIgdXNlcmlkPSJ7N0JBRDIzNDEtMkVDNy00RDBGLUE5RjUtQ0I1MjMyMUVCNEVGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2MzcwQ0QyMS02MzlBLTRGNTctOUYyNy1BQ0VFQzUwRTAzRjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgyNTIzNjk0MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgyNTMxODg3MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4MzY2MzcxMjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczMzE1NTg3NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1NbHVIcGdNcjRsY21JNFNxR1JzZWd2YTFUdFZOdUdyTVVmT21Wb0pvM21qQ1RIZFQ0ZzNLYlVkeGNnc1MlMmJqa3JYWExub25ISDMzOHBMbCUyZllpVGJaMnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iNCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgzNjYzNzEyOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMTdiNzUyMjMtYTM1ZS00NDRhLTgwZDQtYmI5ODljY2YyZjczP1AxPTE3MzMxNTU4NzQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TWx1SHBnTXI0bGNtSTRTcUdSc2VndmExVHRWTnVHck1VZk9tVm9KbzNtakNUSGRUNGczS2JVZHhjZ3NTJTJiamtyWFhMbm9uSEgzMzhwTGwlMmZZaVRiWjJ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1MzMyOCIgdG90YWw9IjE2NTMzMjgiIGRvd25sb2FkX3RpbWVfbXM9Ijk5NCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgzNjYzNzEyOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg0MTg3OTcyOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9IjQ5IiByZD0iNjQ4OSIgcGluZ19mcmVzaG5lc3M9IntDMUIyNTA1Ny1GRjY3LTRCNEItQTQzMi0wNjZBMkU2REZBMjJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzY5MjM0Nzg1NzQ0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjQ5IiByPSI0OSIgYWQ9IjY0ODkiIHJkPSI2NDg5IiBwaW5nX2ZyZXNobmVzcz0ie0NDQkQyQzA3LTJGRjAtNDZEQS1CMDI0LTIzMDc3NkQxQkNDOX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMxLjAuMjkwMy42MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjUzOCIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzcwMjQ0MDU1NzUxMTAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins1REVEODcxOC0wRDRGLTQyNzctQUE4Qi1ENEJFNTE5RDRGNzF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3896

C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:1844

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57a403.rbs

Filesize
1.0MB

MD5
2087b91c08f3b1ac1468beacfdd74fe8

SHA1
8c8ebc261bd8d66a2acdc2835b5c401a4356116a

SHA256
cca369bf6888051d07b56266af8a5509fbd1dd933f0a09eddb25f22bd9cb9f4d

SHA512
b781d189c98e6caa4f36914df7a8b26470674010af9db0470f400d8072d9f36b319508b6a4e11fb8d6ef553300a00ad382ca6e7a49ae571133ae287f4d04a3cc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.63\Installer\setup.exe

Filesize
6.6MB

MD5
ce03c15ce3be6b0cb6f6300e3e49aebe

SHA1
cc0710461ca0b8c67edbaec47676af8d729ccec1

SHA256
ceaabd1ad8ac7bab2fb440acc35857134cf6176e74159710b0e8c2c8b376cf52

SHA512
4f125ff16c2fe7a4e6c7b1cb9e1be15162091bdea54d4c6ef554047400a9fa61340564218af8255a8aece0dd93c00fed7c40690f58622ce9034307acaba5f4f9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe

Filesize
1.6MB

MD5
2516fc0d4a197f047e76f210da921f98

SHA1
2a929920af93024e8541e9f345d623373618b249

SHA256
fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c

SHA512
1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU758A.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.8MB

MD5
ee40308e2ffbc9001db2324ff6420492

SHA1
47cabfe872311f65534cbd4b87d707ccdef559d1

SHA256
38cd32dedb5c8c2af8ecd56827af5b4477a4b9ca3e518199d389a261baa999a5

SHA512
5f5fd0db005d49d63eaa81b288d2d6d40ce9c84cafd1c75d33723e47f23341d5ff254c2ed6274790242ad53f5360467d121cf1196ec7a073d4506166248041c3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
0b4fbb516f20ae10e42adab63bd3aa29

SHA1
e973e72b53ab4daa9668aed90c895538c0986b2a

SHA256
4e87df02c70a580152d48c6305213cae92a723cb797127d43486141a87dfd5dd

SHA512
b3cdb03e9f4d63108d2ec2731e11665d02dda0694b6745d9b5ebd8d1206684e2d401e18fafcd6eea5b79affb0027c2fde532c6b109fed20ce8169cb8ffb11ffd

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_11093604\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1532999259\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1683559677\manifest.json

Filesize
102B

MD5
b3b44a03c34b2073a11aedbf7ff45827

SHA1
c35c52cc86d64e3ae31efe9ef4a59c8bdce5e694

SHA256
e3649c54fd5e44cbb5ba80ef343c91fd6d314c4a2660f4a82ec9409eea165aa7

SHA512
efa957a1979d4c815ecb91e01d17fa14f51fafdde1ab77ba78ea000ca13ec2d768f57a969aaf6260e8fd68820fd294da712f734753c0c0eda58577fe86cfe2c5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1840613564\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1840613564\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1840613564\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_1840613564\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_260678497\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_76015557\manifest.fingerprint

Filesize
66B

MD5
0c9218609241dbaa26eba66d5aaf08ab

SHA1
31f1437c07241e5f075268212c11a566ceb514ec

SHA256
52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

SHA512
5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_76015557\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1600_870103650\manifest.json

Filesize
80B

MD5
077da41a01dde0173ebbf70d3b7210e2

SHA1
4b3c3deeb9522ca4ef4e42efcf63b2674f6a5c07

SHA256
23bed5c8ebea0c376483374bad7baf633a7e52f3e0a609371c518e06e645bda0

SHA512
2822d02e2b3c6306e6d71fa62e7f472b4c3cdf0cbe499b70ac60a0a50e547ed47c394d7de88bbef2e6015920442b9d30cbc0d6869d154e02ec251712f918deec

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
89KB

MD5
953b89e05d13cbc9c4f4678209c28051

SHA1
72538375a33f88d7db8b90c02e9d54396f64d464

SHA256
86d6f365da81586d9b011592dcebdca3064f68483d55897df577d613aea3618e

SHA512
d1e10249cc1f9a8e686f5450f02e33bf2dac44bfc383f528a8aa20ee1b92b0dd3bd7419ef223390822253743d23bc26ab48ac2368e944280e5d2c96371189825

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
45e0eb8af4ac575df8ab1685725efe67

SHA1
e570c4b9e6f38e7557e4f511c781759d4e49bd6a

SHA256
a07034c6ec2fedf23dd572e07ab57923bef7cf150836f2f73fb8b583dcbac7cb

SHA512
592a1e9729786c36c3209178c0dd8e5b7e4720a59d09cf03a854b29101fcd4c24f97459fc1ee12220e80d3ef64c77416d02d541fc1c5c12ef9242fcb7b92d305

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
74162248d4e09e0a9001c1df9f828b32

SHA1
4c83885034929c0411dad075829727bae7aabcfd

SHA256
b0bc92a671226ebd6cbc7665c0c2c1c28aacb6dbc096891fd227b6f5afd749c4

SHA512
ef049a77ee9c0dbe1b52d2a30a341d1f1c705a7ae1aeef45d90c20b30828475012c8e33ccb6e439d1c9f3769c8d17ca1780d8c04517741d09af76c396347067b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5dcfe5.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
83e2a689267ff4214e1a00fd23d07594

SHA1
4a0a59e0e3950b782003de51f0da028f7e03eb65

SHA256
5536edc2fea72630c52dfa4e8b89f724f6b93f1a5ca0783048675848a9df475c

SHA512
d4ede0273f0f47815392cbfce2a0b7f75f685cbe10867d6c2997ebba27d3b2caf16fee6fc744cc86112152bf4083d79fc17f2bf004c4422f60051a3ed3cb7100

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\a574b344-01f6-40ed-9e16-54dc453c350b.tmp

Filesize
6KB

MD5
f7c431b3990de0eb54c549badea72601

SHA1
50f41da91d980086eb43ddcf41583bec7b583686

SHA256
188b26b80b2a4511817f48cc63520e8c339f16124f53eb70188ed94cc2f26031

SHA512
b6ae4ab02087c90530ad2c8e66fef0ebad556943879ef8dbe471d4514f53e63a67b07fee405de8a90c4a75fba1a9dd1fca5e6b6b96fb7ce65624c1d1d6b984ac

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
dacbc2b529f65d155f7ba779dd6b9b81

SHA1
0d6fd289e145ad1776239b93f40e92a8eedb9663

SHA256
3cd31da900a0380a948f9d4466775d1b1d2d289df87a580948acf4fcca3afc3c

SHA512
4e9690bb761d3e5cd8c64e21fbd8243c22183f06e67a49e4eff56303c828843ac23b8fd74d14bcf83e37aafb7f2d5e0ca72ff6a946c8928a2ac2470dfb3a260f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
3434e194c20c75f0cab301524e4923e3

SHA1
1004252103fc1ca62ec8d834258cc8a7cf5456de

SHA256
786d193fd49c6db4974b86f3d617e918dbefe113969b1b0353be20ffaa8a3f38

SHA512
c3bf93580526b6a7f31afba32fa6f1f16696076426c8e743e157230a2347048911e66ef9908a3c5a4cf05263563316a2445ea6cf99e191cc0dce91102fb11aaf

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
eba3cfa1b65c74c367ca3500dcfb3b94

SHA1
d77f23afd8f43f196da133bad849d47f5267fd95

SHA256
7c8d276d162cf2b5a71a1a70e6bbceb803b3207e818dc7228efb15d86b9cdc3a

SHA512
fce11e43e4062918886f4dd539e95076ecf67f924dd02197b3d9b7730d59a9bca0bc87e911416127be0a12110528a32e8c0d9ae0bb6bec0951c0df9c92d2a9b5

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
f3b27bd86495d40510e42ba4bdea13af

SHA1
5b781f82583b541ed5d338358c215ebbc34bc705

SHA256
43d403ec81be8420a50670d5df16a3fd2f3b57b5216867fe3f4bb1821c77d336

SHA512
9d11023c62ff8e4ae85ce02beed4579adc0178e93b76c81c7c1c959f921942cf3c6bc2b17b5448721bd183b83ab1e96142191c8fd5ca94832ebed11210205dd2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
ba9fd2e193b96fd61814b4798435b3a1

SHA1
d7ce345f53a339aa8f3d2fec82f2714c5fecb406

SHA256
93919a948ad37deb62c514abfb9e80b0d18364a8df6a420787eb923518857ff9

SHA512
d9c6e9f6d95b1b7ce77dd4d39b33c3680e6dd8c61878c569bad49ee2c45cdee1c4dc89e9093f2d517581ef8b79e373e17cda50351eba11af7a706eb39225afb3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
8ef6d8b34046aa13a784764af626113a

SHA1
a05a9c88134618dafacd1c06217093ce3bf24030

SHA256
6ded5bd86d63c089acd26e9cfc7578535f828d8297158f06892d2265244bdea9

SHA512
148058313437b5477263e0e0e589246a013b50a5650621cbd3693d969b14a4885235e5d2e28386e6f8aad7eb0a687560269f00a900023bb01e25d919e3a4d703

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
18KB

MD5
15a768434264c50ac57f97ea2cca9588

SHA1
2124d3ae59c4629c76143825bc0141efcf45c3a9

SHA256
cfc65ef231a5fa70ba46666934d306cabbf9a47607f295df5d1f9b44f0a7ed9a

SHA512
0d01155130b99d552a74f6720d9772f161e248425a3fd63681d1fc98728d2a74f29b44f13812b20e540228bc39f8879704e60f31c9bebe4945cfa5d49e5fe6e9

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5cbe18.TMP

Filesize
1KB

MD5
438266373bcc22005be5df8e3c315b43

SHA1
64037235e3819fa345a34a68e672eecbf7f3a7ac

SHA256
dc820815f35e650facd80e96788239b4ec76cdf24da44adc586669a66f6e0773

SHA512
d8007cd5feb882db4dd689334ef0d972cf4815553fc6a5ba4ad9687351748a3c5bf80749d3841c079b019cc78dce01f833c73bb2871d9452ff92bf49330a2d8b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\crs.pb

Filesize
289KB

MD5
5533fc3f4c1820b787df3ec6fdc2ef1a

SHA1
f39ff89fcc1af711e8127c52ba55c8ad347e84a2

SHA256
56711adeba4ecafe298eab09cf0ef2f1d7f3260a2aa4366b927029781d270938

SHA512
5194c0562b8cb8e23fde7b561b00dd6bed93782f2e9253324a8e8ef05b69b66a549f2061ff3a9010a73a1412cc64889bc93931d0f212b8a68e39838dabd8e811

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\ct_config.pb

Filesize
10KB

MD5
f9d04f6b65d1a463f1a01ec39b77622c

SHA1
8f13311afc943d362dbb332b1c0fb289a722547f

SHA256
b42a2649782caefe33aa7f546a02b69bb292a0d4c8ca48602bd9c8dc623b3588

SHA512
16b6419a5d1848abbc668fff08b767af3e01abd71a94341baad7344c0dafa5951ba8e3bbe8561d79fecab03b720e0293e22b49659961d82587d3c7956addd71a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\PKIMetadata\14.0.0.1\kp_pinslist.pb

Filesize
11KB

MD5
fb4c5e847d5f30be002702ffab8e928a

SHA1
30adae5ee6799e233e29cb6825bde492ae6dea98

SHA256
2fa10f05494714d062dbac514989f544036509e4181af8352bf7f8c3b7ff2fe0

SHA512
6c0792c37f44835a10e412dc889e64bfb740337c0a94ae360149c7987216cee168f4b70a428fa9a63a99fa0d35640727450e1fcde735b42c6108ee3f9457f72f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\TrustTokenKeyCommitments\2024.10.11.1\keys.json

Filesize
6KB

MD5
052b398cc49648660aaff778d897c6de

SHA1
d4fdd81f2ee4c8a4572affbfd1830a0c574a8715

SHA256
47ec07ddf9bbd0082b3a2dfea39491090e73a09106945982e395a9f3cb6d88ae

SHA512
ed53d0804a2ef1bc779af76aa39f5eb8ce2edc7f301f365eeaa0cf5a9ab49f2a21a24f52dd0eb07c480078ce2dd03c7fbb088082aea9b7cdd88a6482ae072037

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fed55240e912790abe48676049c4ff25

SHA1
c74cafe3ce05d2b89d52414aa436372b9953c157

SHA256
795c63efcd9b74542173ee8a2149c9799f71f7ce4dc65ad207173f46269a7e44

SHA512
b252f6cdc23c6112afdf1f8c58307613222985f733dd8d10a28b82f632a4a888d5342ce0df74c25dfc1892988e37540fc35f136ea6b6cafe093084e85767cacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
43KB

MD5
70f6a1e1f287ec962c89fb8e4ed38bce

SHA1
65fc137952b567815f00e45e5c1bf7e1de661b72

SHA256
1b455a005fd6d5dc5d8239834e08a68437761ad748ae521df0504c7b2f134907

SHA512
bc21c6d2a568b410d1ebf9d3c7313c06dc7106d0dad4cb2dce050c6de6775fd0cd5183a71b8e3c6cd4dc7d1cf2fdef34e790bebef50b5419ac5ca6eb9abb4820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
26KB

MD5
66e255d64273467cb15d55c884a72f60

SHA1
1490c48e53877dc6a65593088158a04fc07214b6

SHA256
39808623b7274283cf711b9e5f11cf3a59cdee15d5f858b89bab72867398a0ee

SHA512
4c71b3984643d7577c12c24012def36e4abb47b9d5199f8c1a58981879270ff0f76c65b2e2371bf36235fec4920178d3ab0bf77ef111ef991710f485ed1c7015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
44KB

MD5
0654d3fada1f1d0473eec1b0307cd5d5

SHA1
c10547a29c8ae5be2d442f48f46e9759ee256210

SHA256
24f7937ef51d5d77301ac1b1199050c47680b2743467eb57ab50dab265399d2e

SHA512
35550185bb28374b0c19a0c638b02bc1f262c965b0c2943807f20c0114b35ecc57bf7e6be3fdec7eee66f310424e9283998ce44135ff1d13876d069efa7d4298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
80KB

MD5
7709df8d1b6e4a7c63a277a0be2148b4

SHA1
00095ad0403200a706477182c9396124ac780893

SHA256
f01d23a26eb64617f657fc3cdc84828636896a024c1c5b56c75af8984041add6

SHA512
807f4c9cb4aee50c37ec411eb21855c262e165f4159be021b533d96601a1ff52d6c2a210cd7cd54e5676979fd332b3ed6a6772db308dad333afcc99720f4cbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
39KB

MD5
ef5fcc83ee6fb28f06e5503b2b016806

SHA1
9e571e76dfe624d7210aad95d78781cbf15a7079

SHA256
32007d4c9efc9889da70175f2624321aa8fddd12a5dd92ecf49de941d966e7fe

SHA512
4d260e5ea65f189a97637d04bd237ead2709567c7b31ff48688bbda82cc0240d0063f9c9036d79cf8879103c0bae0f288ddb1a156af30f85cb14a57fc83677f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
76KB

MD5
3315a2f404f093d0965f7f8a408fe0a8

SHA1
fbb58e17237b5433c0396c6db7d651269628f2b4

SHA256
94fa01c66fd00f3c66c5fda6d06b737176a21c4f37e685158cd2676fbd0e2901

SHA512
d393b27f8d4bc134058b12a3bda2d6442375da304ec3242ef1023fd47c558ffb3264f0a4d6cbdb2d2d6a6ba3b22a5d4fa8ccf4ec7cf26cb569544eadf9920a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000153

Filesize
19KB

MD5
658fd648cc7ec9dadedf28fcfae193ec

SHA1
a1c38f7a634fc1582c788190b8ca2074a36c6e25

SHA256
8cbb3dec54b9db6c1906eac6e4488a0fef259d0b1807bcf8caa66ed4904db56d

SHA512
9c582896741c9dabd5148857b8cdee6f663eaab6cb363a5b0ebe6952e5747dc6da05dc950cc289b6cbea4855555061375e419c847988d3102f5979f8ce716c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ed041467a83339b67e61ed9cb039dbd

SHA1
b86cf89668221f5e889bd30decc7f0437f05a9f0

SHA256
9addd68b8b731cb2fa4b36526aeddc733fe5361f53b3fa649b99362f4f1382b7

SHA512
1299c80ea6f9cf3773c02ab572cc645a3cf25086a89c0bae34ffb0f6a81e4a9e932ff24a3ae712e8af1e6541606cea2b667407e2059a5861180197e131791684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
269c9796d2d0d1c6e23b76e43df8c40e

SHA1
f1c7af48bbcb81b83b2a849a90845002868a9f62

SHA256
f3d49667927020e92101efc9fe3ad19b0c967bd51dd2d1a13b42380b75658b8b

SHA512
18eaef5fb29c79e2dd3d59463f42c490f531efbea4ff0f28717dc2da7b5d1b689be8f88fdada16e93d100cd0017940b0a38a49185c17de94bfb90b790fb303c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
612f5e3d6383e0c670f03dc19cdeeaa1

SHA1
2973f043eeeef55535a1b24c98cba2a42eab1f72

SHA256
6cdec53d7372a05e579c7f71d14701981cf4a0ea48c47c378cb80667f6bea1d8

SHA512
14096e24a5a5e7f8d895abe25aab00eda8e84938abdf22150787f5d1302e7abaa3f84a476f28483cf81f2a297219db466b73e54b319f22fb190faf0b1a781e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
082b85b96ae35b28b05b46834b6711ca

SHA1
6b095d4e924068329852660005f995cb7000070a

SHA256
887ee550a8079cc3dcb61dd41296ead7920835d066ebdfc1328c430102744afd

SHA512
9b52b63bac342078e0c6b215f2dd24d928bb93f6678a5d3815dc89c7b41123d4a4601a18366b4e34325d8c4059d6c0ac8eb76d21de608009fb415cb46407a1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
f154c30a6dff273548eaeac837dd6f11

SHA1
ff31509fb1f5c718b277e357c19413969cef2267

SHA256
f71a675cb031665ff7ab9a68b161ff6255cc20c0b6837b941838d23db839e085

SHA512
cf07433e769a5af0c8b24ab4d785ab914cd7fd5b89562ca805e799e3dc725cb25be045f5ec668f2f6c100db3bf060f29200c4098b639b2c4abd043b007c484ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
436825ba5f0b738b66ef6cd4518ed221

SHA1
9e20db7b2d0685c65c09ec0448a68b49199d2632

SHA256
4f8bdd838ed43bbe0276d5935906d119239bcd0868d13c988862c4d51870284c

SHA512
9c309162509f3433cffdd5b8b5cd77bac2e62d06a1438072eb4809437813a2af56d2de955e42f4412c088451a4742e71c19cb25943b3bae2e30bd953dfb1d4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e9880999c96058e8c8a476cf5e58f866

SHA1
c661c35a1bd98e23ab15be59bce53332fdb5b723

SHA256
9e778be8edebcbdd6c56cbacac2b348a54123c928c93df070c2766a35f84e09a

SHA512
e574f86857d77a12b34e8e6037ee0c1348a7b5192c1c27293ef0e63bcecb154f8c90c245f7e1152b09866b158625660a94cab31425082a75994c24561a85a9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
b3ec210b162a2e12643d5c4fd1ce5913

SHA1
06de7d9e24a154f83518db1859dbf4f0106697af

SHA256
a602cd70b283f8d578b176622e250488c5087b53266b6104f34ba1851c63d10d

SHA512
a3aae09a77aae3d89758db11edd14b130759c01a77f6ad5c734f55311a44ac90cd4bc13156fc081b3762249022f9f14e26ed1d56a125f78149bfda04120c577b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
722d2d504846ca6ca35ea7304bb54f7b

SHA1
82a4150203e03e2a125c2312a410828424797929

SHA256
1b348f8778ae6c039b27716d61e47e2146ba0515520d2e7f230464c3cf4f5729

SHA512
7e49ae578d7ce5b0828b2221edbb47ad48042dd03c4653db57809082a9ca2cdf693e5a0626eb776cc3f2f16f0f9566f9d8731dd3985e038843b32ab869d1bde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
ce210c9695ca3085a34d50b51cb73fea

SHA1
103030a38f62123a28edea6a1bd2ea241a822ca2

SHA256
bbcc43f4ccb0166cd6e7e104a6e9b43079d9548177335bdfab30d240ca75549e

SHA512
292a1efcee2fd11f4316d991fc7460504625a402732740d7bf3c2281f5be7590bedaec1465bc93113ef55f7abe968bd91d1d65d763c02fa3bfd31178c89c2152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
f99990dcdd7baac259104e8b9122c47e

SHA1
ef76dbaba0f04103acf4d177aec7a23ae8644ddd

SHA256
5dba0caf5f5bcfdd107f1eb790090aea7635a672695db2dc46d6a9823bca0a90

SHA512
1eaf96899efede2800e0499a1684c576843eed4aca530b48a66310cf8e49015c1f9dfcaecbce5e77b18014364fe1835482f3dbbe36349a6aed2c1d2f41386f96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
6183d68ba0aedf7283c5cd9e2e504003

SHA1
ef006bca0326367a46dfbc0498d54bd92ae8dea1

SHA256
771edb0f5b4ecd2ef38446fd8d727736587ab893d432aeefa97194a5867e5136

SHA512
11b69f46a2d7ce30d15ac03602e5871fcc2f546820f5086b9cf8ac221b7e9af87c067acf466562db00c188682400d7f38b7f42d13a3955382ed0318f168d7acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
af1756ae04eba82f16ac819e0ebdfffc

SHA1
fd74f1029c826839362e2b745ccb72dc868606ce

SHA256
3cf6ecf306acc2ae7c5950e6535c107955206c095b9ee4fd8e923f5261590a7a

SHA512
af96ba19882620fcd2a7f9703b070cd10bc67f44f5da240e474f345702802d164a3662e204e3fd2f27f792546a3bd4f17c4fa46d6c814f090e5a1dfc61ca8166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
66360365791a8f52ccf798b29ca47f47

SHA1
fb732413fc7cbd6c54cdcdf3942296b73c554e31

SHA256
cbb5842855c28efd2cfef2758f3e476e43a83f159752440b6f2a93448ed92f24

SHA512
1fe982b15731e5bc04e7238aa877268d17dc1ac758924994e172addcfdc7c03cda9828140e016903b83cb32a75dda3937d84c62c2b2eca9a11b445c70aee8a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe60882f.TMP

Filesize
671B

MD5
8507c96ac78e5fd697e749212f87af44

SHA1
c7496286db5de631ee2d80a2ba347d0337425ce4

SHA256
1df4915ae3fe5857eb0f8b537815d54ec18e925ffeda2445a6110f437031a5a2

SHA512
71417c251c65d13333ddcfa1049ada03c0634d66d47c624dc77eb33c9d0f6eff74189692e74d694e3c3be9f2178828f9d5acc574b352e62e64086c29174d6d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
18098abe67c07da8ba82a28c4f645264

SHA1
2a97539499c4cd3ad0225d9a42c711f2c26fbc7f

SHA256
dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402

SHA512
8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0d5a722dc7a88cb421555d206fa63cc3

SHA1
5f3e44fced6f4ce9faa2b639c0943a6d257775db

SHA256
4484c713cd280ca8ee8c870ec90dd83b3d864268980a03c57293078116520519

SHA512
21ab809871aa7b37a878921d9df7eed79b8a334498d649ce7251d70d4575f0b38ca374fbe712d820ff0e7172d883e663c75fda414a6ba4811ce64e37dbfd58b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
67761620b2cdd5850539055a2bc5a3c6

SHA1
f9d6f46b835800acd60fb727556537f08ccda484

SHA256
2c2ad5a83c860dcf7c1e797b6c481078e942349dc592999f28bd7926f2f23eeb

SHA512
37a8badba29faf16bba4425696df8f013aee1421da0ce8a900524b1c4c0eef9c59e245013a8e1cf48d2ca611a6bb80d96f7430f2c4058693642ae3c1970850b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
2fa112fb560a627b70c4953a990ab9e7

SHA1
474203b3908f83639654dc2099c1c27a81c76c12

SHA256
2054eff0c03a84fdabf891e623d7163f4f238448e6ffb2df72ab02cced8f96c0

SHA512
7ea85b4007c4ad7c4b3d16bd83c6c6b0f4b969a754ef4c3f4a52f588d230310c648c67992041f82dccf6e594f6ea4335613f9a12abde9df9b8d7e12e34be76c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
95bea7fe01f2b2e8f18c2dde64c603aa

SHA1
1a92f0f7526dc2f687c3259aa484dd6066bfd3b0

SHA256
7f503c51a724948308fb4714eb954741b7fccd4c6e870ef349f9093f07d442f3

SHA512
22f56548fe44750027d42a8d2a71de985489d2216ecafc807afb3a1e7debac37bbde7cad7f02e7cd90c3d9eded852b5ffb3783c2d939819f9face6bd69869d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e836f688b18dbd1e89c11859cfae5ca2

SHA1
83db9a538596b936618927935f619675e6803e63

SHA256
6bb41a951ae1059f983f19020dca456181f322d288cba72284e21db8eade9141

SHA512
797e400cb260a5ac332a5ec309d91bec13936a19a6b75b9245710ba1ad1bf6daa2709bd0dbfe739cff5926c3025ca57b7266e4011eb1942fcae24b9f1299a137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
30a79476d494d033bacca460bfe9b30f

SHA1
d901837a5bbd29d52272d7f35e93697b236e8217

SHA256
4bd9dde3a12c16d1d8111770ee02bb72262659c1ded7ab4cac8f37823c4c4725

SHA512
6e469988775c4a42ed4700e562d31b2c83218ab0ec1c73f59cd70035449f450c63b3a52002cdae2c2087d9b7cddb156ebf9acf412017228a7637a7401a08275c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a17c399219769ae2481e443a7b90fec4

SHA1
ec92d1011249bf70759744084870901d6fb37801

SHA256
00343be1bf479d5d52dda06611ac9b48ba4325b453799835afa432baceedb6d1

SHA512
5b3c48c3fa40229d7b8c13adc583583a64ed4e33aa76293495261987d9b7501672546623ad81e211852b4b89998c6ea8f7b8673385726950ce7f3d8bb78cd908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa0a630c9b87a9a70ee6ac33edc2a9c1

SHA1
864c55d527f4991cb7ca993838d1479bd62be7f0

SHA256
bbd415227cd32e643fbdada446f46d2ee16620c1b0373f39e7e57dc5e226031f

SHA512
47cd1d18f06e3fceabd908b2082d05e18e3d1cab1432cde84c362c54f17a82f6cfe17c8433cc161ac9f0c8ac867d9723e491bc616210463f97c98781c701de43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1adda252e7bfacb4da1cb685ae11d60

SHA1
eba389d60e8c531248d7c733204b47311b0c8dd1

SHA256
b38e708d785a52d764fe60233ebf85934412a9a23b6f302029da08b5e5063ae1

SHA512
780d2993e7f6de8195d5a5be95c3c2f606ea290ddf18ce0d81da13a7e5f6103c3f633e0d31a4ae1414f383c1cf78642e2de4c78c78261d57ac3aa4f189b85ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1d9d4d859a9e17edbe36f5001e86d859

SHA1
d38e4044c030a9755f666ee47b1b3ffce1da96d9

SHA256
bdc04fcd3f1a217155c08a4f39932456bcb714703282d5ff56c6158e43982a60

SHA512
60d35e5d54010a783235b6e9166aaea42b4c1fbda13618076a4d5665227b2a87a459d1113fa9fa20d5a1bd4453ee709400e678b0583d815dacf85602a7b605bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ac0307a0bb3eaa8e66499469e31d90b0

SHA1
18e2508c8f6f2cf6bcf9e4a71aee0e330e572bd8

SHA256
0992dd4d3ff0f8fd333971a3f4b3d700aa2d4b722504dd5fc0b4468ad6d0a68d

SHA512
40e86b3ba052bee965e56e2dd55476df2695a4ebead6233d77e17226621cc2d64ca96986363c3cd9c617e1e3c71d8ec50da6005b9ef5e2bba4a1c65eaea66b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8cde52be3434c723e9f8f4673368c879

SHA1
dd11870d9be1e0ede095d4973f0cb6b7464ac805

SHA256
9f205a908060094983591d9ebeaf8cc86fe2560aa3c0a2f34f574f172d177b0c

SHA512
a2848e4e8008ff0164f4dafb686259dbd9e21af0c09fb5f8ea13cce10a43ef645932ed715be7e3a863a7621cba6f24c96a064dd25cf4be2b6763f9567fcc0c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41fabbdefcd1fed34f6dbad540493463

SHA1
81f0e7fce8c296f010c43f5eff7100665b2531b2

SHA256
159787bc6a71a384e2f1ef87dcafb88b2145df3582055f789052b1b5a821e0ba

SHA512
caaa59628517f218f8a7dcef615a546164c7cff0b1c2e6bba772af1fd6794d4fb3389420401a43a9fa17fd6adb710f9ee2de5d67fff6bdb7879d1033d79a31e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8175961453373836d69fda172441f243

SHA1
4bfda43dec3131e4854aed224fabfd11e94f5c8b

SHA256
da6505d125267dfaed0af4f9067f05511000372cf2dd867f30fcfe53718420ba

SHA512
9fe0aa26d187f9466ab71241bb7ba6b7dd4d13a6f8da34da884ee385435edff6624781692412484293427bd7a9a7d02037715efa574ca780cf550084fdfda180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf179804e6f8bf92abd3cdbe618a38ad

SHA1
460393c4a4196c9b77284ac0d0af57b31cb2b8cc

SHA256
da8c15c7800ad8de9e524a3bc8814a6aab32f146724387b753edb57971dbadb4

SHA512
7c121b1615b16d4675c84ad48b505986df6689759f1ea5dd8900198c6556f446224b799e9bd7da6087fcffabab202c749c9e1561b6a06ac67b1d8efb4fc98222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1546227d670339f942a82adeff8cc0d8

SHA1
8459e039670d5c2995b756242573e2b6bce8d698

SHA256
fb06cd67ada296fabfc70126628cd53c06092d9dbf0fe4921add52983f64c232

SHA512
9fab65df768fc3a32f1367c3efad396bcbf1734b11d61f8f18ac3270d17e48da9f806268cef06bfaab4471d8a97a3f1eed8bfc154b2f4dce8272b970c6f1c055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ac8c77d75342bc746f42c111b4d7f3db

SHA1
bb8bb4d6ae7a303a32f6ce747202f8b6345e537c

SHA256
9073bfb10185ca9aa6328acdd9728f9895242defb5a7aca4d5cb4f3974553ae8

SHA512
61a730ae82830590e4dfe1b441a66a11b1968b4aa57f01692ad0f3a5ba377cf88b312879529fd1f33c2b2c907117abb1e5cd26de7efb67904ebc0fc6315c5956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
27566afa53f78d282eb51014e1b07360

SHA1
c46114f2154f8382edc2b38e27e6cc3a4154b1ce

SHA256
2cb3461588ccd65a91bcf920275d7d928d5c33735966491c5d411372737bfb32

SHA512
2e763fce05635257dcb51ba080a998ad64ecb279f5802065f50d9394dd33bfc9635f5f7f502ab7603e366a6e231a96ed1bc364390cf875aba7f83c64656b72ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb9df9965f3798e187bd2e1e2308db9e

SHA1
359884318bc02dda075ae4f3893de89a18918048

SHA256
70b07aac17bd047d1cd500527a318a1b809aa2fd03168fc2707ff750b237afe3

SHA512
dc1740ecf09103768f4994ebcdda746154637eae8ca0dd5cd6bc9e734947877385e3b0e459f1c197cb6ad729198aa8dc47cc36322c24fde6104d026402a1649a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1379e26d8af7fb05227f5ba2ab8203e9

SHA1
e13f1e767d2ad96832237d56e5103a7ee4824daa

SHA256
ed45566bd4ede4cc7533b223f45e915d095f0aedf796489b9a91f9fc3f56fcf7

SHA512
5e1cb267adf1d17ac1222929afda218bd0894c53d203fce76bf27578d32dbbfe49276f98211f7ba7d4c8c94cdbe930691aba38d472a8e783fa506e10397e41c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52fd75f569dd392e24d83cbe26be59ab

SHA1
2528cd048c5a9f9f823fd888bdde7bc7cb15a929

SHA256
1fc9944051aa56af7b846e4365652e33af5da0a602f19f695c04e24f162d8311

SHA512
35f78b959d80af441a59f16a44d42752b6b5a85d805d0a394e6e85ebe5dceb0770492becd48a24f995090e68cb5434deb78d5e98c60ff3066968a9c42c0e0c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a502a6b9df2f55c99b023d94324fb39

SHA1
5207967a5dea777f029caa62fe83dcd2763b8767

SHA256
3090fd03642ffb822f304567f0044a2d84fc6ef3ca0d712f58cdcc6197652c9a

SHA512
aafcffaa20353e97cb4e4f59994f7879a4295008590446278198753169106bfc68114185116a5252a8da540eb55e5aeee4123f3b84e91939072ddedecf53a9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d98d02d2491172be78eea42ab677acf6

SHA1
900e4ef88e2493801f586ceee951a9e91a6a35f6

SHA256
8eb9ab7fba0d4ed1f70a4a2be2c9f43c10818d9d86c94d3a503c6f20f09c66e6

SHA512
6e17346b99b44fae55fc81beb4a58bff987132c75cb91bdd0080ffde1400fb686f673b2706822a7aa8c55acdb627f028864328d2623c6ce848fd6ca6596239fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
68ba21c8503b4e0dbffcb44dc7a39ce8

SHA1
0e0a82092c35b1de0e1fa0a59bd95eb521d9c38b

SHA256
51680d067a29b4809c593b26c5ae03c25a0ce206d26ff0fa029ffe2f7e33f6de

SHA512
774dcc3773b70ca6f7175dfcf8ad72fd142a51d2dd0b31bb6b2aee1eb102dee094c6de398943a86c7c03ba7126cbd653da593383bb19e4a5702ecb71ac921832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a4a70f3fd055b23540eeee9a61cf71eb

SHA1
de4ce02806b6c11153e963ba13da38cff9e8746b

SHA256
abe669c93f3d7bb34a52c677f2a64e26fc2b9b79eb8dae0030494f4d61486168

SHA512
fcef770bc01ea9ad7969230feceda961d516865bfa20d8d9bb3d1c5dd3b1699a7a70ece420b1a4730939da71a4b99255c9310c9d6293f9dd968c5e988ac29f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6d55bf6785e92b8740c4db7876758d66

SHA1
fb13ec6d398296c02da215e1438eccb38348fd1d

SHA256
96e4ef74ca5dea3d665c7f4a2bd21085cf9d06e5024d755fb22c02ed120daf36

SHA512
c99d7e8ac99bc0b6dfa0c915cd7d0a3ce16102ed83d08cadf89d26e58aad80e1fade90d34d5cdf722ee5f3927d6d5af5b8265d0ee8e2128dbe375e6b7dbea0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6d161ea85bd9af1e630379b7481bc573

SHA1
da654672943e8a02dbcf0ccdd8747980fab20328

SHA256
33941ad49f6bfaf0c2edef73e06176cd304bb4c5c4ed7d4793f10f4a22e1eb20

SHA512
bcb96efb60107e7bc0af4e5a5f754dc7db492b7726fbd96b15981d0412591133e67f8579db19897156342bda28b136d64dff098887b697468d649ee23a2609ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3e14403483d5e4d7f8962eb5487513a

SHA1
c1d5a12efe8ba0818e1af932f3357c6771c6faf9

SHA256
21d86d5d7d8f762fc9c637ffd0a56e9712826c8199b5d58ef8c6c8ecd5a26f46

SHA512
799d2b2d2d4229bfb9a96cc2b77692f6d2437b69cd3f2b006d9cff4e616315bdf332d6dd04d2d4ad019b247fc53fb7804df88796e028534d365df5506ac8b836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6260b1ee4e611b97192cd04cfedae868

SHA1
0efda9b21a4caca622778222b3d330c8ef919fb4

SHA256
baf64cea61001270c77b5a332869ccba0b3fa0b8473854eb6a9bf960fd6d2f70

SHA512
1409ac1d2a52f36186885248e91acbc49cfdf10a5b197834d41ca54d54ec97ff0f322927b710362bb4e9eb3cf3c2af550497928b3146d0cef31cc0ed5b1ac1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
475ecdbe79fe65ba09e6b08fd352c125

SHA1
191040aada7989814ef046cb4b9e98b563fc7f23

SHA256
d68fb1067dca86ea24d5cc5952f173ea6cc1d52550a28dabd7d9bec0de2d75df

SHA512
27bcec4a268f9cba736985d6b612972790f3b09438c2522f6e3b44d2ed078b553e10761843dc9b8e6afeef6cdb22305608e0ce43065eb25efc2cca482c58494a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8d87b736d88b0c6eb255881fea5511f1

SHA1
9139371c02f458c91e483d3e555212fa1c0bbb84

SHA256
920a2c3930ce305332fb29795e8cae200ee2be401c5c1ef6d23eeb63cb824600

SHA512
4b4a10f432ae6440c5b6c14fa605ece6512114a4bf10bf174869e54e8f27a19abbe51cdfc33e375453cab98046852f828d1d30f9c980d014d51e2407c9957d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3bca7f3fa7a687b8d69096e7c05f8aec

SHA1
5b3f55b72483d29f62595ae1a6ffbf0c4bb08329

SHA256
538b4737ec65200308a2ca20dd8acdb3a842929c5257b183abc4e92a30c42d48

SHA512
fe5359225fd68b3fb5969e61def67def197b11d5b1d590fd750b313c3fc067706cc13cef9481d52964c340c6e5030a4482849b3cc20493c9877ef86acb7050c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
89e686b57c3dec19173445cc15d97dca

SHA1
5eed8ab63ec8eb4e59c47cce544f1e169d77edc8

SHA256
5ba754265c298c8a94d1c138621f661baf40da81c840dba0bef8cec07d15412c

SHA512
751e0beea74d74e3539991ca4dc5622d996d530d1c653b135f7cd13c69a517f22baa32d20dbae00bdc59324386872d6c3b9811ccb2eb10785b427b8a7582bf38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6f05ef6e75fd353295850e7c44783a4d

SHA1
cd9a54fd0ff371afca93c3d5356b07152ca3fb50

SHA256
1d8b7808728ff3800c6e5e75cd57ef7ae3fcd09b7d4ae5c26d822e947b032c16

SHA512
519250e34906a85193f6df8f31bdeb2b9772ff34231ad3fbec4eed1ed4bf827dd01c65b7b2485ad8d5d9cb301b5e2051ae9e67162aa37149675d551fa2e61b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
58ea81da14b8217af585c709470f2d10

SHA1
b3647a030ded3e92df1be17c0db72fa293215330

SHA256
3d6d870fc39d39807b1186ae2dc9828199c80b135b3630331478fe3cb8c6e796

SHA512
1d808505e0f9362fe92ffe227c5337cbfdbaff6db3f51f14253c105d95149c23c06c1e22e6767d636d3874eb55b5a2abf22fda42c86ae04cdd47cb07affc62f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c2ceb48b381bb6637dc82bac7d08259

SHA1
80437116ce0d1080d17c1c6fb5270e85a5950202

SHA256
f6ce11ad37a28e3019d0f5cb028d32782767adccdc4d9d8279d16a084cb59d10

SHA512
c78c072c34e2bbb06ff00ef9be7a9059c911e07002897cd275c8a55a32d77baf0e03705ff37679f7fa705d0c6f7eaf831e2b0e6340237126fd3b61229a2296fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b87d06e5a3d637c98c2059117a33a46

SHA1
c0748a461b1648f7a7fa24e10e2d5fe7d362f949

SHA256
908b10dab35400b1e2469437799ad214eb7b189768580b7b4e06dbcc3d69f023

SHA512
34a94671c1f55d68ea06e95f28f856451c12089adfd148624a785a819ad6d07c9fb041248e6ea9666988d99bc69f229fbfeaa4ee014c523520c1a2a26d8b8c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eb2997b2a8b55a70f1836ee2de99f986

SHA1
74700413be255e42ea2d67181e920478d6598d43

SHA256
c9090c15fb921f524f1366a05fe2539786b6a0273cd97cbe417e5542f98b42aa

SHA512
bad129fe5dc4d7d40f56ffbeba955a2db6126a4ec67f80ac5c53568fad28abf2e493598a8d1dd93029241ee447db67171ee50e5e438725e4741e54aaaff3264d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e639bab7e2b5067b7a0ebb38dcced48

SHA1
01b51952661600343e2781f4bbdf82c98115dcc9

SHA256
48e514f68bdff405691b8ba304e3ef49591fed9e748d2b99e1e4b1aa88aff0a0

SHA512
daf824d5cb9eebf2b331bd0ead019059cad3748ecdac7ed682f6da31ff16f58bd4e25cae2e4366bbb5c9946266fee6dabcf9d22ec238ba4d4926e9abf82b0da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
65e40268f0dcf12569fab20e17d07f56

SHA1
cbf843fe0d243ba30b152143f6ff1caacba53cc7

SHA256
cfb0ff6e03f74a3c99e02a225996051b6ec6f6a277e0cebcf716904cdefd522b

SHA512
707636e150bdb8d0a13c3b73cbfb46b5464d6e0e76f2409f5c8a744022707614293171c1d9b7674ce8d130a4a8abe7f9f70fdb320e5fd1ba90ca20bc7b195627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9a97d0b562fe3fce3edcae9dc45eb4bc

SHA1
e22643bb54ef62b726d1408af630904e6d7f53d5

SHA256
4b066b336df26920e83f78879ce300d6cfe2694bea26310179aa47b1d046c058

SHA512
7eb80f01795c7353ad11cf494a034dbafe4129438460ef1cc1760445923238f5911c09da8af2774d667b708c3a87e5e179abffe0e1b9a9689a7e3d1de0813bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f621e5c5d18d7abb338df993b11552aa

SHA1
327a9ed7f9189172c941f24348f8abbcc3986891

SHA256
8aebae3290af9b5ffe8bf121dd059fc3ac931cc171ca942f13abedcb03629316

SHA512
f4b657e8efbf31fc11af5c65447b23c78fba487b8028de2174992d19374daf2d0559c59d5b2dd16e87c913b74dc17b5159ebfbc942696bb81b13ac6c34104a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
99ab59eaffe4a709f2c62526438ad0cf

SHA1
b5e7dbacea450a1467f45a49c8791b0aa8b4f8c6

SHA256
6e5482d17d06ac118672420144e9fddd6ff90a53ef3dc66955852d2b521e694e

SHA512
49548c3f807baa10361a3f6a1c7fc473d61853087d1e9b0a485364614a42d4ae7c9821dc867226c349fc007fa885a5bf2c7830f171d0f5b4acfe50b8d86b5b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e1cc63031e6d50f51362283f908b7dea

SHA1
d41bb953f0ea9437c96780717abec86cf1028ae1

SHA256
a7413548bb1f3011f2493a5db5df7fd864455a1575243e44f23376549e8489a2

SHA512
43c179663552b831b704f17e526a70b1deb08ba4d5e8539cd3f8c391a038f92de7de98daeada318a96e9fdeec6e3114f00bdf487fc1b61963266c7462410020a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
285d92b15f764e2db09e7a4820c65d9d

SHA1
fdaaa6a3e70574f570d7b242a13f364a3acec0f4

SHA256
bc6b90f6c17f17af5a99bd2204b39a0296659543da86bc18e02a54c7c49aa3aa

SHA512
55acdcebe7fb6b4bf8851a853246461501ad146567a09b0df444d079bc69db10d0b4bc7eb87afdb19e0242eb704f5d278921458cfbd09b1b519f0d423758cc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e58f0441c7947d660dcb1600da9819a

SHA1
c1c1892eadb54f3d3206960dbcd409269eb438dc

SHA256
9ca2e8670800c8e621eee4e0cd406e65f6e7af82dafb40c8cc12f48065fb5a87

SHA512
8a214365060f7a07cb8cacd47a6e615970dc688371065f0ff9ab505386aa0d54b8fb9e555c10e81cbcbda62ad579ff78fbb16f4c282cda2481debfde9a8aab66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb80e459d7f169e99578a1cda90b49bc

SHA1
44c32b6bb881cd85c9304f8d2306bd91f6ac8ca7

SHA256
3cc3b2ca1e743101fdb1862c0d47bcd9d720534cec46d0aea0d2f068d061a786

SHA512
5e34fb25ad706f9564838def8f07eb72ee9af070cd2e6cef228d9cec6f0132855e8c0960ce3b2569fcbbeb8feb9bab4180873d28bfb6b71c8c4e9f621c36edb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcb4f8e2d19a3fd2fec4474bc8073f7c

SHA1
87a0bc4ba7b7c563fa8c51ecc4348dd8a6ecb30e

SHA256
c8c3f1c368c7ea9902081a18b8e543895b07c43e551b076201757c29efaebd29

SHA512
8f50a864d1c4406090a34e02627cf27089472d5e79dd8cf0f9197a77ea9a91b2544bad6d27815ad982eca7d5be47b8b886cc2938da3aec39515a388b58fb80e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c793b78541586671d4ef5a8dd19c680d

SHA1
7dcd248043a844d108e71c4c8c45fddac49404ec

SHA256
8ca81b792164b014dbb229fe5cba18146431868752db3c136dada5e75aead7b6

SHA512
3ff9d1a23a4e3e8a35a3e156953d8e251f5ba52b5f1a8bc25f7702321d112063354fa9fa7b900f6f087e389ea8429538c70006485a11bdb6295c8cac4cbd154c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7004d9e532a347bc843bd524a98439a1

SHA1
58c604364c4daecb8b704797669be6702f1baa75

SHA256
edcf86ab79157b642d73d2fe81cead110b90ffb971ceca1564bdec3e5cb6f1fd

SHA512
7d972f16ede48cd079246578d34fe3c11828da3715eed4708a1a2ead557b2f69dd379c2c257d863ca78e9d9c46a52bcc346e790e48f918ebc83c34151702a962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4ddfd6d358f5e5f60c1878ddccf89a3

SHA1
0e4d8c4ff14c8c9cc9959866419410bf9b98f638

SHA256
b361b085b1bf99a36dfcb9f87aa3908f4d19a0f56797da9ffec80505ce9fdb39

SHA512
d00b9d301e59cac4c981c85998be43c205b4b495f9af3c9e708c6ff5085c9ffbc67f917024440fea4881fd2d50b5832c3a6845aa57b7ebc24aba8fc12846f915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
015e449cd46f9aee2699aa76b6c8c08a

SHA1
820700138821a650c84a0bd0a262662ccce105cf

SHA256
b78c9b0c4dfe97606a4454de9df55815ec435e98448cd9a90813691e7c49c7ad

SHA512
eb1902d52076d7bb0c382e4cf71278caf8a102987644a87e9428aa0cac3d4eccfddb815048e153c9fb5bf563b43df54a1fb1b65a36a885ef55c3df2f79759ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
468ae755bfac95c93078800c299f39b7

SHA1
824af4fda339691b82496b82a919e8ce0e49447c

SHA256
1d95f8e785f0a13e3fc09843fa75c75b101ec8bdc8cc22d839fa3c9b08d70e41

SHA512
f7e1993b51ce2ac3239018a945adc249617be6d814a57285ac68f13c1ae661ec080327dad09db50c01699bcc8e6418942f5df9e59a98ce6cb0d9cfe1b60e4c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebd32ea3cb848bb3206aaf62612cc85b

SHA1
d609db64a6a2564a4807e10697621356428bba69

SHA256
10762a39425ae40d2f71ea5e050651b85fb255278756e286dd1294965a4623ae

SHA512
b40a527e124f0424b5c12abbe7c1eac48730917a53ab1061dc7e02e1e24086001f9036e7c9dcc6bb62a5df7c7be791995b2f5596658c286c3658c094fb653e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c223ee5105298f14a8037db8dcc6508

SHA1
2124838dad6bd3b03447d37f430b580b3386b0a2

SHA256
edccc2ebb1df8195e3fb1e6ba325bf535b3669dd5af4f66d03d0d63f18712cf1

SHA512
2f7f5652b1f8a89f438f3e567e1de28ae04d6350b7f2aaca1fa1d2fd0a2a722a00d8d919d39460f7474fd341516fcde2a70f8f1da86d25fb4a829ebc78b97db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
046db0eb1ef94a434f979481241ec331

SHA1
66fb451135e00aedeb317205eb7110e5dccdb2f7

SHA256
66744b406b625e82fe370a8f2ad224576e7a7eb588403699f52d1fc21638c7f8

SHA512
0a783f2c6a4570f5428feaa09df215a1c13779ec113629e4fccde1db31c324d79e4d6d8dc5009d3e70a1de30c84cd0cd4f1af03f507ef0c22c316a7a0ea5d796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ace0a4ad95e848de0a3ff32fbb528fd9

SHA1
cc7f4a45fbc7e8fb9f64847510cb36ce66fa5317

SHA256
57c5328e3cca7b5f434137fe0becd4f9e6a38dd14996fc8603c07d950cce732c

SHA512
c15e6408a009309dd4177e07237d41822fc10257d9b6eae3fdaea3d0f447e7b5aa441777e48572dc9ae214160238b4ef54803e6250c19e461e61b4ceb9b7309b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23ff3cb3b376512c1a411ea180f8d65f

SHA1
442a0b7b555f871d408f7aa1ad1eb218f4a1fd07

SHA256
3a55411c519e9bd81c33b3f97312f0a5c28d8df5fb6c692fdee3fbf330c2b222

SHA512
22eed74822c72da530e80e04979c34247c76a5e28f1d51c60a9045907ef6a22ea465e340498b300bd2042599ef8a085c5aa1b42e7c3a10fbb6ebfef41df9aebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c01405832c14069f057f5b124c3e91ff

SHA1
fdab0eb32ea6a947d417448666227995c9eefb75

SHA256
51a9643d78ec2842919b1d84f0fc79c7153d7c1e6e73afdeefe66caeb29e333e

SHA512
112b3c5b631f1466950e876468fe3efdb21d86405339fc96b3f785b9b5e7863a4117dfa6b37dc769c2efe54704b674b52e2e6a297819a1373e1230d2d6633992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f15763234df65281a114e9865dee07ea

SHA1
e1a1c4cb326d564310d079b280d6ba1ec61f1a9c

SHA256
d796c0fc0c3b7df60c7659cd547863966f37d4938e26dde15a58562298d27ae1

SHA512
c55ed37ef7978766fc97ce59a12935b5e0c5e73f38682052f1b6e82e3d79dc42866bc773f95532912ca7c3202c2fac048c6341d77d0fcb8cd84957fe94dd867e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
126dea52b8432c61e269f11e5ec71f57

SHA1
884a79a1a4370a221612a39f66628c022c7bbfb7

SHA256
9c0348bd54f4f308de036329c59b92c998ce95c8438b6b8e1a3258dcf83e0a71

SHA512
2c74d49fcba00d3594e6999a8b862cab6ee3e00874b015a49a553a673ba65773cb50d6402faaf111d13a712666651e86fdaa20df0b746ee88db35dacf977d5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70e4afd089e8a805e1e6d04c138d8b90

SHA1
e17803c82c8991308a0d44d67c4ba84b17459d4a

SHA256
7a65cb16860365797792c84b58e6348dbd67ba478f6562188bfc8535a0f61862

SHA512
1751b0999e6c47ffac793a1c43fbd4cfdf6f2b6b8e4e9f3c2d7947d8ab155b577a0a62b8365931576afe9b07f1f38f1d1a0aa2080e91ad717f0a95f3bd24b2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2efd927102aec30bf51ce1611ad170e7

SHA1
4f23a4edd7429b779a0e8b8886bb556d29b5286d

SHA256
b1af706338b68230aa39317a987335da3c362dc7e0a1b20e5fdca63dca3ce806

SHA512
6888ccc72c56ee770e01b27861f97c42f0e24294b561075fe00886ef5a24d607484462291f36f7dafdf0fff335c0e5ae6b57c01508f1e8b1bba2c53cb58db077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bc1438173f2ca43f35e56d6ec0881fa7

SHA1
ab8ae2c64e1ae5ab287e277c59af9c6966cd40dd

SHA256
cbadf09575a4b83eb4bc26558d1f7d9e4221614f95f59b34cb9901dae903bd69

SHA512
9df2ef9984145e46194d0505e30c675aad5a4b82d984d2e96be00a6352c3f75f10ac4ce9e19aab64be974c4268d347de7b88fac6a1ed54b38b1743813dbe43c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c4e318093bc783508d0bd89adb1dd83

SHA1
a17dc7fa7facba79fb64e4e1869cd29ca25cf376

SHA256
d25d899087eabd26d39c65c8a26ef1e9da23a738525e88555126b7eb02622933

SHA512
f4b22f8cc4f4cbb1ff362a22659e8477d06340f9a2068845465172e03cfaefd5251d7472df5e513946ab094fbdccda61b543fc454cfa519bf933c5a116fd615d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e10ee4be4ec728ab79358e247bf5ee6b

SHA1
d23e1e8c61f69bf50b4111dae32c58a5f6ea117b

SHA256
2507a23ef34589c0da9d9740088db5fbdae06883466fe645663195650552528a

SHA512
78b34e8d3521376543ebc2180fe8881b5c3c4614a6a39162c0dfa9404096f22dafc65146a94e3a541fbfe8a8f0b0a7862a92d23fcc72cc00e5d00e55f8e1b8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cd1af8a73fa92500984a91decf588db

SHA1
44075014bb5e3acb13ff9a61c4087c713f1db961

SHA256
e6ba4daab3a62265a6fad8e610bfd36b4db7fb291fb6431ab50d60ec4e4d90dc

SHA512
9731394c09c79f06b429b86a2a83bbcec2220718ad4b78193e339d168a86dcd4f6ac2460c83704556e2368afe18082ca233383577a44c2ea0b5abe404a5957bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d58d687346d92b81822fdfdb3cb90c5

SHA1
6ee1c0febd0f71dca8dba17761f48069b4b24d32

SHA256
732c1c7db5ff557abadb7073e9301e7b1e4014d0faf47fed61f11582cb4b56f0

SHA512
73b56e8ad8f843f27b3c3c2af035793eb750aeec256e6954d8121a729aaf5c53365ec596c2ebd0a72220fe5be650163bec01aa19731ec02eaeb77664cd9f2d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7f60f2448a05664c070c2c878b1aab7

SHA1
d829e1c1bc275f71d45e4bca36902719b15f4d41

SHA256
2aa035f222ad63cd9e680dfeac8abc552a244531a4defc05918d37bc0a36df4f

SHA512
512f488865a73295083746e247c047c99ff87104cdd698a85f6884ea3ba44c3bd6dada0c4bab6864197378ae323b902338ed7c901fb9b6f791aaf155b3ccef58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
046e7ea711a001878a781a46954dac53

SHA1
4a947f3993ca0e6cd9b22dc9a9c45d9a75da2275

SHA256
7bf6eb57009d0559ace3c46a9954270df4ba4a94b99c5c9d30c57c4080d1d293

SHA512
19fcb0f91e86df106caeb63ec6ba4e36269cb926c464ab936d15907551568f60b2725b36e4905f50afd8af21340e3bb35d4aa6d56264fd7c2ad4e8272d7c12f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e0d8a3cd0640f99c3918774ca313068

SHA1
e236f9a167930feffc7f88c2d42abe9e0127d9d6

SHA256
d0b522c69303dbbacf50d88863ad6dd1c46bc91de63b4f37e045515e38e7e583

SHA512
9ceae72a37fce6d82c3db95fc1255ac3cdb6aedb12f1424cebba4fc6da76e71a23fd39a66f9e31ca375808b2061a4d6ffe465e47cb2f62e600c5d24ae8fd6b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34a952d2818f69af0f2b3cd401e88248

SHA1
f063fd3870d72bafca7045ef58b03b2070962fb0

SHA256
2eebaff0b1f6f8a5b4113748964615a76fbd5681bf21d2184efc7ee2f770c040

SHA512
004d4e90dec80893b8ab6e8dd2cc2545cc54d86c991ff3ee6d720508ada7fb04090d39022f7744552c6b91f5290048d3842e75a36217f2f0f5d56b283efe1aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba0ae2ba486ad6506e2ac0538c2fb337

SHA1
1ca44abd8f5f60003f08f9e9acd39ed27610c65b

SHA256
d2bac69d97f6f3ce8d8ccf621d7bc94a3dfe50513fffa21833ea3963b9ea988a

SHA512
1444191083d95d7383683cb0c590fbf659b8fd6bc0b3b423768dbe82545cce7e15902bc41a027152ac6095510b148b77ae555be2cb0d661711de501b926a87ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40e45ef1e67ed3e7dac82eb1c1ef7771

SHA1
0e9e9453ede7532b28b53a766db960e203ec7215

SHA256
44069ee3b0786c9e48dee80549ce27f6b8ea46f2bb88e1c026c769a473456449

SHA512
c2409a78039309758df588ab7d9bc6b03c734afc02bdaa652b3380aa61d0be3bb729341eab66654d7616f4ac91170a65b8347010782201e3082a36428baddd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f46a6640b4b1fae0b084607d69f1535f

SHA1
19739eb94ceb160d63380c9ac2e366db92ec993c

SHA256
7ddb845f6c1928662b864c8eaac89d0849afaf9e77d15b4c1d4e82f93c1ac222

SHA512
693bb9c1a59ef26917747366886725c3689594d36ecaaffa1eacbb48e6b166024e18210e76d8f36629dc0b2f58b68a6d364a6767767a42151713bb8628946a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f8f7a3b2c6326498c115bf4d4905ace4

SHA1
33c7ecfb904a888583c791fde00c80377335555f

SHA256
1e7e8547f07857b2a92bf7ddc52c857c610560de4956257e1f9a6760cb404b9e

SHA512
c41334224eb198d28cd8a1e994adb28ffae2c688b5cb6b9bf2d336365cef0f595142b7caf687352c52cba90409106c787471b8e71157ce79856d1cc8c9bee671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66727650731d4aa74ca86b111b2fcb6e

SHA1
3afd54454da095ff7831d34959a1726bccdcf5a9

SHA256
cee02e4c78ab4cb73cab5e0d9ef33de8c67af6977bc8c46dc4e88a64d7ee877d

SHA512
49e94d1e79abf1306288bd3cc989d8fe165d48761d22913c668d056b3058daea12525da2741de8f1c5b52a2b72f0f1ecdcf7f8a8a814e7c057de1a94e0d229e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b0a502b13a02926c24d41522e142e23b

SHA1
28d0a2b3ca0494aeb41012771eb48a431b9e35b5

SHA256
832ec0eb3a50f892a8fa5326625f5dbfdc678fea062c86ef945a46f0b0c1a3b4

SHA512
eb387703f814738677159d44ef89cec914d03c70d0c8d0ab3894c50e64e7111ba7c6b093c780e769c7c777a4247e21e23200bb3ce8c247c751f501a06c68cccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83188488de98642c88526b44c1633254

SHA1
eedc326c536c51d2da7624f23aec8553c3bb1c75

SHA256
378164e7d98c7d0306bc4d5f6ed7d232e852b05533c04c33d1c43729936f7e07

SHA512
715915ed14129c5734e07de34d3f710ec21784f5c24f8adbb29d2a27c124d72b9272944894ae074590e958d932cdffd4f0432330b0b4b8a2553c59a87be69e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ce024af99aab3dcb69c53443c605fef

SHA1
b9271aa715a7d77acd44acb22678bf87f0155a46

SHA256
3e43af90665c97236927bfe3de7eccdab167afc257df66f417fdf7309ecd850f

SHA512
24453d149344849f4598adb637a8ca05f0bb2027f7c413c140c177587807371a13a6043acdaf5020a55a40f23c11a7a3568f9a8cf5816a430163a98038f8779c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f270d026598d867899ffaab526438cc

SHA1
a52e2d39bf4e460c107e88f227225019a981fbd2

SHA256
2e37b32f17aa488b70fb6b132173c0dc6f69d1dc8104469f98e7c6b52d195f6c

SHA512
34998d7e73878bb2f215d5ceffb61941110f0beaf90ce9bfa2e116e2494ae0f3baaafb9c79a1c3762f1a4bf2b3c9ca3c1b794205367012562204af4806bb7335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9607ebefe44bff6556b523db62955d37

SHA1
fecbee2105365075a787ceabbd776aff64a62660

SHA256
e1641bee199cb4e0dd7c183de50c991313c43036c4afbcbcb128e8614eca4e1e

SHA512
11d237b2ba08a108b55ac0ad773e7e86f02aabf4e1051fbfa299eba9b09c95973d469a0bff5f3ec2151d40dd83e70f29665643c2a84e385a109c5803847cc7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
23f4205f029a8ed07e8e59e8db5e1133

SHA1
6a3540c35b36869e56063f3f78163c4cf4c0429b

SHA256
7995c23e37ad1a2d5b5b892fb5c080d80e0a866694aa160901c6b5d5c4b59569

SHA512
2500ec8521d802492039f095d679304c3a164863b86c8de89a284a60e67e09f61b1a8f012deb64ba4ad2dac07be0c177620004c3372867cdc19db46c45918d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
408f5844f254099cb9af33dcffc948b1

SHA1
242718a0d13828f2f76f78cac9af85b840b78e8b

SHA256
48b4e9654d5ce3ba791c5001455883743eed2bd0418979eb41ef4162f7bbe679

SHA512
4f16f30e9b52fc1ba88494b07e86a14dce28edf28702893e118192c2ca1fc24e9e444069c73d29640173faeac6667a452299373716d880700ebd0e635f3cd68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66c49837388212750e3da2b4b961e1ac

SHA1
8e923c72070870062a374945c18681f15053398c

SHA256
e9f7783f672ba0442d227053dd74759ec649d97fd670ddc655e3a1923603c4d1

SHA512
f4067ba174419107954cfa8fc9da238bd4021205b47ea6a573c25bb8f02f2f34424d77e9ee14fb55247660ac8b1f35622d8a800768721e03cca48020bfdf9e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07e4dcc816a4fa8b153da378d5c4b221

SHA1
bf2b78932427efb9c82de6e3c79f7b2dc54c9217

SHA256
082c175aab172fdc390a9699a17863af090aeb36947530c6af645ea83fad30dc

SHA512
8da66a0038e781476396db7ac1633f7eb29336d9d24183f1d492045244d05eadbc75eb39049764910a5f2188440c65dd2d54d8b9f3f0b5eb148affb585fc3bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54505da9d69b154b25daa0cf4e2d0b3b

SHA1
60389032ab6bfab71977f98e4bb55959814df0b8

SHA256
f9a48863b0d1a9b14423326b0104e237d7c10fd81b223116e469434de3a62a05

SHA512
6a6c7d454237a930d8cef6cdb916923826f1d1efef962500d894d102a44f570cccb4033fd3ef1944ba859fc72a13c4af1a072f78a1047b71dfd88e3b161ded18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da39d91c2600edf7a6dc5aecff8a2a90

SHA1
888fc96598067838df66d0bdf7545d5ee82bbc6e

SHA256
e8c43b127da3c43e1d8d86e165044a2d52d34b773c99140407bc2a05da645004

SHA512
d35b0b6b4043392329f38ffed9ca9f9f0aaec5d4264da68c21892efd81e00a33b71f22aa25a004e824fbd1e3f4eb8c7ffbadef3df48bd659b457ad201b20684d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0dc6a3e8a3cdfc1b1892ce06789756b9

SHA1
731f7aab82f54ea97c096c13892fa16f1bde493a

SHA256
729e8021e2d8912248ed3540385892c529bbf310a049ab15fedb95077d31e0b8

SHA512
1acb89c667fbce8996287fae043b466ce93a95f106121f0be45e775cd7399bc8c419fb0f8eba66f324ca4f8e998ca5595702d8cc6186fe9378f0e31fa98b15d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
84c27ead6a1254370f574ed8ab9bf784

SHA1
3dcb19932ea433e01aa3e89b977e086fba6c629a

SHA256
35de84a32e15f8e60839511cd53ef7681cdc63827d71569e55cf08dbe18644ce

SHA512
71f7b5364a8b128812625a0e770210b13d21689bb7055692589d0fa2b65601654e2d107dbb2dbd649d3031ece9004400b813e35f6caea63b965df0369126d299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
00ad3d59660e9320631a07100165972c

SHA1
79a5143a27db1b96a5025625c56b869279438af8

SHA256
ea761e1bb79a75fc3198a63ea34f1f9a872b4ee49662effb8ca56c121562c27c

SHA512
8c623dedf86ac9bf14fff4fdf38b39dd59846fc77205bdc20ece6ea50d0ad6d82c475d2621ffae0d976f3e16a4968c898615b090393d95056f5c316ad061e931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0b5b3b16e4a19ff1862a55555beb2d60

SHA1
fcc68e9252d3fd14d5df54b6fe5d9110bf29b197

SHA256
38ead38d5d6c6e8626e56bccd6ee6b3766a026333f1174da10dce2d8b16dc713

SHA512
5b4480381071362b5b7d37acaf3782461e7690a5e509f8a6f5d1f3c79c33bad018e074648f99bb21ec918ab81a22473b21512d8f6ca350c40676ad660176fffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f330f8e9af56d8e5cb72e8d6d36fefa8

SHA1
d795acba6f9badd440ea1e1811a5586a3dced55a

SHA256
3a5d7d8e733db7aeea120cd146e988b8bb055a516bfede16b2db9c9a9d4ca867

SHA512
7d8ec546b85257ebece77d4491e9ce5d4480627e8fd3a37a3937a502e6c7137c7077053c11d0277c57ea43d5670f2aba63942ca6255d20cb507693664d0f26df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
31b2dc1bd7d1604d9a4b5b7b689cb3c0

SHA1
f9ff66c39755e8c1b4d91b334f42065ba561a3d1

SHA256
61c4d8f39a960acc3eb804b03d8d236171e4c4ca9b9b94df4e21d24f1bbb851b

SHA512
f9ad6a250813310ef6722bce03ef81fda41824240f31ecc31dda2b53ee11823fc2a30d5f5b901f9e8df92363bd16e59ac122ce421013fd1997fb713cd5af0916

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0e4df74cce0423376e6a782e4b3deb64

Filesize
7.0MB

MD5
0e4df74cce0423376e6a782e4b3deb64

SHA1
8db193e73416f1da44ad98f344d3ff207ace44ac

SHA256
8b9263763da2c73054426eb6a8de5c4e7f42ecd11e9c95a426b0c66aedd727ab

SHA512
ca3136acde16e33c80a0f50c5f73a2eda795ebf9a90f7bcd4803b5cf2c51135b2ec2ae40d06015ab6fe4b2b18bfc0a95712bc98dcf5f2cc85192bb715a021642

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.9MB

MD5
1c4187f0b612a9a473010dcc37c37a82

SHA1
34d46733452812d481adeedad5eaea2cf4342540

SHA256
c8d55b0f4f25caf135dabc7f21b9548263022107e9740dfe692b402469cd47bd

SHA512
075678e24a867d5630da324e934837d81a3fa1d848a15feeb2a7be268d38b81ca4210cd44a22e9869173edebecd1947968327ddce16a85b71c03e6307e365def

Download Submit
C:\Windows\Installer\MSIA76C.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIA76D.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSIAF5E.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
memory/1388-3536-0x00007FFD64D80000-0x00007FFD64D81000-memory.dmp

Filesize
4KB

Download
memory/2388-1-0x00007FFD47823000-0x00007FFD47825000-memory.dmp

Filesize
8KB

Download
memory/2388-0-0x000002BF93260000-0x000002BF9332E000-memory.dmp

Filesize
824KB

Download
memory/2388-14-0x00007FFD47820000-0x00007FFD482E1000-memory.dmp

Filesize
10.8MB

Download
memory/2388-2382-0x000002BFAD7D0000-0x000002BFAD7DA000-memory.dmp

Filesize
40KB

Download
memory/2388-2-0x00007FFD47820000-0x00007FFD482E1000-memory.dmp

Filesize
10.8MB

Download
memory/2388-2384-0x000002BFAD850000-0x000002BFAD862000-memory.dmp

Filesize
72KB

Download
memory/2388-2805-0x00007FFD47820000-0x00007FFD482E1000-memory.dmp

Filesize
10.8MB

Download
memory/2388-4-0x000002BFAEEB0000-0x000002BFAEED2000-memory.dmp

Filesize
136KB

Download
memory/3040-3583-0x00007FFD654C0000-0x00007FFD654C1000-memory.dmp

Filesize
4KB

Download
memory/3040-3584-0x00007FFD654D0000-0x00007FFD654D1000-memory.dmp

Filesize
4KB

Download
memory/3944-2807-0x000002664F750000-0x000002664F802000-memory.dmp

Filesize
712KB

Download
memory/3944-2804-0x000002664F690000-0x000002664F74A000-memory.dmp

Filesize
744KB

Download
memory/3944-2802-0x000002664FA20000-0x000002664FF5C000-memory.dmp

Filesize
5.2MB

Download
memory/3944-2800-0x00000266345D0000-0x00000266345F4000-memory.dmp

Filesize
144KB

Download
memory/4048-3500-0x000001F93B770000-0x000001F93B77E000-memory.dmp

Filesize
56KB

Download
memory/4048-3665-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3489-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3490-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3488-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3731-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3491-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3495-0x000001F91EF90000-0x000001F91EFA0000-memory.dmp

Filesize
64KB

Download
memory/4048-3496-0x000001F937CA0000-0x000001F937D30000-memory.dmp

Filesize
576KB

Download
memory/4048-3718-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/4048-3497-0x000001F937960000-0x000001F937968000-memory.dmp

Filesize
32KB

Download
memory/4048-3499-0x000001F93B7A0000-0x000001F93B7D8000-memory.dmp

Filesize
224KB

Download
memory/4480-3380-0x0000000000EA0000-0x0000000000ED5000-memory.dmp

Filesize
212KB

Download
memory/4480-3410-0x00000000732B0000-0x00000000734C0000-memory.dmp

Filesize
2.1MB

Download
memory/4480-3735-0x0000000000EA0000-0x0000000000ED5000-memory.dmp

Filesize
212KB

Download
memory/4480-3381-0x00000000732B0000-0x00000000734C0000-memory.dmp

Filesize
2.1MB

Download
memory/5260-3585-0x00007FFD64D80000-0x00007FFD64D81000-memory.dmp

Filesize
4KB

Download
memory/5584-3754-0x00007FFD64BC0000-0x00007FFD64BD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3744-0x00007FFD659D0000-0x00007FFD65A00000-memory.dmp

Filesize
192KB

Download
memory/5584-3749-0x00007FFD65A60000-0x00007FFD65A65000-memory.dmp

Filesize
20KB

Download
memory/5584-3748-0x00007FFD659D0000-0x00007FFD65A00000-memory.dmp

Filesize
192KB

Download
memory/5584-3758-0x00007FFD64BC0000-0x00007FFD64BD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3757-0x00007FFD64BC0000-0x00007FFD64BD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3756-0x00007FFD64BC0000-0x00007FFD64BD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3755-0x00007FFD64BC0000-0x00007FFD64BD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3760-0x00007FFD63530000-0x00007FFD63540000-memory.dmp

Filesize
64KB

Download
memory/5584-3753-0x00007FFD64BA0000-0x00007FFD64BB0000-memory.dmp

Filesize
64KB

Download
memory/5584-3752-0x00007FFD64BA0000-0x00007FFD64BB0000-memory.dmp

Filesize
64KB

Download
memory/5584-3751-0x00007FFD64B10000-0x00007FFD64B20000-memory.dmp

Filesize
64KB

Download
memory/5584-3750-0x00007FFD64B10000-0x00007FFD64B20000-memory.dmp

Filesize
64KB

Download
memory/5584-3747-0x00007FFD659D0000-0x00007FFD65A00000-memory.dmp

Filesize
192KB

Download
memory/5584-3746-0x00007FFD659D0000-0x00007FFD65A00000-memory.dmp

Filesize
192KB

Download
memory/5584-3745-0x00007FFD659D0000-0x00007FFD65A00000-memory.dmp

Filesize
192KB

Download
memory/5584-3743-0x00007FFD65980000-0x00007FFD65990000-memory.dmp

Filesize
64KB

Download
memory/5584-3740-0x00007FFD65870000-0x00007FFD65880000-memory.dmp

Filesize
64KB

Download
memory/5584-3742-0x00007FFD65980000-0x00007FFD65990000-memory.dmp

Filesize
64KB

Download
memory/5584-3741-0x00007FFD65870000-0x00007FFD65880000-memory.dmp

Filesize
64KB

Download
memory/5584-3765-0x00007FFD637B0000-0x00007FFD637E0000-memory.dmp

Filesize
192KB

Download
memory/5584-3767-0x00007FFD637B0000-0x00007FFD637E0000-memory.dmp

Filesize
192KB

Download
memory/5584-3771-0x00007FFD64D70000-0x00007FFD64D7E000-memory.dmp

Filesize
56KB

Download
memory/5584-3769-0x00007FFD64CC0000-0x00007FFD64CD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3768-0x00007FFD64CC0000-0x00007FFD64CD0000-memory.dmp

Filesize
64KB

Download
memory/5584-3766-0x00007FFD637B0000-0x00007FFD637E0000-memory.dmp

Filesize
192KB

Download
memory/5584-3764-0x00007FFD637B0000-0x00007FFD637E0000-memory.dmp

Filesize
192KB

Download
memory/5584-3763-0x00007FFD637B0000-0x00007FFD637E0000-memory.dmp

Filesize
192KB

Download
memory/5584-3770-0x00007FFD64D70000-0x00007FFD64D7E000-memory.dmp

Filesize
56KB

Download
memory/5584-3759-0x00007FFD63530000-0x00007FFD63540000-memory.dmp

Filesize
64KB

Download
memory/5584-3762-0x00007FFD63640000-0x00007FFD63650000-memory.dmp

Filesize
64KB

Download
memory/5584-3761-0x00007FFD63640000-0x00007FFD63650000-memory.dmp

Filesize
64KB

Download